CHINA WATCHIt’s Not Just Software. Physical Critical Equipment Can’t Be Trusted, Either
Just auditing the software in critical equipment isn’t enough. We must assume that adversaries, especially China, will also exploit the hardware if they can.
Just auditing the software in critical equipment isn’t enough. We must assume that adversaries, especially China, will also exploit the hardware if they can.
The latest report on the dangers from China-made solar inverters is a strong reminder that the physical part of equipment must not be trusted. Reuters said on 15 May that investigators had discovered rogue communication modules embedded in Chinese solar inverters installed in critical US energy infrastructure.
These ghost machines, capable of wireless data transmission, had not been declared by the manufacturers and had no documented function. They were, in effect, silent participants on the US grid.
No specific act of sabotage has been confirmed, but the purpose of the devices is unclear. Are they passive intelligence collectors, quietly contributing to foreign data aggregation? Or are they latent access points with offensive potential, waiting to be activated?
Inverters could be coordinated to disrupt voltage regulation or overload circuits across distributed energy resources, causing instability or damage to grid infrastructure.
Presence of the rogue communications modules in the inverters reminds us that adversaries can exploit vulnerabilities hidden deep in hardware, creating potential strategic leverage across essential systems.
As globalization enters a new phase defined by contested technologies and fragmented supply chains, treating hardware as implicitly trustworthy builds hidden risks into the systems designed to ensure our national resilience.
Governments and industries have embraced zero-trust security models, in which no user, device or connection is trusted by default. But, too often, this principle is only applied to software and user access, not to the hardware operating inside our critical systems. Physical infrastructure, such as the devices that run power, water and transport systems, is rarely scrutinized to the same degree. In part, that’s because hardware threats are harder to observe, difficult to attribute, and require specialized tools and skills to detect.
This is a dangerous oversight.
Modern infrastructure is not a single system. It is a complex patchwork of such globally sourced equipment as sensors, inverters, routers and gateways. Many of these devices run proprietary firmware, are updated irregularly and operate with little visibility once installed. The complexity is such that no single organization, and often no single person, fully understands how it all works. Much like modern vehicles, we no longer repair these systems part by part. We replace entire black-box subsystems, trusting that what’s inside the new ones will be what we expect.
