The Fine Line Between Remote Access and Foreign Takeover: Cyber Threats To The Grid We Must Understand, Prepare For and Defend Against

For everyone interested in what was presented at Lithuanian Davos 2025, I’ve written this article to summarize and significantly expand on the key messages from my talk “The Fine Line Between Remote Access and Foreign Takeover.”

The Illusion of Energy Independence

We keep hearing the phrase "energy independence" being thrown around — as if sourcing electrons from the sun automatically frees us from foreign influence. But the irony is hard to miss: we’ve cut ties with Moscow’s gas, yet somehow decided it was perfectly fine to let Beijing wire itself into our grid.

We swapped one dependency for another, just in a sleeker, more high-tech package. Remote access, cloud control, over-the-air firmware updates — all features we cheer for under the banner of smart energy. We haven’t become energy independent. We've just changed the geography of our dependencies, from east to far east. So how is that any progress?

1. The Most Aggressive Actors Targeting Power Grids

Before we look into what could happen, we need to remind ourselves of what already has. The timeline of cyber incidents targeting energy infrastructure in the last decade tells a clear story: the two most persistent, well-resourced, and aggressive actors in this space are Russia and China. And unlike hypothetical risks, their track records are well documented. Let’s look just at the most recent ones — and what they tell us.

Consider the case of Russia’s GRU-affiliated hacking group Sandworm. They were behind the infamous 2015 and 2016 attacks on Ukraine’s power grid, which caused real blackouts affecting hundreds of thousands of people. That same group is believed to be behind the malware known as Industroyer and later Industroyer2, designed specifically to target electrical substations.

Then we have Volt Typhoon — a Chinese state-sponsored actor operating with a quieter, more persistent strategy. Unlike the disruptive chaos preferred by Russian actors, Volt Typhoon specializes in long-term access and stealthy infiltration. In 2023, U.S. officials confirmed that Volt Typhoon had successfully infiltrated critical infrastructure networks, including power systems, in Guam and potentially in the U.S. mainland. Microsoft disclosed that this group had maintained access for months without detection — using living-off-the-land techniques and blending into normal system activity.

These are not speculative capabilities. These are adversaries who have demonstrated both the will and the technical sophistication to target energy systems directly. And as our grids grow increasingly digital, distributed, and interconnected, the attack surface only expands.

2. The Kill Switch Scenario

China has cornered the global solar inverter market. Modern solar inverters — the devices that convert solar energy into usable electricity and manage how it flows into the grid — are increasingly connected to the internet. Many of them are also designed to receive remote firmware updates, which allow manufacturers or operators to fix bugs, improve performance, or add new features without physically accessing the device. In effect, all this creates a built-in “kill switch”, that, in the wrong hands or under coercion, could be used to disrupt solar production at scale.

To be clear, we haven’t seen China launch a destructive cyberattack on energy infrastructure. There’s no precedent — yet — for China flipping the proverbial kill switch. But the absence of action shouldn't be mistaken for the absence of capability, or intent. Because influence can be exercised in many ways — and as we've seen, China is already using its technological position to exert pressure by other means.

Mutually Beneficial Cooperation — Just Don’t Do the Wrong Thing

We have repeatedly witnessed China´s strategic use of technological dominance to exert political pressure. For instance, both the Czech Republic and Lithuania have been targets of Chinese retaliation campaigns after diplomatic disagreements.

In 2020, Lithuania faced backlash for opening a Taiwanese representative office in Vilnius — a move that led to sudden and aggressive disruptions in trade, including the blocking of Lithuanian goods by Chinese customs systems. This wasn't a cyberattack, but a clear demonstration of how China can weaponize technical and logistical dependencies.

In the Czech Republic, similar pressure came in the context of national cybersecurity decisions. During high-level discussions on 5G infrastructure security, Chinese representatives made it clear that Czech resistance to Chinese vendors would come at an cost. According to investigative reporting, including a detailed exposé by PageNotFound.cz “Huawei case: China blackmailed the Czech Republic”, China used direct threats to influence sovereign democratic state decision-making.

And here’s the question I keep coming back to: How did we get to a point where an one-party state thousands of kilometers away believes it has the authority to interfere in the internal decisions of sovereign European democracies? When exactly did we agree that Beijing should have a say in who we trade with, what infrastructure we build, or which companies we trust?

And while all this unfolds, we’re letting Chinese state-subsidised goods flood our markets, quietly gutting businesses from democratic countries that actually play by the rules. This isn’t global competition. It’s asymmetric economic warfare.

These moments were warning shots — showing how Beijing leverages its global economic and technological influence to achieve political aims. Now imagine a future where the same kind of leverage applies to electricity.

So the question becomes: How far does this go? If we’re already letting a foreign authoritarian state shape our markets, our policies, and our risk tolerance, what happens when that same state begins aligning — not just economically, but militarily and strategically — with another of our adversaries?

