If You Can’t Secure Your Hardware, You Can’t Secure Your Software
Abstract: As global infrastructure becomes increasingly digital and interconnected, securing
software alone is insufficient to defend against threats targeting critical systems. Vulnerabilities
at the hardware level, from inverters in solar panels to semiconductors and memory chips,
present exploitable entry points that undermine even the most secure software environments.
Drawing from real-world incidents, academic research, and government assessments, this paper
outlines how cyber-physical system vulnerabilities, memory safety flaws, and malicious
hardware implants converge to create systemic risks. The study emphasizes the imperative of
hardware-level security as foundational to software resilience.
Hardware Infrastructure and Critical Grid Vulnerabilities
- Climate Change and Electrical Grid Vulnerabilities
Human-caused climate change is increasing the frequency and intensity of extreme weather
events, placing growing stress on aging energy infrastructure and contributing significantly to
major power outages in the United States and across the world. The electrical grid, originally
designed for a different climate era, depends heavily on above-ground components—
transformers, transmission lines, and utility poles that are exposed to threats such as high winds,
heavy rain, ice, lightning, and extreme heat. Even buried lines remain vulnerable to flooding.
Extreme weather events often span large areas, causing outages across multiple interconnected
states. A total of 1,755 weather-related outages have been recorded nationally. Enhancing grid
resilience will be both expensive and difficult, while rapidly reducing emissions remains the
most impactful way to ease pressure on the system and allow more time for adaptation (Weather-
related Power Outages Rising | Climate Central, n.d.).
- Complex Network Theory and Grid Resilience Metrics
Modern societies depend heavily on critical infrastructure systems such as electricity, water,
healthcare, and transportation whose disruption can lead to significant public and economic
consequences. To better understand and improve the resilience of these systems, especially
power networks, researchers have increasingly adopted the framework of complex network
theory. Traditional approaches have largely focused on network connectivity using percolation-
based models, but these alone fail to capture the operational risks faced by power grids,
particularly under varying supply and demand conditions. To address these limitations, a new
metric called “net-ability” has been introduced. Unlike conventional efficiency-based metrics,
net-ability incorporates the physical laws governing electricity flow, accounts for power flow
allocation, and respects transmission flow limits, thereby providing a more realistic assessment
of grid vulnerabilities. Research findings suggest that net-ability is effective in identifying
critical transmission lines. However, like earlier models, it remains limited by its static and
topological perspective, without accounting for the dynamic behavior of energy systems over
time. Validation using real-world data from Italy’s national grid (Terna) revealed a strong
correlation between net-ability results and actual system performance, underscoring its potential
as a practical resilience metric—although the specific validation outcomes remain confidential
(Arianos et al., 2009).
Solar energy systems are deployed at different scales like residential (6–20 rooftop panels per
home), commercial (around 100 kW), and utility-scale (≥1 MW). Although 97% of U.S. solar
installations are residential, most solar energy is generated from large-scale utility systems,
which are often managed through centralized utility control centers. These industrial systems,
while potentially more robust, also represent concentrated points of failure in the network. In
contrast, commercial installations are growing in relevance, particularly in countries like Canada,
Australia, and the U.S. Geographic variations highlight different vulnerabilities: for example,
while the U.S. grid is highly distributed with over 5 million small-scale solar sites, in the
Netherlands, over 57% of solar power comes from industrial installations. These distinctions are
vital when assessing grid resilience using complex network theory, as different node types pose
different risks and resilience capacities in the face of cyber or physical disruptions (Forsecout
Researcher, 2025).
- Load Frequency Control Threats and Exploitation of Solar Inverter Vulnerabilities
Power grids must balance electricity supply and demand in real time to maintain stable
frequencies (60Hz in the U.S., 50Hz in Europe). This balance is becoming harder due to
increasing reliance on decentralized solar power. Events like the Blue Cut Fire, Odessa
Disturbance, and Sri Lanka blackout highlight how sudden solar output losses threaten stability.
