Often there are two control paths. Sometimes more! Plenty of inverters will quite happily give you an RS232 port specification and you can create your own dongle!
However, for purpose of the security of the nation's power grid, I don't just need my inverter to be secure, I need pretty much everyone's inverter to be secure. If an attack bricks 95% of solar inverters, the fact the nerdiest 5% of users have their inverters airgapped won't stop the grid having a lot of problems.
> RS232 port specification and you can create your own dongle!
This is just a way of pretending to give access while making it as hard as possible. We are talking about a device that is already connected to the network. The local path is not some rest services, but a serial port for which I need to fabricate some hardware? Don't piss on me and tell me it's raining.
Perhaps I wasn't clear - when I say "Sometimes more!" I mean many cheap chinese inverters actually support four options:
1. Cloud management with their app.
2. Wifi management without the cloud (when you're on your home wifi).
3. Unplug the wifi dongle from the inverter for a fully offline system. You don't really need your inverter on the internet anyway.
4. Unplug the wifi dongle and DIY whatever you want, the dongle's just a serial-to-wifi converter.
That's not to say the security of any of this stuff is good, of course. In fact the security is pretty bad! But you can for sure get inverters with multiple options for non-cloud operation.
However, for purpose of the security of the nation's power grid, I don't just need my inverter to be secure, I need pretty much everyone's inverter to be secure. If an attack bricks 95% of solar inverters, the fact the nerdiest 5% of users have their inverters airgapped won't stop the grid having a lot of problems.