Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Australia plans defences against Chinese cyber attacks on the solar grid

In light of concerns regarding the security of the nation’s energy grid, Australia has begun actively formulating strategies to counter the potential risk of a cyber assault on its rooftop solar network.

user icon Daniel Croft
Wed, 25 Oct 2023
Australia plans defences against Chinese cyber attacks on the solar grid
expand image

As part of its transition away from coal power, Australia has found itself to be the largest adopter of rooftop solar panels in the world. This, however, has presented the nation with a major security threat, as the majority of solar inverters used in Australia are manufactured in China and have an internet connection.

China’s international intelligence laws would require Chinese solar inverter manufacturers to conduct surveillance and espionage on behalf of Beijing if ordered to do so. A cyber attack from China could also result in a large portion of the Australian power grid being disabled.

Having been advised by industry experts earlier in the year, the Australian government has said it has begun devising measures to keep the nation’s energy grid safe from cyber attacks.

============
============

Speaking at Senate estimates, Martin Squire of the Department of Climate Change, Energy, the Environment and Water said that the government is “well aware of the concerns about [the] potential for state actors and other to misuse rooftop inverters”.

“In the October 2022 budget, the department received funding to enable us to do some work around developing standards to secure, or to better secure, rooftop inverters in terms of the cyber security for those particular inverters. That work is ongoing,” Squire said.

Responding to Senator Hollie Hughes discussing the way in which Australia had previously banned mobile phone and network infrastructure manufacturer Huawei from its 5G network for its threat to national security, the secretary of the Department of Climate Change, Energy, the Environment and Water, David Fredericks, affirmed that while it was in early discussions with the Australian Energy Market Operator (AEMO) about a potential solution in the event of a cyber attack, he needed to remain tight-lipped.

“The issue is critical. Government has given us extra resources. We are working with AEMO and Home Affairs, but we can’t say much more,” said Fredricks.

The issue of solar panels presenting a security issue was raised earlier in the year by the Cyber Security Cooperative Research Centre (CRC).

Cyber Security CRC chief executive Rachael Falk said that the threat presented by foreign-manufactured solar inverters is a recent one, as only recent models are internet-connected due to increased interest in smart home technology.

“Traditionally, cyber risk with solar inverters was low because they were not connected to the internet,” said Falk.

“However, as the popularity of smart home energy systems has boomed, this has changed, with most solar inverters now web connected.”

Falk continued to say that an attack on the solar grid could spark a “black start” event, which could result in the entire power grid going down.

“While an attack on one home solar system would not impact the grid, scaled, targeted simultaneous attacks could be catastrophic, resulting in a ‘black start’ event.

“In a black start event, power plants are incapable of turning back on without reliance on an auxiliary power source, like a generator or battery.

“This could bring down an entire power grid, and it could take a week to recover,” she said.

The CRC has recommended that the government assess the cyber security impact of all solar inverters and assign them ratings.

Furthermore, those that are found to present serious cyber risks should have security fixes applied, or banned where this is not possible.

“Inverters assessed as having serious cyber security vulnerabilities should be removed from sale and recalled from use, or appropriate security fixes applied if available,” said the CRC.

Australia has cracked down on Chinese hardware in the past, with shadow cyber security minister James Paterson launching an audit on the use of Chinese drones and cameras in government departments.

The audit found that the government owned a total of 3,114 devices created by Chinese manufacturer DJI, mostly including cameras and drones but also batteries and gimbals.

These DJI products have been blacklisted in the US for their use of technology linked to the People’s Liberation Army, the military wing of the CCP.

“DJI is also deemed to be complicit in human rights abuses against the Uyghur people in Xinjiang,” said Paterson in a media statement issued on 5 July.

It was found that 38 government departments and agencies used DJI devices, with Climate Change and Energy having 82 devices, Foreign Affairs and Trade owning 15 devices, and the Department of the Prime Minister and Cabinet with six devices.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.