Cyber-induced load-altering attacks (LAAs), first introduced in the “Horus Scenario,” use
compromised IoT devices and smart inverters to disrupt this balance. While single systems pose
low risk, coordinated attacks on Distributed Energy Resources (DERs)—such as 536,000
inverters—could surpass Europe’s 3GW emergency threshold. Key manufacturers like Sungrow
(740 GW), Growatt (300 GW), and SMA (132 GW) dominate DER capacity in the U.S. and
Europe, making them vulnerable targets Forsecout Researcher, 2025).
New vulnerabilities in Growatt and Sungrow inverters allow attackers to hijack devices via
exposed APIs, IDOR flaws, and remote code execution exploits. These enable “dynamic load
attacks,” where inverter output is rapidly altered in real time, overwhelming grid controls.
Beyond grid disruption, attackers can steal user data, hijack smart home devices, manipulate
energy markets, or demand ransom. Such threats are recognized by agencies like NASEO and
the U.S. Department of Energy as serious risks to grid security and stability Forsecout
Researcher, 2025). - False Data Injection Attacks and Cybersecurity Challenges in Smart Grids
Smart grids, which combine digital technologies with traditional power systems, allow for real-
time monitoring and decision-making through cyber-physical systems. Unlike traditional grids
where most operations happen in secured control centers, smart grids rely on local devices like
smart meters to control energy use. This makes them more efficient but also more vulnerable to
cyberattacks.
One major threat is False Data Injection Attacks (FDIAs), where attackers send fake data to
disrupt energy demand and supply. These attacks can cause serious consequences, including
power outages, financial loss, and inefficient energy distribution. FDIA targets include:
Target
Area
Description of FDI
Attack Impact Attack Method
Energy
Demand
Falsified consumption
data underreports or
overreports actual
usage.
Increased financial costs, energy waste,
or power outages due to unmet true
demand.
Infected personal
devices, weak
firewalls
Energy
Supply
Manipulated supply
data overstates or
understates actual
energy available.
Starvation of demand nodes or energy
waste; disrupted energy distribution.
Malware
infecting supplier
servers
Grid-
Network
States
Fake data alters grid
topology or powerline
capacities.
Node isolation, incorrect routing, costly
or inefficient distribution.
Forged network
configuration
data
Electricity
Pricing
False pricing during
peak/off-peak times or
tampered energy bills.
Grid overload, loss of revenue for utility
companies, inefficient load balancing.
Malware to alter
pricing systems
or user accounts
Traditional detection methods often fail because they monitor group-level behavior and ignore
individual device manipulation. Attackers exploit this by targeting vulnerable devices like smart
meters. Researchers propose new detection techniques using spatiotemporal correlations and
trust-based voting systems to identify unreliable data. Smart grids, due to their decentralized
nature, make it hard to physically protect every device, so FDIA attackers can inject fake data
using grid layout knowledge, disrupting control functions without being noticed. Defense against
FDIAs includes: a) Strategic placement of key devices (cyber-physical defense), and b)
Detection methods like dynamic state tracking and game theory. However, these static strategies
can’t keep up with evolving threats (Detection of False Data Injection Attacks in Smart-grid
Systems, 2015).
- Exploitation of Cyber Vulnerabilities in Electric Smart Appliances (ESAs) for
Coordinated Load-Altering Attacks
Attackers targeting the power grid first identify its weakest nodes, then assess if a load-altering
attack would destabilize the system. They use modal analysis to evaluate feasibility: by updating
power consumption at the weakest nodes based on their botnet’s capacity, they perform AC load
flow analysis and recalculate system matrices (JPq, JPV, JQq, JQV). Using this data, they
compute the voltage stability index (VQS). If the VQS becomes negative after the simulated
attack, it indicates instability and confirms the attack’s feasibility. If not, the botnet is
insufficient, and the attackers wait five minutes for changes in grid conditions before
reattempting. This evaluation method can achieve up to 90% accuracy (Shekari et al., 2022).
