Trojan currents: Chinese threats embedded in technology

In an era of intensifying global power competition, national defense is no longer confined to battlefields or cyberspace. The front lines now run through our energy infrastructure. Recent reporting has revealed that certain Chinese-manufactured solar inverters installed across the U.S. grid contain undocumented communications modules-essentially Trojan horse components embedded in critical infrastructure.

This discovery isn’t just a technical vulnerability, it’s a legal fault line. We must bring the tools of civil litigation and state-level enforcement to bear. The next defense against infrastructure compromise may begin not in a server room or SCIF, but in a courtroom.

What Happened: Ghost Machines in the Grid

According to a May 2025 report by Reuters, Chinese solar inverters—devices that convert solar energy into usable electricity—have been found with hidden cellular radios that could allow unauthorized remote access. These components, supplied by firms like Huawei and Sungrow, enable potential adversaries to manipulate U.S. grid-connected solar systems in real time.

Energy officials warn that this opens the doors to remote disruption or municipal solar arrays, base-level microgrids, and regional energy systems. A coordinated blackout—once hypothetical—is now operationally plausible.

Strategic Infrastructure as Battlespace

This is not an isolated concern. The Chinese Communist Party has long advanced a dual-use strategy for global infrastructure systems, embedding state-linked technology in critical systems through Its Belt and Road Initiative and foreign energy investments. In Spain, for instance, China three Gorges Europe operates one of the country’s largest solar installations. Renewable infrastructure promises economic and environmental gains—but also creates foreign access points into grid control systems. In a contingency, this access could become a vector for sabotage. No cyberattack is required when adversary-controlled hardware is already integrated into the grid.

Legal Fault Lines: From Imports to Infrastructure Threats

Legally, these embedded components blur the lines between commercial import and covert hostile capability. This implicates three key legal domains:

1. Procurement & Trade Law – The Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) already restrict certain Chinese telecom and surveillance firms. Similar prohibitions should be extended to solar inverters and power electronics, particularly from firms flagged by national security reviews.
2. Cybersecurity & Infrastructure Law – The Department of Energy and Homeland Security have begun requiring a Software Bill of Materials (SBOM). But hardware-origin traking is still underdeveloped—especially in devices with communications and control functionality.
3. Emergency & Defense Authorities – In crisis, laws like Defense Productions Act and Stafford Act could authorize interdiction, replacement, or cyber countermeasures. Yet these authorities must be mapped out in advance—not improvised in crisis.

Trojan Devices, Legal Liabilities:

These inverters aren’t merely risky—they may be legal defective products under U.S. tort law.

Under the Restatement (Third) of Torts, a product is defective if it:

• Poses a foreseeable harm by design, or
• Is sold without warning of known risks.

Chinese firms embedded undocumented radios and failed to disclose them. They sold into the U.S. energy market despite obvious implications for grid security. These are classic hallmarks of product defect and deceptive practices under U.S. Law.

Legal Precedent: We’ve Done this Before

We have confronted foreign-manufactured technological deception before;

• Volkswagen’s Dieselgate – VW paid over $14.7 billion after using defeat devices to cheat emissions tests. Deception about embedded software led to civil and criminal liability.
• Huawei v. United States – Courts upheld national security-based procurement bans, on Huawei, rejecting claims they were unconstitutional.

These cases show that when foreign firms deceive regulators or embed hidden threats into public systems, U.S. law can respond decisively.

A Multi-Front Legal Strategy

We don’t need new legislation—we need strategic enforcement of laws already on the books. Here’s a viable path forward:

• The Department of Justice launches civil enforcement actions under federal consumer protections statutes.
• State Attorneys General coordinate multistate class actions under Unfair and Deceptive Acts and Practices (UDAP) statutes, like California’s UCL and CLRA.
• Public utilities and municipalities sue for damages tied to inspection, replacement, or hardening of compromised hardware.
• Cybersecurity experts and infrastructure engineers provide forensic evidence linking the undocumented components to foreseeable risk.

Legal theories such as product defect, failure to warn, public nuisance, and deceptive trade are not speculative—they’re established and field-tested.

Litigation as Deterrence

This isn’t just about recovering damages. It’s about changing incentives. If hostile manufacturers know they’ll face billion-dollar liability for Trojan designs, they’ll either rethink their product strategy—or find their access to the U.S. market sharply curtailed. Litigation becomes a form of lawfare—an offensive tool of national power used to impose costs and shape behavior. As strategic competition plays out across digital and energy domains, U.S. legal action can fill the deterrent gap between sanctions and kinetic responses.

Operational Readiness: Lawfare Must Enable Response

Legal action is necessary—but not sufficient. Infrastructure resilience planning must evolve in parallel.

Solar inverters are increasingly integrated into military base microgrids, National guard readiness centers, and critical civilian infrastructure. If those inverters are compromised—via code or command—they could paralyze local grids at critical moments.

Recommended pre-conflict measures include:

• Grid-Denial Exercises– Civil support drills simulating inverter failure and grid denial scenarios.
• Interagency Cyber-Energy drills –Involving DoD, DoE, DHS, and utility companies to rehearse isolation and recovery from embedded hardware breaches.
• Legal Contingency Mapping – Agencies must pre-identify the emergency authorities they’ll rely on to remove, replace, or digitally isolate compromised systems in crisis.

Conclusion: Litigation as Layered Defense

The Trojan components in Chinese-made inverters reveal a dangerous asymmetry in U.S. infrastructure law. Our adversaries are embedding potential kill switches in civilian systems, knowing our legal response will be slow, reactive, or nonexistent.

That must change. Legal deterrence must be part of our national defense toolkit. If we can sanction a bank or drone maker for aiding adversaries, we can sue a company that embeds remote access capabilities into energy systems that power military bases and hospitals.

The United States has the legal means. What’s needed now is coordination and the political will to act. Litigation should not be a last resort—it should be part of the layered deterrence strategy that protects our sovereignty in a connected world. Because in the age of strategic competition, the grid is part of the fight—and the law must be part of the arsenal.

---

Major Aaron Conti is a Judge Advocate in the United States Army, currently serving as the Brigade Judge Advocate for the 513^th Military Intelligence Brigade. He previously served as the chief of national security law for the Combined Special Operations Joint Task Force in Iraq and as a Judge Advocate at multiple levels in the 1^st and 7^th Infantry Divisions.

The views presented are those of the author and do not necessarily represent the official policy or position of the Department of Defense, the U.S. Army, or any other U.S. government agency.