Australia’s power grid increasingly vulnerable to hackers via solar panels and smart devices
The widespread adoption of rooftop solar panels and smart appliances increases the risks of cyberattacks on Australia’s power grid.
- Security experts fear Australia’s power grid is becoming increasingly vulnerable to cyberattacks
- They say smart appliances and rooftop solar could be targeted by criminal hackers and state-backed
- Concerns come amid heightened expectations of cyber warfare as Russia’s invasion of Ukraine intensifies
Russia’s invasion of Ukraine has heightened fears that Moscow could wage war in cyberspace as it seeks to retaliate against the West over massive and unprecedented economic sanctions.
Two of Australia’s top cybersecurity advisers said the power grids of Russia’s adversaries would be firmly in sight in any attack and Australia was not immune.
Their comments came amid warnings that Australia’s embrace of rooftop solar and technologies that communicate with the grid via the internet could make the country more vulnerable to hackers.
One of Australia’s top energy regulators has recognized the need for power grids to increase spending on cybersecurity to help protect the grid.
Alastair MacGibbon, chief strategy officer at consultancy CyberCX and a former cybersecurity adviser to the federal government, said the risks increased as the power system became more complex.
Cyber risks for the network are “catastrophic”
“The more connected you are, the more important cybersecurity is,” MacGibbon said.
“We rely on these connected devices that make up our society to operate to the point where there would literally be potential loss of life, potential catastrophic cascading effects on the very functioning of society if we don’t get the cybersecurity right.
“It sounds like a falling sky type statement.
“But that’s just a reality when our transportation, our electricity, our water, our banking, the way we communicate with each other, literally the way everything works, relies on a connected device.”
Last year, Queensland power generator CS Energy was nearly brought to its knees after Russian hackers hit the company with a devastating ransomware attack.
Such attacks involve hackers infiltrating a company’s computer systems and threatening to destroy or withhold critical information unless victims pay a ransom.
“Astonishing” frequency of attacks
Cyber Security Cooperative Research Center chief executive Rachael Falk said the attack on CS Energy was a serious incident that nearly disabled electricity supplies in one of Australia’s largest states.
But she said it was far from isolated.
“It’s a common story,” Ms Falk said.
“Ransomware is one of the biggest threats we have to our organizations right now and we know that electrical and industrial companies in particular are a prime target.
According to Falk, one of the most common ways hackers gain access to a company’s systems is by sending “phishing” emails, which can be disguised as invoices or notifications.
She said cybercriminals are becoming increasingly sophisticated in their design of phishing emails.
They also became more agile.
“Cybercriminals are very adaptable,” Ms. Falk said.
“During COVID, we have seen a rapid spike in imitation of official government emails, for example about JobKeeper or JobSeeker.
“Within hours they had pivoted to mimic, and very convincingly mimic, official government emails with decoys…in order to fool people.”
Expenses to go through the microscope
In Western Australia, the issue of cybersecurity should be subjected to a critical regulatory test.
The state’s economic watchdog, the Economic Regulatory Authority (ERA), is set to assess the latest five-year spending plans for Western Power, which serves more than two million people.
ERA chairman Steve Edwell said the need for increased cybersecurity spending by power companies was “indisputable” given the obvious and high risks of attacks.
Mr Edwell, the first chairman of the Australian Energy Regulator, said most people would be “flabbergasted” to know how often power grids were hit by cyberattacks.
And he noted that legislation currently before federal parliament would formalize requirements for electricity providers to bolster their cyber defenses.
“I seriously doubt there’s a board or network company in the country that doesn’t rank cybersecurity among its top risks.
“And the network companies that I know have been on this for a number of years.
“Beyond this legislation, cyber risk to power grid companies as I understand it is a clear and present danger.
“Anyone doing business electronically – and let’s face it, just about every modern business does – is subject to a cyberattack.”
Households are unwitting targets
Mr Edwell said the rapid adoption of solar and smart appliances, such as internet-enabled refrigerators and air conditioners, had been a boon to consumers, lowering bills and giving them greater autonomy over their needs.
Still, he said there were downsides from a security perspective, noting that homes had potentially become entry points through which hackers could infiltrate the network.
“So here in WA…we have [one] third of households now equipped with solar energy [photovoltaic cells],” he said.
“You have these two-way workflows in the system.
“The challenge facing network companies is now much greater than in the past.
“And the way they do it is to digitize, to automate.
“The more you have, the more your system is open to cyberattacks.
“We now have inverters in…households in and around Perth, all ultimately speaking to the grid company.
“That’s where the risk comes in.”
Electricity bills ‘don’t need to go up’
With electricity distribution and transmission accounting for around 40% of the typical bill, Edwell said he was acutely aware of the financial implications of increased cybersecurity spending.
But he argued that it was imperative to guard against the potential security risks of new technologies while allowing the full benefits of cheap solar power and smart appliances to be reaped.
“The issue for us is when it happens and if it’s prudent spending,” he said.
“It does not necessarily follow that if there are large expenditures across the country, electricity consumers will pay for all of these expenditures.
“One of the benefits of the transformation system is that it gives network companies the ability to replace traditional poles and cables with smarter, less expensive technological substitutes.”
Mr MacGibbon agreed and said it was no longer tenable for cybersecurity to be an afterthought.
“If there are people out there who don’t believe cybersecurity is a risk, unfortunately they’re just dreaming these days,” he said.