Nation-State Threats and Infrastructure Intrusions - National Security Risks and Global Policy Responses to Rogue Communication Devices
in Chinese-Made Solar Inverters
U.S. energy officials are reassessing the risks associated with Chinese-made power inverters
after uncovering undocumented communication components, such as rogue cellular radios, in
some solar inverters and batteries. These devices, which connect solar panels, wind turbines,
batteries, and EV chargers to the grid, are critical to renewable energy infrastructure and
predominantly manufactured in China. The undocumented components could potentially bypass
firewalls, allowing for unauthorized remote access, control, or shutdown, posing a threat to grid
stability and raising concerns of catastrophic blackouts. While the number of affected devices
and specific manufacturers remain undisclosed, former NSA Director Mike Rogers warned these
vulnerabilities might be deliberate. The Department of Energy is pushing for increased
transparency through the Software Bill of Materials (SBOMs) and urges purchasers to
understand all device capabilities. Utilities like Florida Power & Light are reducing reliance on
Chinese inverters, and U.S. lawmakers have introduced legislation to ban DHS purchases from
six major Chinese battery firms by 2027. Globally, over 200 GW of solar capacity in Europe
depends on Chinese inverters, and incidents like a reported remote shutdown of inverters in
November 2024 have raised further alarms. Countries including Lithuania, Estonia, and the UK
are taking steps to restrict or review Chinese tech in their grids, while NATO has urged member
states to reduce strategic dependencies on Chinese infrastructure. The situation underscores the
urgent need to address security vulnerabilities in energy systems as regulation lags behind other
critical sectors (Mcfarlane & Reuters, 2025).
- Volt Typhoon’s Silent Breach of the U.S. Power Grid
ICS/OT security firm Dragos revealed that the Chinese threat actor Volt Typhoon, also known as
Voltzite, infiltrated the Littleton Electric Light and Water Departments (LELWD) in
Massachusetts, remaining undetected for over 300 days between February and November 2023.
The breach was discovered just before Thanksgiving during Dragos’ deployment of OT security
solutions, prompting an expedited defense rollout. Volt Typhoon, linked to the Chinese
government and first reported by Microsoft in May 2023, has been associated with espionage
activities targeting U.S. critical infrastructure. During the intrusion, the group collected OT
system data and spatial layout information related to grid operations and exfiltrated data on OT
procedures, suggesting preparation for Stage 2 ICS Cyber Kill Chain attacks. Although no direct
ICS disruption was observed, the stolen data and persistent access present serious risks.
Additionally, Volt Typhoon was found exfiltrating GIS data from other targets, indicating
broader efforts to map energy infrastructure for potential future sabotage. This case highlights
the significant threat posed by nation-state actors maintaining long-term access to critical
infrastructure networks in preparation for cyber-physical attacks (Kovacs, 2025). - Salt Typhoon: A Cybersecurity Wake-Up Call for U.S. Critical Infrastructure
Salt Typhoon was a highly sophisticated cyberattack that targeted critical U.S. infrastructure,
focusing primarily on internet service providers (ISPs), and caused disruptions across the energy,
transportation, and healthcare sectors. The attackers used zero-day exploits and advanced
obfuscation techniques to evade detection, resulting in operational and financial harm. At least
nine major U.S. telecom companies, including Verizon, AT&T, and T-Mobile were affected,
with attackers gaining access to lawful intercept systems and exposing sensitive government
communications and investigations. Additionally, metadata from over a million users was
accessed, raising serious privacy and national security concerns. Though financial losses were
not disclosed, the targeted companies represent over $334 billion in annual revenue,
underscoring the potential economic impact. In the aftermath, companies faced compliance costs,
legal actions, and erosion of public trust, with outdated systems, poor threat detection, and weak
identity verification identified as key vulnerabilities. The attack highlighted the urgent need for
zero-trust frameworks and AI-powered cybersecurity. Federal agencies like CISA and the FBI
have taken the lead in response efforts, promoting real-time threat intelligence sharing and
providing technical and financial support to aid industry recovery (Salt Typhoon: A Wake-up
Call for Critical Infrastructure, 2025).
- Rising Threat Landscape: Nine Active OT Cyber Groups and Emerging ICS Malware in
2024
Dragos released its 2025 OT/ICS Cybersecurity Report, outlining key cyber threat activities and
trends identified across operational technology and industrial control systems in 2024 (Kovacs,
2025).
