A recent security advisory by the U.S. Department of Transportation’s Federal Highway Administration (FHWA) warns that certain solar-powered highway infrastructure — including signs, traffic cameras, EV chargers, visitor centers, and weather stations — may contain “undocumented cellular radios” embedded in power inverters and battery management systems (BMS). These radios were discovered mostly in foreign-manufactured inverters (many made in China), though the advisory does not always clearly identify all the manufacturers or locations. The advisory urges transportation agencies to inventory all such equipment, use spectrum analysis to detect unexpected communications, remove or disable any suspicious radios, and ensure networks are properly segmented to reduce the risk of data theft, remote sabotage, or system disruption.
Sources, Reuters, PV Magazine, TechRadar
Key Takeaways
– Potential Hidden Threats in Critical Infrastructure: Undocumented cellular radios found within solar inverters and BMS may enable unauthorized remote access, sabotage, or data exfiltration, posing risks to highway signage, EV chargers, traffic cameras, and related systems.
– Foreign Manufacturing Under Scrutiny: Much of the implicated hardware appears to be foreign-made, with many inverters traced to Chinese manufacturers. This has amplified concerns over supply chain security and geopolitical risks.
– Remediation Protocols Advised: The advisory recommends rigorous inventorying, spectrum scanning for unauthorized comms, removal or disabling of suspect devices, and stronger network segmentation to confine potential damage or misuse.
In-Depth
In the latest alert resonating across U.S. transportation and energy sectors, the FHWA has raised red flags about hidden communications hardware—specifically undocumented or “rogue” cellular radios—embedded within solar highway equipment. These discoveries largely involve power inverters and battery management systems, components crucial for converting and managing solar energy for systems like roadside signs, traffic cameras, EV chargers, and weather stations.
Although the report does not always identify the exact origin of these devices, many of the components are manufactured abroad, particularly in China. This has prompted deeper concerns around supply chain integrity and the extent to which foreign-made equipment may present a national security vulnerability.
The implications are serious. Radios embedded without clear documentation or traceable purpose could grant remote access or serve as hidden backdoors. This might enable data harvesting, facilitate sabotage (for example, by triggering simultaneous outages), or cause unwanted remote manipulation of infrastructure. Transportation agencies have been urged to take active steps: inventory all inverter and BMS installations, employ spectrum analysis tools to detect anomalous or unexpected communications, and disable or remove any suspect radios discovered. Moreover, network architecture should be robustly segmented—meaning that even if one component is compromised, the damage should not cascade across interconnected systems.
What remains uncertain is the scale and severity: how many devices are affected, how often, and whether the embedded radios are active or dormant. There’s also a gap between suspicion and proof: few detailed technical teardowns have been publicly released. Still, governments and experts agree on the precautionary principle: when dealing with critical infrastructure—especially that which powers autonomous or safety-critical systems—risk must be mitigated before it becomes exploitation.
For stakeholders, this means balancing innovation, renewable energy deployment, and public welfare with vigilant cybersecurity and supply chain oversight.