Conclusions & Expectations


Under the assumption that the SMA brand is indeed representative for the PV inverter branches and the assumption that the “attacker” is technically skilled, it can be stated that the Horus scenario is possible. Based on the theoretical proof as well as the practical proof the sad conclusion is that the Horus scenario can in fact be realized. It is possible for a smart and dedicated attacker to shut down large parts of entire continental power grids this way. Any power grid with a significant amount of PV installations in place may be facing this attack.


In the worst case scenario an attacker compromises enough devices and shuts down all these devices at the same time causing threshold values to be hit. Powergrids start failing and due to the import and export of power cascading blackouts start occuring. Several other power sources, such as windmills, automatically shut down to protect the grid and amplify the attack further. Despite their best efforts power grid regulators are unable to stop the attack. It is only after the sun sets, or when there is no longer enough sunshine for the attack to take place, that the grid stabilizes again. Depending on the authorities way of dealing with this attack, this scenario may keep going for several days.


Using a blackout simulator tool it is possible to estimate the costs of this scenario happening. In the worst case scenario, a 3 hour power outage across Europe, somewhere mid day on June is estimated to cause +/- 4.5 billion euros of damage. We should also consider the impact it may have on human lives, as previous outages are known to cause problems which sometimes end fatally.