Category Details
Report Overview
Dragos published its 2025 OT/ICS Cybersecurity Report,
detailing cyber threat trends observed in 2024 across industrial
control systems (ICS) and operational technology (OT).
Active Threat Groups Out of 23 total threat groups tracked, 9 were active in 2024.
Newly Added Threat Groups
Bauxite (linked to Iran):
- Uses CyberAv3ngers persona• Targeted energy, water, food &
beverage, chemical sectors in the US, Europe, Australia, and the
Middle East - Used custom malware IOCONTROL to target IoT and OT
devices in the US and IsraelGraphite (linked to Russia, aka
APT28): - Targeted organizations related to the Ukraine conflict
Groups with Stage 2 ICS
Cyber Kill Chain
Capabilities
- Bauxite
- Chernovite (behind Pipedream/Incontroller attack)•
Voltzite (aka Volt Typhoon, known for OT data exfiltration) - Electrum (aka Sandworm, developer of AcidPour malware)
New Malware &
Capabilities
- AcidPour – Wiper by Electrum targeting OT devices, with
potential for high disruption• Fuxnet – Destructive malware used
by Ukraine against Russian infrastructure - FrostyGoop – Caused heating loss in a Ukrainian city
Ransomware Trends
- 80 ransomware groups targeted industrial organizations in 2024
(up from 50 in 2023) - Represents an 87% surge in ransomware activity
- No ICS-specific ransomware detected, but disruptions and data
exfiltration occurred that may aid future attacks
- Adversarial Motivations, Goals, Capabilities, and Malicious Activities in Smart Grid
Cyberattacks
A) Motivations and Goals:
This section explains why adversaries target smart grids, breaking down their intentions and
strategic objectives:
a) Geopolitical: Exploiting the grid to gain regional or political dominance (e.g.,
Ukraine conflict).
b) Sector Damage: Intentionally disrupting or sabotaging the energy sector or
specific companies.
c) User Harm: Attacks that impact end-users directly—compromising their privacy,
safety, or property.
d) Financial Gain: Includes economic exploitation through ransom, market
manipulation, or fraud.
e) Fame and Recognition: Perpetrators seek acknowledgment or notoriety by
executing high-profile attacks.
Typical Goals include:
a) Reconnaissance: Mapping out the grid’s assets, security, and personnel.
b) Service Disruption: Causing blackouts or halting operations to impact critical
infrastructure and national resilience.
c) Data Theft: Stealing consumption, financial, or personal data for exploitation.
d) Market Manipulation: Skewing energy market dynamics for economic disruption.
e) Electricity Bill Tampering: Fraudulently altering billing or usage data for gain or
sabotage.
B) Capabilities
This section covers how adversaries technically carry out attacks, outlining their tactical and
operational abilities:
a) Access:
- Physical Access: Exploiting insecure smart meters or substations requiring
physical-layer expertise. - Remote Access: Leveraging weak or unprotected protocols (e.g., Modbus)
for remote intrusion.
b) Exploitation:
- Command Injection: Executing unauthorized instructions to manipulate
devices like SCADA systems. - False Data Injection: Corrupting system data to distort decision-making
and control. - Denial of Service (DoS): Crippling grid functionality via flooding,
spoofing, or system abuse. - Eavesdropping: Intercepting communication to steal data or stage more
advanced attacks.
c) Lateral Movement & Privilege Escalation: Expanding control across networks
post-intrusion, escalating privileges to critical systems.
d) Persistence & Evasion: Maintaining long-term, stealthy access via backdoors
and Living-off-the-Land techniques to avoid detection.
Defensive Architectures and Intelligent Cybersecurity Systems
- Explainable Autonomic Cybersecurity Systems for Power Grids and Real-World
Attack Scenarios
Cyberattacks on the energy sector have demonstrated the urgent need for realistic threat
modeling and advanced defense systems. Notable incidents include the 2015 BlackEnergy attack
on Ukraine, which caused widespread blackouts, and subsequent 2022 GRU-linked cyberattacks.
