Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Power

Flaws In Popular Solar Power Management Platform Could Crash the Grid 90

Posted by samzenpus from the there-goes-the-sun dept.
mask.of.sanity (1228908) writes "Criminals could potentially cause black-outs and mess with power grid configurations by exploiting flaws in a popular solar panel management system used by thousands of homes and businesses. The threat is substantial because, as the company boasts, its eponymous management system runs globally on roughly 229,300 solar plants that typically pump out 566TWh of electrical energy."
This discussion has been archived. No new comments can be posted.

Flaws In Popular Solar Power Management Platform Could Crash the Grid More

Flaws In Popular Solar Power Management Platform Could Crash the Grid

Comments Filter:

  • Criminals? (Score:1, Insightful)

    by Rosco P. Coltrane ( 209368 )

    You misspelled terrorists... Only terrorisme is important.

  • Unit (Score:3)

    by bluefoxlucid ( 723572 ) on Monday May 12, 2014 @08:45AM (#46978639) Homepage Journal

    556TWh is a cumulative unit. It's not an average output. If it's over an hour, that's 556TW; if it's over 1000 hours, that's 556GW.

    • Typical, isn't it?

    • As far as the US is concerned; Since in 2013 solar only accounted for less than 1/2 of 1 percent of the electrical generation (that includes commercial and residential), and since they are variable supplies to start with that depend on the rest of the grid to be useful, I wouldn't worry too much about them crashing the grid.

      • Re: (Score:3)

        by Guspaz ( 556486 )

        less than 1/2 of 1 percent

        One might even say less than half a percent.

        • less than 1/2 of 1 percent

          One might even say less than half a percent.

          But it sound so much more sophisticated when saying it like that. We're supposed to oooh an aaah

      • Re: Unit (Score:1)

        by Anonymous Coward

        I'd be more worried about someone peeing in the water supply like in Portland and needing to drain it because the water might hold the memory of this criminal behavior and through the mechanisms of homoeopathy cause a crimal hive mind of rioting.

      • As far as the US is concerned; Since in 2013 solar only accounted for less than 1/2 of 1 percent of the electrical generation (that includes commercial and residential), and since they are variable supplies to start with that depend on the rest of the grid to be useful, I wouldn't worry too much about them crashing the grid.

        I think more relevant, since this is supposed to be about "home and business" solar installations, is the question: "Why would you want your home or business solar installation available via the internet?"

        Status reports? Maybe. But it's hardly difficult to secure something like that.

    • You have your maths wrong there my friend. Giga doesn't come after Tera...Peta does
  • "... that typically pump out 566TWh of electrical energy." - per day, hour or is it is just 566TW?

  • Wrong by 5 orders of magnitude (Score:5, Informative)

    by Doub ( 784854 ) on Monday May 12, 2014 @08:48AM (#46978669)
    Original article has two flaws with the number you quote. It's not 566TWh, it's 5.66TWh (that's the value advertised for yesterday as total energy), that's 2 orders of magnitude. And it's not "typically" since it's the accumulated value over the service lifetime. If you want to quote a typical value, you quote current power (in W, not Wh) and the website advertise it as 6.74 GWp (p for peak, the bullshit suffix used by the solar panel industry (should be 6.74 GWbs IMHO), so the actual value is even less), that's another 3 order of magnitude. I guess the actual numbers are less impressive...

    • Re: (Score:2)

      by Barny ( 103770 )

      Oh hell, is this another W vs W RMS thing? I thought we had given up and just measured things in libraries of congress?

      Speaking of, how quiet is that, I figure it being a library it would be quiet...

      • No, the output of a panel is a function of the incident angle of light hitting it, as well as temperature. The peak number is "standard conditions." You convert from standard conditions to "equivalent hours" via the DOE's PV-Watts tool for a given location and installation/mounting type.

      • Re: (Score:3)

        by mspohr ( 589790 )

        The output of solar panels varies from zero (at night) to some peak value (when the sun is hitting them just right). Most solar installations generate significant power for about 5 hours a day. When describing solar installations, the peak output is useful for understanding the size of the installation and what can be expected in power output. Everyone knows that the peak is not the average, etc.
        Solar power is very quiet, just like the Library of Congress.

    • Re: (Score:1)

      by Anonymous Coward

      Wp is not bullshit. Like "thermal design power" for CPUs, Wp is something that the system must be designed to handle. Furthermore, since the relation between actual output depends on the local installation and the relation between actual and peak output is well understood, Wp is the only honest and useful measure of output power that can be given without knowing the specifics of a particular installation.

      In case you need a ballpark figure for the output of a south-facing solar installation at moderate latit

    • thank you for saving me the trouble.. its hard to take anything seroiusly when they can't even get those simple figures correct.

    • I think the intent was "its eponymous management system runs globally on roughly 229,300 solar plants that typically pump out [5.66TWh] of electrical energy [annually]." It makes more sense to average over a long period of time with solar which is presumably what they were doing. A smart editor would have caught that.

