A "Made in Europe" for Solar PV - ESMC Solar
esmc.solar

The European Solar Manufacturing Council (ESMC) has submitted its official feedback to the European Commission regarding three critical aspects of the Net-Zero Industry Act (NZIA): the regulations on renewable energy auctions, the selection criteria for net-zero strategic projects, and the list of essential components for net-zero technologies. ESMC strongly supports the ambition of the NZIA to strengthen European clean energy manufacturing but urges improvements to ensure the effectiveness and resilience of the policy framework.

[…]

ESMC welcomes the European Commission’s proposal to establish pre-qualification and award criteria for renewable energy auctions under NZIA Article 26. These criteria aim to promote European solar PV manufacturing capacity and align with the EU’s target of achieving 30 GW of solar PV production across the full value chain by 2030. However, ESMC highlights several risks and potential loopholes that could undermine these objectives:

  • The proposed criteria must include a robust “Made in Europe” clause to ensure that European manufacturers benefit from the auctions.
  • A comprehensive carbon footprint assessment methodology should be implemented, preventing greenwashing and ensuring transparent sustainability standards.
  • Stronger cybersecurity and data security measures are needed to prevent foreign control over critical solar PV infrastructure.
  • Provisions against the use of forced labour should be explicitly incorporated, with clear references to EU legislation such as the Corporate Sustainability Due Diligence Directive and the Forced Labour Regulation

[…]

  • mormund@feddit.orgEnglish
    31·
    2 days ago

    I work in Solar and it is crazy to me that we are installing thousands of Internet connected devices that control megawatts or now even gigawatts of power. Even if we ignore a Chinese adversarial backdoor, one exploit on these and shit goes dark quick. Regulations should be as tight as on smart meters, but it is just the Wild West right now.

    • nyankas@lemmy.mlEnglish
      16·
      2 days ago

      These exploits aren’t even purely theoretical anymore. At the 38C3 two security researches have demonstrated, that streetlights and many other devices in Europe, specifically in Germany, can be influenced using very simple methods, like replay attacks, through long-wave radio.

      Starting at around 35:00, they’ve also shown, that some solar power plants use similar vulnerable controllers. If it hasn’t been fixed yet, it should be pretty easy to remotely connect or disconnect these plants from the grid, thereby potentially destabilizing it.

      The security of Europe’s infrastructure really is in dire need of regulation.

    • leisesprecher@feddit.orgEnglish
      8·
      2 days ago

      As someone working in government IT, the entire sector is focused on compliance, not security. You can install the most obviously backdoored/unsafe device or software, as long as you have a paper trail that someone pinky promised that it’s secure. Absolutely bonkers.

      In your case, if the manufacturer of devices has all the necessary certifications, nobody will even question the security.

    • tal@lemmy.todayEnglish
      4·
      2 days ago

      I work in Solar and it is crazy to me that we are installing thousands of Internet connected devices that control megawatts or now even gigawatts of power. Even if we ignore a Chinese adversarial backdoor,

      There was that attack Russia did on Viasat systems early in the invasion with the aim of knocking out Ukrainian communications infrastructure where they accidentally knocked out the communications links to a bunch of German wind turbines.

      That wasn’t even Russia trying to hit Germany, just trying to damage systems and not being very precise in what they targeted.

      https://en.wikipedia.org/wiki/Viasat_hack

      On February 23, 2022, hackers targeted a VPN installation, in a Turin management center, which provided network access to administrators and operators. The hackers gained access to management servers that gave them access to information about company’s modems. After a few hours, the hackers gained access to another server that delivered software updates to the modems which allowed them to deliver the wiper malware AcidRain.[2]

      On 24 February, 2022, the day Russia invaded Ukraine, thousands of Viasat modems went offline.[3] The attack caused the malfunction in the remote control of 5,800 Enercon wind turbines in Germany and disruptions to thousands of organizations across Europe.[4]