New Standards to Target Security of Connected Rooftop Systems, Solar Inverters
The Australian government is close to introducing standards to shore up the security of the down under country’s fast-growing solar market amid reports that Chinese state-sponsored hackers might target internet-connected solar inverters and cause blackouts.
Government and private sector researchers have raised concerns about the cybersecurity vulnerabilities of rooftop inverters, which convert the energy collected by solar panels into usable electricity for homes and businesses. China dominates the Australian solar market, supplying 58% of all inverters – another concern of lawmakers.
Australia is pushing a major expansion of solar energy in a bid to convert 82% of its power to renewable sources by 2028. The effort requires the installation of more than 22,000 500-watt solar panels every day, according to a government report shared Monday.
An official with the Department of Climate Change, Energy, the Environment and Water told told the Senate Environment and Communications Legislation Committee in a Monday hearing that he expects a final standards assessment report soon from Standards Australia, which was hired to study risks associated with the fledgling industry.
“That work is on track,” said Martin Squire, branch head for energy security at the Department of Climate Change, Energy, the Environment and Water. “Standards Australia are currently in the process of finalizing that report for the department, and then we’ll be in a position to move forward with a standards development proposal with Standards Australia in terms of additional cyber standards for rooftop inverters.”
Vulnerable to Cyberattacks
Australia’s Cyber Security Cooperative Research Center in August advised the government to assess the cybersecurity risks associated with Internet-connected solar inverters, conduct cybersecurity impact assessments of all solar inverters sold in the country, and mandate cybersecurity ratings for solar inverters.
The center relied on a U.S. government report that highlighted the top cybersecurity risks associated with connected solar inverters, including the possibility of attackers injecting malware in a system and spreading it broadly across distributed energy resources.
“The heightened cyber-physical interdependence between the electric grid and DERs allows attackers more ways to pivot between distribution resources and propagate to critical resources, which could lead to data loss or total operation failure. If vulnerabilities are not addresses, DERs could potentially serve as attack vectors for the distribution grid,” the report said.
Researchers at the University of New South Wales in simulated cyberattacks on solar inverters intercepted home energy management systems, turned off inverters, cut energy supply, and blocked owners’ access to solar inverters, CSCRC said.
Australian cybersecurity experts and ministers also have voiced concern over the country’s reliance on internet-connected devices made in China. “Almost 60% of Australia’s smart inverters are supplied by Chinese manufacturers including Sungrow, GoodWe and Huawei – all of whom are subject to China’s national intelligence Law,” said Senator James Paterson, the shadow minister for home affairs and cybersecurity. China can apply the law to force these companies to spy on or sabotage the systems, he fears.
Squire said the development of standards could be a complicated process, considering that one-third of Australian households already have rooftop solar panels installed. The department is working with the Australian Energy Market Operator, which manages the national electricity market, and the Department of Home Affairs to strengthen this area of critical infrastructure.
“We’re in early-stage discussions with the Australian Energy Market Operator about a potential technical solution that could be applied in the event that there is a successful cyberattack on rooftop inverters to restore functionality and stability to the grid,” Squire said.