Historical examples like the 2013 Dragonfly and Energetic Bear campaigns further underscore
persistent threats. To counter such risks, autonomic cybersecurity systems leveraging machine
learning (ML) have emerged, evolving from basic classifiers to deep learning and multi-view
federated learning (MV-FLID) models. However, the lack of explainability in these systems
limits their effectiveness. Addressing this, explainable ML models have been developed to
provide transparent and interpretable decisions, particularly vital in time-sensitive infrastructure
like power grids. Substations of critical grid nodes remain vulnerable, as shown in attacks like
the Moore County incident and the 2014 FERC study, which warned that disabling just nine
substations could cripple the U.S. grid. Common attack scenarios include internal vulnerability
scans, brute-force attacks, malware deployment, and disabling systems or logging services
through advanced methods like DoS or fileless attacks (Explainable autonomic cybersecurity
system for smart power grid, 2024).
Software Vulnerabilities and Memory Exploits
- Memory Safety Vulnerabilities: A Persistent Threat to Critical Infrastructure Security
Memory safety vulnerabilities occur when programs unintentionally access or modify memory,
leading to issues like data corruption, crashes, or remote code execution. These flaws are
especially common in languages such as C and C++ that lack built-in memory safety features.
Attackers often exploit these vulnerabilities to target critical infrastructure, including medical
devices, aviation systems, defense networks, and industrial control systems (ICS). Addressing
memory vulnerabilities is crucial because they make up a large portion of software-based attacks.
Notably, ICS-related memory safety CVEs have surged from fewer than 1,000 in 2014 to nearly
3,000 in 2023 (Spewak, 2025).
Key Memory Safety Vulnerabilities (As per CWE Top 25 – 2024) (Spewak, 2025)
Type CWE ID Description Real-World Example
Buffer Overflow CWE-119
Writing more data to a buffer than it
can hold, corrupting memory.
CVE-2023-4966
(CitrixBleed): Bypassed
authentication in Citrix
systems, leading to
ransomware attacks
(e.g., Boeing).
Heap-Based
Buffer Overflow CWE-122
Overflow in heap memory, leading to
memory corruption and remote code
execution.
CVE-2024-38812:
Affected VMware
vCenter; exploited via
DCERPC protocol
during Matrix Cup
2024.
Use-After-Free
(UAF) CWE-416
Accessing memory after it’s freed,
causing crashes or code execution.
CVE-2021-44710:
Affected Adobe
Acrobat Reader DC,
enabling arbitrary code
execution.
Out-of-Bounds
Write CWE-787
Writing data outside allocated buffer
boundaries.
CVE-2024-7695: Hit
Moxa PT switch series,
enabling
unauthenticated denial-
of-service attacks.
Improper Input
Validation CWE-020
Failing to validate inputs, leading to
injection or unauthorized actions.
CVE-2024-5913: PAN-
OS flaw allowing
privilege escalation via
file system access.
Integer
Overflow/Wrapa
round CWE-190
Arithmetic overflows exceeding data
type limits, causing crashes or
security bypasses.
CVE-2022-2329: In
Schneider Electric’s
IGSS; exploited to
trigger heap-based
buffer overflow and
remote RCE.
Memory CVEs Impacting Critical Infrastructure (Spewak, 2025)
System / Product Vulnerability Impact
Ivanti Connect
Secure CVE-2025-0282
Zero-day allowing remote code execution and
malware deployment.
Siemens UMC
(ICS) CVE-2024-49775
Heap-buffer overflow leading to arbitrary code
execution.
Mercedes-Benz
Infotainment Multiple CVEs
Attackers could bypass anti-theft, escalate
privileges, compromise data.
Rockwell
PowerMonitor
1000 CVE-2024-12372
Heap overflow resulting in denial-of-service and
potential RCE.
The key risks include full system hijacking through remote exploits, data breaches involving
theft or corruption, operational disruptions due to instability, and compliance failures that can
result in legal consequences (Spewak, 2025).
