Jumping over Proprietary Gaps - Assessing security features in MCUs for Smart Inverters
Jumping over Proprietary Gaps - Assessing security features in MCUs for Smart Inverters
Paper published at the ACM Sustainability Week DOI
As Distributed Energy Resources (DERs), such as solar inverters, become integral to the power grid, their connectivity introduces significant security risks. While the physical and communication layers of these devices are well studied, the firmware layer often remains a black box due to its proprietary nature. This creates challenges for evaluating the security of these devices. In this work, we bridge this gap by first discussing the threat landscape these embedded devices face. In a second step, we assess the security capabilities of the most prominent Microcontroller Units (MCUs) specifically marketed for power control applications in smart inverters. We discuss security features such as cryptographic hardware acceleration, Secure Boot, secure storage, and physical protection mechanisms and set this in the context of the EU’s emerging Cyber Resilience Act (CRA). Our analysis highlights there is no uniform security solution provided by the MCUs recommended for smart inverters, outlining the differences between high-end connectivity-focused MCUs and pure real-time controllers. This review provides a foundation to understand the potential attack surface of smart inverters and the hardware-level mitigations available to manufacturers.