      • The article says exactly what is meant:

        Its eponymous management system runs globally on roughly 229,300 solar plants that typically pump out 5.66TWh of electrical energy a day, or so we're told.

        So averaged over an entire day, those 229,300 plants have a typical combined output of 235GW -- about 1MW per plant.

    • Just to clarify some terms...

      A WATT is a measure of the RATE of power flow. It's like saying you are going a specific speed in your car. You can calculate this by multiplying Volts times Amps but the value you get is only valid for the instant you measured the values. (You EE guys don't complain to me for ignoring power factor... I'm trying to make this simple. )

      A WAT HOUR is a measure of the AMOUNT of power that has flowed. This is like saying you went 100 miles in your car by driving 50 for 2 hours.

      So,

      • Sorry..... but A WATT is a measure of the RATE of ENERGY flow and in Physics we like to call it the unit for POWER. In whichever system; electrical or mechanical, it is JOULES PER SECOND.

        A WATT HOUR is a measure of the amount of ENERGY used or produced. As it is calculated by multiplying WATTS by TIME you end up with just ENERGY left.

        Eg: 6 Watts for 120 secs gives 6 Joules per second x 120 seconds = 720 Joules... and the numbers will be bigger for KILOWATTS and HOURS...

  • The Cloud (Score:1)

    by Anonymous Coward

    Can we just not move the system to the Cloud, or something, to make it better and enable a new, richer experience?

    • Clouds cut power output we need full power

      • Weather does impact solar... so this needs some sort of power-storing battery in order for it to work.

        • Weather does impact solar... so this needs some sort of power-storing battery in order for it to work.

          Yea, great idea... Can we please get the efficiency of industrial scale electrical power storage within some kind of useable range? Right now, converting into DC to charge batteries and then converting back into AC to release power is *really* inefficient. That's going to have to change.

          Right now, it's SO much cheaper to just build a natural gas fired plant to handle the dark nights and cloudy days. Actually, it's cheaper to build a natural Gas plant and forget the solar thing altogether, but folks who

          • Is it still cheaper when you account for the pollution created by burning the natural gas, and having to deal with rising oceans, etc., due to the pollution?

            • Is it still cheaper when you account for the pollution created by burning the natural gas, and having to deal with rising oceans, etc., due to the pollution?

              Only if you assume man made global warming is true. I'm not so sure it is (Note the MAN MADE caveat). IMHO, we need to concentrate on conservation, spend our money on fusion research and forget this renewable energy nonsense as an attempt to be "green". Just build NG plants until fusion comes online.

              Not to mention that industrial scale battery manufacturing has a huge carbon footprint. But this whole man made global warming brew-ha-ha is not about the environment, it's about control and the money that co

              • Even if man made global warming isn't true (but all the science says it is), why pollute? It raises health costs too.

                Fusion research? That's been going on for how many decades?

                Why not use solar in addition to the rest of the energy providers?

                • Carbon dioxide isn't pollution.
                  Neither is the product of burning natural gas (hint: it's water and carbon dioxide)

                • Even if man made global warming isn't true (but all the science says it is), why pollute? It raises health costs too.

                  ALL the science does NOT say that it is, only what you hear about from the media, politicians and those who are trying to sell something.

                  Have you heard about the claim of more extreme weather would come from this? Guess what? Doesn't seem to be true, looking at the available government data, but you hear it as fact all the time.

                  But, to your point. Why pollute? I agree with the sentiment in principle. We need to be good stewards of the planet and the resources it provides. But we must remember that so

    • It's solar, it's not compatible with clouds.

    • Re: (Score:2)

      by mlts ( 1038732 )

      There is the opposite which seems to be the way to go, especially with the fees for on-grid solar power.

      As usual, batteries are the biggest problem. However, with even a few 12 volt batteries paralleled, one can get 300-400 amp-hours of capacity. Add a solar array that has about 400-500 watts, MPPT charge controller, and a decent PSW inverter, and this won't run an air conditioner, but it could be a circuit that all one's low-wattage parasitic devices (cell phone chargers, a laptop, etc.) Add to the batt

      • One can do a lot of things, if one has the money doesn't care about the cost.

        • Re: (Score:2)

          by mlts ( 1038732 )

          It isn't that expensive, all things considered. Not cheap ($1-2k), but not too pricy for something that is going to pretty much be installed with little to no upkeep needed for 20+ years. Panels are around 75 cents a watt. A decent MPPT charge controller is several hundred, or you can go with more panels and a PWM controller. A pair of six volt "golf cart" batteries is about $400. A 1500-2000 watt PSW inverter is about $400 as well.

          Again, not cheap, but not too expensive, and once set up (assuming ever

          • $2K to charge your phones? Its a whole lot cheaper to just buy your power from the bulk generators. Batteries are the cost killers. And don't kid yourself about low cost batteries lasting 20 years.

            Calculate cost/kWh over a given time period, that's the only way to evaluate the cost.
            • He forgot to calculate about $500-1000 to add a few off-grid receptacles to your house. That is, unless you want to put every low-power device in your house in one room.

      • Because what everyone wants to do is install separate receptacles in every room for low-draw devices.

