Image from Massachusetts Office of Energy and Environmental Affairs
China’s Unseen Cyber Threat to Energy Security
Every solar panel and battery connected to the U.S. energy grid relies on a device few people ever consider: the power inverter. In May of 2025, U.S. experts found undocumented communication modules and secret radios embedded in some Chinese-manufactured solar inverters and battery systems. Not listed in product documentation, these shadow components create hidden backdoors that can circumvent utility firewalls and allow remote access to the devices. By making it possible to switch off inverters or sabotage grid-tied renewable installations, these backdoors pose a grave cybersecurity risk to U.S. energy infrastructure.
Inverters are the workhorses of modern power systems. They convert solar panels’ DC output to grid-friendly AC output, linking batteries and electric vehicles to public utility networks. They are ubiquitous in renewable energy infrastructure, and a majority are produced in China. In 2022, Huawei accounted for 29% of global inverter shipments, with other Chinese firms comprising much of the rest. As a result, Chinese-made equipment is deeply embedded in U.S. and allied power grids. This also makes them present in or around most strategic installations. Inverters are commonly designed with remote connectivity capability, but this is typically secured behind firewalls to block unwanted access.
An undocumented cellular radio effectively punches through those safeguards. With one, an outside actor can circumvent network segmentation and VPN enforcement, presenting spoofed authentication credentials to send commands directly to the inverter. That access could let attackers simultaneously disable or manipulate numerous devices, destabilizing or even cutting off solar generation or draining battery reserves. In a worst-case scenario, adversaries could coordinate remote shutdowns to trigger cascading power outages across multiple states, impacting hundreds of thousands of Americans.
U.S. officials are taking this threat seriously. Intelligence assessments have long suggested Beijing plants surveillance tech in foreign infrastructure to leverage in a crisis, and U.S. utilities were already preparing for possible bans on these devices. In 2024, then-FBI Director Christropher Wray warned that “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real world harm to American citizens and communities.” In May 2025, former NSA Director Mike Rogers warned that “We know that China believes there is value in placing at least some elements of our core infrastructure at risk of destruction or disruption.” China’s government denies any malicious intent, with embassy spokespeople regularly accusing the U.S. and other countries of smearing China’s infrastructure achievements.
Now, the push is on to ramp up domestic manufacturing of trusted equipment and integrate it into the grid. Florida’s largest power supplier, Florida Power and Light Co, has already begun sourcing non-Chinese inverters to reduce supply-chain vulnerability. The Build America, Buy America (BABA) Act, part of the 2021 Infrastructure Investment and Jobs Act, mandated that infrastructure projects which benefit from federal funding prioritize domestically manufactured components. It has begun to bear fruit: In early 2025, SolarEdge announced that its U.S.-made inverters achieved BABA compliance, enabling their integration into federally funded projects. Also in 2025, the American Clean Power Association (ACP), on behalf of the U.S. energy storage industry, announced it was investing USD$100 billion into building and buying American-made grid batteries. In February, lawmakers introduced the Decoupling from Foreign Adversarial Battery Dependence Act to bar the U.S. Department of Homeland Security from buying Chinese-made batteries after 2027, citing national security concerns.
However, this is not just a U.S. problem: Europe’s electric grids have also become highly reliant on Chinese solar technology. In 2022, NATO officials observed that China was intensifying efforts to control allied infrastructure, urging members to identify strategic dependencies and take steps to reduce them. 70% of all inverters installed in 2023 came from Chinese vendors, mainly Huawei and SunGrow. Over 200 gigawatts of European solar capacity (equivalent to more than 200 nuclear power plants) are tied to Chinese-made inverters. In November 2024, Lithuania passed a law effectively blocking remote control of energy installations by unfriendly foreign states—a de facto restriction on Chinese inverters above a certain size. In Estonia, the head of intelligence, Director General Kaupo Rosin cautioned in 2024 that, without better controls or procurement safeguards, the country risked being blackmailed by China via hidden access in critical systems. In the UK, Ciaran Martin, the ex-chief executive of the National Cyber Security Centre, stated that China was actively inserting itself into critical civilian infrastructure to “physically wreak havoc on our critical infrastructure at a time of its choosing.” The United Kingdom is conducting a comprehensive review of Chinese technology in its energy sector, including solar inverters, with findings due in coming months.
While policymakers have a growing recognition of the risks of Chinese component supply chain dependence, insecure inverters can come from anywhere. Policymakers must move beyond reactive bans toward comprehensive, clearly defined baseline requirements for all critical infrastructure components. This can range from mandatory firmware audits to the use of trusted third-party certification with domestic companies. Subsidizing new component manufacturers who follow federal procurement standards would reward manufacturers that meet stringent cybersecurity criteria. By coordinating these standards internationally with its partners, the US can improve enforcement across borders and strengthen economic and security ties.
A successful approach here could be used as a blueprint to reduce the risks compromised supply chains present to national security. If not, China will continue to evade state-specific bans, with new vulnerabilities capable of emerging from wherever inverters are produced next.
