2025-08-10 –, Andromeda
Language: English
The European electricity network has become a ‘smart grid.’ This offers many opportunities for sustainability but also makes our energy system more vulnerable to digital attacks. DIVD has been conducting research into vulnerabilities in charging stations, solar panel inverters, home batteries, and Energy Management Systems. In this talk, we will demonstrate how we could have generated power outages using these zero-days and how we prevent this by disclosing them responsibly.
The European electricity network has become a ‘smart grid.’ This offers many opportunities for sustainability but also makes our energy system more vulnerable to digital attacks. In a time of increasing threat of hybrid warfare, the government and the energy sector realize that we as a society must prepare for possible disruption of the energy system and do everything we can to prevent it.
Various institutions test smart devices, set safety standards, and monitor compliance with these standards. However, parties such as our grid operators only have control over the energy grid equipment up to the front door. They are not allowed to look beyond the electricity meter, where most smart equipment is located. DIVD is allowed to do this because we are volunteers and a nonprofit. By identifying devices that can form a botnet, DIVD helps to make the smart grid more secure.
DIVD has been conducting research into vulnerabilities in equipment of the energy system, such as charging stations, solar panel inverters, home batteries, and (Home) Energy Management Systems. Previous findings have led to several parliamentary questions and follow-up actions by authorities such as RDI, the Dutch Authority on Digital Infrastructure.
With the CVD in the Energy Sector program, DIVD conducts research at its own hardware hacking lab in collaboration with the energy sector to reduce the digital vulnerability of our energy system. We also organise hack events. During WHY2025 we also give demos at the Vulnerability Disclosure Village.
In this talk, we will demonstrate how we could have generated power outages using zero-days we found in solar converters, electric car chargers and energy management systems. Still, we also did it with just one user-password combination…
Chris is one of the co-founder of DIVD and Managing Director since 1 January 2022. He entered cyber security through his experience as researcher and wrote two books on Coordinated Vulnerability Disclosure: “Helpful Hackers” (2016) and “Cyberellende was nog nooit zo leuk” (2021). With his unusual background in electrical engineering and sociology, he analyzes how human and electronic networks interact. As presenter he took the stage over 700 times and organized and hosted many talk shows, such as Hack Talk (2017-2022). Combining these experiences and skills he also provides cyber crisis management training to a broad range of organizations. You may say this is not a typical background for a Managing Director, but it works for DIVD. Chris perceives himself not as the boss, but rather a translator who explains to the outside world how hackers can help and aims to provide nerds a safe space to do their thing. At previous camps he was Team Lead Music and radio host.