        Copper wiring is expensive.

  • To be fair ... (Score:5, Insightful)

    by quietwalker ( 969769 ) <pdughi@gmail.com> on Monday May 12, 2014 @09:07AM (#46978841)

    Squirrels could potentially cause black-outs and mess with power grid configurations. In fact, they have.

    • Yea, but squirrels aren't doing it maliciousl....
      I see your point.

    • Stop trying to distract us from this very serious discussion.

    • I once suffered a multi-day nation-wide power outage because a monkey touched some power equipment (an act that left him extra crispy).

    • Squirrels could potentially cause black-outs and mess with power grid configurations. In fact, they have.

      Yes, but they usually are small scale outages because squirrels are limited to shorting circuits they can bridge using their bodies. Not to mention that it usually costs a squirrel its life. This means that the really high voltage transmission lines are beyond what a single Squirrel can do and I don't see too many squirrel power grid assault teams being formed...

  • Sounds like a solar FUD piece (Score:5, Insightful)

    by Mad Quacker ( 3327 ) on Monday May 12, 2014 @09:20AM (#46978933) Homepage

    Solar power is still just a tiny tiny fraction of total energy output, yet hackers can cause massive blackouts? If only they knew how to hack the SCADA systems that run traditional power plants :rollseyes:

    • Re: (Score:1)

      by Anonymous Coward

      Huge FUD piece. Your average run of the mill thunderstorm probably takes more infrastructure out of service than all of the solar panels in the country combined.

      • I could take out an entire power station with a single solar panel. You just need to throw it at the right piece of equipment.

    • It's a giant FUD piece. It looks like someone is trying to limit solar for all the obvious reasons with legislation. The backlash against solar has already started with the electric companies tacking on all those extra fees onto people who install solar panels. Self sufficiency is an anathema to big business

  • Simple solution (Score:4, Insightful)

    by TVmisGuided ( 151197 ) <alan.jump@gma[ ]com ['il.' in gap]> on Monday May 12, 2014 @09:55AM (#46979227) Homepage

    Why not just keep the management system OFF the network? Make it local-only?

    Just because something CAN be hooked to the Internet, it doesn't necessarily follow that it SHOULD be hooked to the Internet.

    Just my 2p worth. Save up the change for a cup of coffee or something.

    • Local? What local? You can save a bunch of money by not having so many redundant management locations, and frankly they probably should.

      Likewise, they could build a parallel control network with security and reliability in mind but again you can save a bunch of money by just using the internet.

      Your tuppence of advice is to incur major expense for inadequate reason. That's why no one listens to it.

      • What's the cost of the tradeoff between saving money and risking security? That's the first question you need to be asking.

        Everyone's excited about IF they can put something on the Internet, and no one's stopping to think if they SHOULD.

        John Barnes, author of several programming texts, clearly outlines the concepts of "safe" and "secure" software. For software to be considered "safe", it must not harm the world, and for software to be "secure", the world must not harm it. Given the tacit invitation for atta

        • Yes, it is the first question I asked. I don't know the answer and would welcome an analysis (as opposed to knee-jerk "save the world by just doing a better job!" nonsense). Hint: an analysis will include a cost/benefit analysis at the very least, and other quantitative arguments. I won't hold my breath.

          Why would I care about a programmer's opinion about saving money? I'd rather ask the janitor, at least he is less biased.

          There's your dissenting commentary.

          • You ask the programmer because it's the programmer's job to implement the design. There's no bias involved in doing one's job, unless you consider it biased to want to produce both safe and secure code.

            Think "Heartbleed."

            'Nuff said.

  • How about putting the devices behind an encrypted firewalled connection?

  • Lots of things could crash the grid, and have. Lightning, squirrels, high demand, or an idiot with a pair of pliers. The real problem is the oft-described obsolescence and inherent instability of the systems running the grid. One of the chief problems with the US grid is the underpinning accounting algorithms that configure power buys and connections to maximize profits over stability and efficiency. System reaction time and response modes to anomalies are hampered by "What's the cheapest?" arguments over-

    • Disruption of the GRID costs LOTS of money so it is avoided like the plague. Yes, grid operators are driven by $$, but don't forget they have SLA's with many of their customers who depend on reliable power to be available and they are going to be out a pile of money if the grid goes down. Not to mention that there is a regulatory requirement for minimum margins and safety of the grid so if you mess around and crash something, the regulators are going to have you in a hearing answering questions.

      So, as new

  • Bad Slashdot Editing (Score:3)

    by Daetrin ( 576516 ) on Monday May 12, 2014 @10:52AM (#46979715)
    I'm not sure if it was the person who submitted the article or if samzenpus decided to condense things, but the quote is straight from the article, except for removing one sentence from the middle:

    "Details of how the attacks could be executed were kept under wraps while solar panel monitoring kit vendor Solar-Log distributed a patch for the flaws."

    Which wouldn't be that big a deal, except that the part included in the Slashdot blurb refers to the "eponymous management system", which makes absolutely no sense if you don't include the name of the software/company.

Slashdot Top Deals

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Close