- Eliminating Memory Safety Vulnerabilities: A Strategic Imperative for Software
Security
A joint report by U.S. and international cyber agencies emphasizes the urgent need for software
manufacturers to eliminate memory safety vulnerabilities, a longstanding class of software
defects responsible for most serious security flaws. Despite efforts like memory randomization,
sandboxing, and developer training, these issues continue to dominate CVE reports from major
tech firms such as Microsoft, Google, and Mozilla, leading to zero-day exploits and spyware
attacks against civil society groups. The report advocates for a shift toward memory safe
programming languages like Rust, which inherently prevent such vulnerabilities. Aligned with
CISA’s “Secure by Design” principles, the report urges companies to take executive ownership
of customer security, embrace radical transparency, and implement hardware-based mitigations
such as CHERI and MTE. The overarching message is clear: software makers must act
decisively now to avoid extending these risks into the future (Lord, 2023).
Hardware-Based Attacks on Emerging Platforms - Rowhammer and the Limits of ECC Memory: Exploiting Vulnerabilities in Modern
DRAM Systems
As transistor sizes shrink, their reliability deteriorates, leading to increased charge leakage in
DRAM cells due to parasitic coupling and passing gate effects. This vulnerability, known as
Rowhammer, was first demonstrated by Y. Kim, R. Daly, J. Kim, C. Fallin, J. H. Lee, D. Lee, C.
Wilkerson, K. Lai, and O. Mutlu, “Flipping Bits in Memory Without Accessing Them: An
Experimental Study of DRAM Disturbance Errors,” ISCA’ 14, who showed that repeatedly
activating a DRAM row can cause unintended bit flips in adjacent rows. Since then, various
Rowhammer attack techniques, such as double-sided, single-sided, and one-location
Rowhammer have exploited this behavior to compromise desktops, laptops, and mobile phones.
These attacks targeted all systems without ECC (Error-Correcting Code) memory, as ECC has
long been considered one of the few viable hardware defenses against Rowhammer. However,
speculation has persisted that even ECC could be bypassed, though no end-to-end Rowhammer
attack on real ECC memory had been achieved, largely due to two barriers: the undocumented
and often complex nature of ECC implementations in modern systems, and the technical
difficulty of inducing bit flips without triggering ECC corrections or system crashes.
To overcome these challenges, researchers in Exploiting Correcting Codes: On the Effectiveness
of ECC Memory Against Rowhammer Attacks (2019) introduced a novel methodology. They
reverse-engineered ECC functions in commodity AMD and Intel systems using a combination of
custom hardware probes, Rowhammer-induced bit flips, and cold boot attacks. They also
developed a new exploit called ECCploit, which uses composable, data-controlled bit flips and a
novel side channel in the ECC memory controller. The study demonstrates that while ECC does
reduce the feasibility of Rowhammer attacks, it does not eliminate the risk. ECCploit
successfully mounted reliable attacks on ECC-protected memory across various systems and
configurations, proving that even advanced memory protection mechanisms can be
compromised. This work significantly advances understanding of ECC’s limitations and shows
that Rowhammer remains a practical and powerful threat, even in environments previously
considered secure (Exploiting Correcting codes: on the effectiveness of ECC memory against
Rowhammer attacks, 2019).
GPUHammer: First Successful Rowhammer Attack on NVIDIA GPUs Reveals Critical AI
and Shared GPU Security Risks
Researchers from the University of Toronto have demonstrated the first successful Rowhammer
bit-flip attack on GPU memory, targeting GDDR6 memory in Nvidia A6000 GPUs. The attack,
dubbed “GPUHammer,” exploits repeated access to adjacent memory rows using user-level
CUDA code to induce bit flips across all tested DRAM banks, bypassing in-DRAM defenses like
Target Row Refresh (TRR). This enables a malicious user to tamper with another user’s data in
shared GPU environments. In a proof-of-concept, a single bit flip was enough to degrade a
victim’s deep neural network (DNN) model accuracy from 80% to 0.1%. Rowhammer attacks,
which rapidly access specific memory rows to cause data corruption in adjacent rows, were
previously associated only with CPU DRAM. This breakthrough exposes new vulnerabilities for
AI systems that rely on shared GPU resources. In response, Nvidia issued a security notice
recommending that users enable System-Level ECC (Error-Correcting Code), which corrects
flipped bits automatically, and advised enterprise users to rely on professional or data center-
grade GPUs like the Hopper and Blackwell classes, where ECC is enabled by default. The
feasibility of Rowhammer attacks is largely limited to multi-tenant environments with
simultaneous GPU access (Mishra, 2025; MSN, n.d.).
