Russian flag displayed on a laptop screen, Guy Fawkes mask and binary code displayed on a screen are seen in this multiple exposure illustration photo taken in Krakow, Poland on March 1, 2022. Global hacker group Anonymous declared ‘cyber war’ against Russia. (Photo by Jakub Porzycki/NurPhoto via Getty Images)
NurPhoto via Getty Images
The clean energy revolution has a hidden vulnerability: the software running it answers to someone else.
On April 1, Vietnam did something no government had done before. When it licensed Elon Musk’s Starlink satellite network to operate in the country, Hanoi buried a condition in the fine print: all data traffic must route through four domestically controlled gateway stations on Vietnamese soil. No foreign server would touch Vietnamese data without Vietnamese eyes on it first. The announcement drew a few tech headlines and quickly faded.
It shouldn’t have. Because Vietnam just wrote the playbook for the most consequential fight in the global energy transition—and almost no one noticed.
The green energy revolution is not simply a story about solar panels and wind turbines displacing coal and gas. It is increasingly a story about who controls the software, algorithms, and data infrastructure that power those systems. And for much of the world, the answer is: someone else.
Clean energy is now a matter of national defense, and the software running the grid matters just as much as the hardware. The crisis is that while governments physically sit on the hardware, foreign powers or outside tech giants increasingly control the software.
“Europe has effectively surrendered remote control of a vast portion of its electricity infrastructure,” warned Christoph Podewils, secretary general of the European Solar Manufacturing Council. He was not speaking in hypotheticals.
Consider the scale of the exposure. Over 200 gigawatts of European solar capacity is already linked to inverters manufactured in China—the equivalent of more than 200 nuclear power plants. Inverters are the critical interface between solar panels and the grid: they convert generated power into usable electricity, and they are almost universally connected to the internet to perform essential grid functions.
Chinese providers, most notably Huawei and Sungrow, account for an estimated 55% of global solar inverter shipments. That means the brains of a substantial portion of the world’s clean energy infrastructure are manufactured by companies legally required, under Chinese national security law, to cooperate with Chinese state intelligence when asked.
The Brians Of The Operation
In 2025, U.S. analysts identified unexplained components in Chinese-manufactured inverters designed to enable backdoor communication with solar installations—effectively giving those with access the ability to turn them on or off remotely. The EU’s own security doctrine identified solar inverter dependency as one of six priority high-risk areas threatening the bloc’s critical infrastructure.
On the morning of December 29, 2025, across Poland, wind and solar farms stood largely empty, monitored remotely via automated dashboards. Inside the networks linking them to grid operators, someone was already logged in—and had been for months, quietly mapping infrastructure since March. The attack targeted distributed energy resources, including wind farms, solar installations, and combined heat and power facilities across Poland’s electrical grid. Poland’s defenses held. Authorities issued an immediate warning to all critical infrastructure operators worldwide.
The Poland attack was a fire drill. The next one may not be a practice run.
Europe remains strategically exposed, importing 58% of its energy at a cost of more than $466 billion annually. Digital centralization has created what experts call a ‘blackout potential’ at scale, with just seven manufacturers holding “root-level” access to 10 gigawatts of generation capacity. That means they can remotely access a system and change its behavior for nefarious purposes.
Citing serious economic and cybersecurity risks, the European Commission recently blocked EU funding for energy projects that use high-risk foreign inverters—the most aggressive move by any major economy to reclaim its digital sovereignty.
But the policy has a massive loophole. The ban applies only to future EU-funded projects. It completely misses the real threat: the 200 gigawatts of Chinese-made infrastructure already wired into the European grid.
The skeptics make a reasonable case. China’s Chamber of Commerce in Brussels has rejected the EU’s framing, arguing that the bloc has designated China a “high-risk country” without factual evidence, and that Chinese companies have long contributed to Europe’s energy transition through reliable, competitive technology.
DNV’s principal consultant for grid cybersecurity, Ryan Davidson, was more measured: the funding ban “helps energy sovereignty but does very little to address the cybersecurity of the infrastructure,” since it does not resolve the risks posed by the vast installed base of Chinese inverters already connected to European grids.
Changing The Locks
PRODUCTION – 27 September 2023, Denmark, Hanstholm: Photoelectric panels at a solar farm in Hanstholm, Denmark. The solar panels are part of the renewable energy sources that power Apple’s European data center in Viborg. Photo: Christoph Dernbach/dpa (Photo by Christoph Dernbach/picture alliance via Getty Images)
dpa/picture alliance via Getty Images
Both points have merit. Banning Huawei from new EU-funded projects while 200 gigawatts of existing hardware remains grid-connected is like changing the front-door locks while leaving the back window open. And China’s defense is accurate: the global energy transition genuinely needed Chinese scale to get off the ground.
But gratitude is not a security policy. Conflating China’s past industrial contributions with Europe’s ongoing security risks is a dangerous mistake—and the identity of the intruder doesn’t change the house’s vulnerability. When Russian state actors successfully infiltrated Poland’s wind and solar grids, they didn’t need to build their own backdoors; they simply exploited the digital soft spots inherent in a deeply centralized, foreign-managed network.
Whether a vulnerability is intentionally planted by Beijing or casually exploited by Moscow, the result is identical. The real question isn’t who built the highway, but who has the power to turn off the lights.
Vietnam understood this dynamic early, refusing to wait for a total crisis to protect itself. When Hanoi licensed Elon Musk’s Starlink network, it drew a hard line: every byte of data had to flow through physical, domestic gateways under local jurisdiction. It proved a vital thesis for the Era of Sovereignty: a nation can welcome foreign innovation without surrendering its digital autonomy.
Today, the rest of the world is only just beginning to grasp the scale of this vulnerability. Across undersea cables, satellite arrays, and AI data hubs, global precautions are still in their infancy. But Vietnam’s aggressive stance offers an early glimpse of the future. Governments are slowly realizing that in a world of borderless tech, physical control over the hardware is the only true defense.
“China is already inside Europe’s energy system, embedded in both the physical infrastructure and connected devices. The EU should accelerate efforts to reduce the risks — especially in military-relevant energy infrastructure,” writes Caspar Hobhouse, for the European Institute of Security Studies.
The energy transition will not be slowed by this reckoning. Solar and wind are cheaper than fossil fuels and getting cheaper. The buildout will continue. But the countries that fail to ask—who actually controls this infrastructure, under whose law, and to whom are they answerable?—are building a green future on a shaky foundation that someone else can switch off.
The question is not whether to transition. It’s whether the transition belongs to you.