Statement on Cyber Security

Recently Willem Westerhof published a study on cybersecurity threats regarding PV inverters, in which SMA was mentioned. The topic has also since been seized upon by other media outlets. Unfortunately, the claim has caused serious concern for our customers. We would like to stress that SMA does not agree with this article, as some of his statements are not correct or greatly exaggerated.

Please be assured that the security of our devices has highest priority for SMA in all respects and that we do everything we can to protect our inverters and communication products against cyber-attacks. We already assessed the mentioned issues on a technical basis and work intensively on the correction. The stated potential security issues only affect older SMA products and only a very few products in our portfolio. To maximize transparency, we use this website to explain the background and correct the facts.

Here are some key facts

  • From our extensive product portfolio, only the following SMA inverter types are affected: Sunny Boy models TLST-21 and TL-21, Sunny Tripower models TL-10 and TL-30.
  • All other products comply with the latest security standards.
  • We want to stress that even with the inverters mentioned above, the assault vectors require extremely high efforts and extensive expertise by a potential hacker.
  • Even the devices mentioned above are properly protected from hacker attacks, if the users carefully adhere to the measures outlined in our public cyber security guidelines.
  • Any device not connected to the internet is not directly affected.
  • There also is no such thing as a “secret super password” for all SMA inverters as Westerhoff states. Our inverters are delivered to our customers with a default password and we actively ask our customers to change this password to a personal secure password immediately after installation.
  • Regarding possible effects on the public power supply, Willem mentions 17 GW of solar inverter power sold to the private market by SMA. This is the whole inverter power SMA has sold so far to the residential market. The power produced with the inverters that might be vulnerable to an attack is only a small fraction of this, and they are installed all over the world. So we see absolutely no danger to grid stability even in the extremely unlikely event that all inverters should be successfully attacked at the same time.
Whitepaper Cyber Security - SMA Solar Technology AG

Whitepaper

Download

SMA Cyber Security Guidelines

SMA Cyber Security Guidelines

Download

As mentioned before, cybersecurity is an extremely important topic for SMA. We are continually working on implementing the highest security standards and measures with our devices in order to make them invulnerable to attacks. In this respect, we also continually ask our customers, to read and adhere to our public cyber security guidelines in order to prevent possible attacks.