Cryptographic Integrity and Secure Computation
- Integrity Challenges in Fully Homomorphic Encryption: Gaps Between Theory and
Practice
Fully Homomorphic Encryption (FHE) enables computation on encrypted data but remains
vulnerable to integrity risks due to its malleable ciphertexts. While traditionally used under an
honest-but-curious server model, real-world applications like Microsoft Edge Password Monitor,
demand stronger protections. Existing defenses, such as verifiable computation or IND-CCA1-
secure schemes, are either impractical or inefficient, leaving a gap between current FHE use and
robust integrity guarantees (Knabenhans, 2023).
Geopolitical Supply Chain Dependencies - Taiwan’s Semiconductor Supremacy and China’s Race to Close the Gap
Taiwan produces over 60% of the world’s semiconductors and over 90% of the most advanced
ones. Most are manufactured by a single company, Taiwan Semiconductor Manufacturing
Corporation (TSMC). Until now, the most advanced have been made only in Taiwan (The
Economist, 2023).
TSMC manufactures an estimated 92% of the world’s most advanced semiconductor chips,
powering essential technologies like smartphones, laptops, and AI tools such as ChatGPT. Major
tech companies, including Apple, Nvidia, and Tesla, rely heavily on TSMC for chip production.
As historian Chris Miller noted, nearly a third of global computing power is fabricated in
Taiwan, underscoring TSMC’s critical role in the tech ecosystem. Following a 7.4 magnitude
earthquake off Taiwan’s east coast, chip production at TSMC’s west coast factories was briefly
paused. (Allyn, 2024).
China’s semiconductor industry sits several generations behind the leading edge of innovation.
Massive investments are required to close that gap, particularly in chip manufacturing. Chinese
companies have attempted to acquire foreign leading-edge technology through forced technology
transfer agreements, intellectual property theft, and talent poaching. However, China’s efforts to
acquire know-how from abroad have so far failed to spark genuine domestic innovation. Instead,
MCF and semiconductor efforts have found some positive synergy by applying defense
procurement spending to prop-up China’s fledgling semiconductor companies that are globally
uncompetitive but key to the PLA’s defense needs. Rather than spin on or spin off, MCF is
helping domestic semiconductor firms step up (How Military-Civil Fusion Steps up China’s
Semiconductor Industry – DigiChina, 2022).
Strategic Outlook Moving Forward
In the near term, enhancing electricity security involves implementing innovative solutions such
as microgrids, which are self-sufficient systems ideal for localized areas like campuses or
neighborhoods and can be powered by renewables to reduce emissions. Smart grids with sensors
improve stability and outage information, while grid hardening measures like burying lines or
using steel poles fortify infrastructure. Federal support is essential for recovery and resilience,
alongside AI-driven monitoring and zero-trust cybersecurity architectures. The Salt Typhoon
attack underscored the need for unity and innovation, especially as traditional frameworks like
DHS committees dissolve. Meanwhile, NVIDIA advises enabling SYS-ECC (and OD-ECC
where available) across GPU product lines to mitigate Rowhammer-style attacks like
GPUHammer, particularly in multi-tenant and data center settings. Static defenses are
increasingly inadequate, which is why Deep Reinforcement Learning methods like Deep Q-
Networks (DQN) are being adopted to detect complex threats such as False Data Injection
Attacks (FDIA), classified by duration and intensity. These attacks evade conventional detection,
so real-time adaptive strategies and monitoring voltage drop rates across grid nodes are now key,
with load shedding prioritized in areas showing steep declines to help stabilize the system.
References
Allyn, B. (2024, April 3). Taiwan earthquake briefly halts chip factories that power the global economy.