The Grid’s Worst Power Couple

Increasing technological cooperation between Moscow and Beijing have raised alarm bells in the West. Reports have emerged of Chinese military personnel being spotted in Russian-occupied territories of Ukraine. Although not confirmed, it further fuels concerns that Moscow-Beijing strategic relationship may be evolving from parallel interests to coordinated action.

What happens if the next geopolitical flashpoint sees them collaborating in cyberspace just as we’re beginning to see in the physical battlespace?

At this point, cooperation between China and Russia in cyberspace remains a hypothetical scenario. There is no confirmed evidence of joint cyber operations as far as I know — but given their increasing alignment in other domains, it’s a possibility that strategic planners can’t ignore.

Their respective cyber capabilities are not only compatible, they are complementary: Russia has demonstrated its proficiency in disruption and chaos, while China has shown strength in persistence, access, and control. These approaches may not inevitably converge. But in cybersecurity, even plausible scenarios warrant preparation.

Even if states or state-sponsored actors never directly exploit this access, the presence of poorly secured endpoints and vendor infrastructure creates a broad and attractive attack surface for others — from cybercriminals to hacktivists and opportunistic threat actors. If someone can exploit vulnerabilities in a vendor’s backend system, they can effectively hijack thousands of inverters in parallel.

And that’s precisely why we must pay closer attention not just to where our technology comes from, but how it’s secured and maintained. Too many vendors operate without adequate authentication mechanisms, server-side protections, or third-party security audits. Trusting them with critical infrastructure without verifying their security posture is a risk we can no longer afford.

In a distributed grid model, where hundreds of megawatts can be controlled remotely, this isn’t just a theoretical risk — it’s an operational reality, waiting for the wrong actor to take advantage.

3. Remote Access is a Privilege, Not a Right

Remote access is not some innocent convenience — it’s a direct pathway into critical infrastructure. And yet, for years, we've treated it as a default feature rather than the powerful, sensitive capability it truly is.

Remote access means remote control. It means giving someone the technical ability to issue commands, push updates, or gather data from infrastructure that powers our homes, hospitals, and industries.

That level of access must never be granted blindly.

We need to shift the mindset from "allow all, question later" to "allow only what we trust, and verify constantly."

Crucially, it is not up to vendors, market forces, or lobbyist - like those recently raided in Brussels - to decide who should have that access. It is up to us — sovereign European states — to determine who we trust with such a critical role. That decision must be rooted in transparent criteria, cybersecurity maturity, and above all, democratic accountability.

4. Firmware update is a form of remote control

A firmware update might sound like routine IT hygiene — just another patch, like updating your phone or laptop. But in the context of critical infrastructure, it’s much more than that. A firmware update is, by definition, the ability to remotely change how a device behaves at the most fundamental level. It can introduce new functions, remove old ones, alter security settings, or — in the worst-case scenario — insert backdoors without the operator ever knowing.

It’s not just data that travels through the update — it's control logic. And that logic determines how the device interacts with the physical world: how it generates power, responds to grid commands, or shuts down under certain conditions.

Granting someone the ability to push firmware updates means granting them the ability to rewrite the rules by which your systems operate. That is not routine maintenance. That is remote control.

5. Residential Solar: The Trojan Horse

Many EU countries already regulate or are beginning to regulate remote access for utility-scale solar systems — but residential systems remain largely overlooked. That’s a major blind spot. The Trojan horse isn’t sitting in our power plants. It’s quietly multiplying on our rooftops.

With over 80 GW of residential solar already online in the EU (and growing), adversaries don’t need to go through the utility-scale. They can go through thousands of unregulated, internet-connected inverters in homes.

These devices are often shipped with default credentials and rely on cloud-based management systems. In aggregate, this creates a sprawling and vulnerable surface — one that can be silently exploited or manipulated. And unlike enterprise infrastructure, residential systems are usually outside the scope of national cybersecurity oversight.

This decentralized weakness could be coordinated into a centralized threat.

Don’t Just Think Energy Independence — Think Energy Control

This isn’t just my question anymore — it’s one all of Europe should be asking. Who do we trust with access to the systems that power our homes, our hospitals, our economies? And why have we been so willing to give that access away?

We have the technical capability to secure our infrastructure. We have the legal authority to set our own rules. What’s missing is the political courage to use it.

Because energy security isn’t just about supply or emissions. It’s about control — over who can access our systems, who can alter their behavior, and who has the technical power to turn them off. And if we ignore that, then all the solar panels in the world won’t make us sovereign.

So now is the time to act — not when the lights go out. We need clear regulations, enforced standards, and above all, a shared understanding that remote access is not a feature to be taken lightly. It's a national security decision. And it must be treated like one.

We’ve already learned the cost of dependence the hard way — with Moscow´s gas. Let’s not make the same mistake again with control over our Clean Tech.