NPR. https://www.npr.org/2024/04/03/1242564161/taiwan-earthquake-semiconductor-chips-
tech
Arianos, S., Bompard, E., Carbone, A., Xue, F., Dipartimento di Ingegneria Elettrica, Politecnico di
Torino, & Dipartimento di Fisica, Politecnico di Torino. (2009). Power grids vulnerability: a
complex network approach. https://arxiv.org/pdf/0810.5278
Detection of false data injection attacks in smart-grid systems. (2015, February 1). IEEE Journals &
Magazine | IEEE Xplore. https://ieeexplore.ieee.org/document/7045410
Explainable autonomic cybersecurity system for smart power grid. (2024, September 30). IEEE
Conference Publication | IEEE Xplore. https://ieeexplore.ieee.org/document/10735649
Exploiting Correcting codes: on the effectiveness of ECC memory against Rowhammer attacks. (2019,
May 1). IEEE Conference Publication | IEEE Xplore.
https://ieeexplore.ieee.org/document/8835222
Forsecout Researcher. (2025). SUN:DOWN Destablizing the Grid via Orchestrated Exploitation of
Solar Power System. https://www.forescout.com/resources/sun-down-research-report/
How Military-Civil fusion steps up China’s semiconductor industry – DigiChina. (2022, April 1).
DigiChina. https://digichina.stanford.edu/work/how-military-civil-fusion-helps-chinas-
semiconductor-industry-step-up/
Knabenhans, C. (2023, April 23). Verifiable fully homomorphic encryption. Christian Knabenhans.
https://cknabs.github.io/post/vfhe/
Kovacs, E. (2025, February). Nine Threat Groups Active in OT Operations in 2024: Dragos.
SECURITYWEEK NETWORK. https://www.securityweek.com/nine-threat-groups-active-in-ot-
operations-in-2024-dragos
Kovacs, E. (2025, March). China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days.
SECURITYWEEK NETWORK. https://www.securityweek.com/chinas-volt-typhoon-hackers-
dwelled-in-us-electric-grid-for-300-days/
Lakshminarayana, S., Chen, Y., Maple, C., Larkins, A., Flack, D., Few, C., David, K.-A., & Srivastava,
Anurag. K. (2025, February). Cybersecurity Threats to Power Grid Operations from the
Demand-Side Response Ecosystem. https://arxiv.org/pdf/2310.18820
Lin, X., An, D., Cui, F., & Zhang, F. (2023). False data injection attack in smart grid: Attack model and
reinforcement learning-based detection method. Frontiers in Energy Research, 10.
https://doi.org/10.3389/fenrg.2022.1104989
Lord, B. (2023, December). The Urgent Need for Memory Safety in Software Products.
https://www.cisa.gov/news-events/news/urgent-need-memory-safety-software-products
Mcfarlane, S. & Reuters. (2025, May 14). Rogue communication devices found in Chinese solar power
inverters. Reuters. https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-
communication-devices-found-chinese-inverters-2025-05-14/
Mishra, A. (2025, July 12). GPUHammer: First-Ever Rowhammer attack targeting NVIDIA GPUs.
GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/first-ever-rowhammer-attack-targeting-nvidia-gpus/#google_vignette
MSN. (n.d.). https://www.msn.com/en-in/technology/hardware-and-devices/nvidia-chips-hacked-fall-
victim-to-rowhammer-bit-flip-attacks-here-s-how-to-secure-the-ai-gpus/ar-
AA1IIktn?ocid=BingNewsVerp
Sande-Ríos, J., Canal-Sánchez, J., Manzano-Hernandez, C., & Pastrana, S. (2024). Threat analysis and
adversarial model for Smart Grids. https://arxiv.org/html/2406.11716v1
Shekari, T., Cardenas, A. A., & Beyah, R. (2022). {MADIOT} 2.0: Modern {High-Wattage} {IoT} botnet
attacks and defenses. https://www.usenix.org/conference/usenixsecurity22/presentation/shekari
Spewak, N. (2025, June 6). Types of Memory Safety Vulnerabilities & How to Address Them. RunSafe
Security. https://runsafesecurity.com/blog/memory-safety-vulnerabilities/
The Economist. (2023, March 6). Taiwan’s dominance of the chip industry makes it more important.
The Economist. https://www.economist.com/special-report/2023/03/06/taiwans-dominance-of-
the-chip-industry-makes-it-more-important
