- Sydney-listed Energy One has been targeted in a cyberattack, with the company confirming that “certain corporate systems in Australia and the United Kingdom” were affected.
Energy One, which specializes in energy trading software, said in a statement that it “took immediate steps to limit the impact of the incident,” including disabling “some links between its corporate and customer-facing systems.” It said that it has alerted the Australian Cyber Security Centre and UK authorities of the breach. It noted that “analysis is underway to identify which, if any, additional systems may have been affected by the cyberattack.”
The attack comes after the government-backed Cyber Security Cooperative Research Centre (CSCRC) raised concerns that Australia’s use of foreign-made solar panel technology, notably inverters, has made the country susceptible to targeted cyberattacks that could undermine the stability of power grids. In a new report, the CSCRC said that the cyber risks associated with solar inverters has increased as the popularity of smart home energy systems has boomed, with most inverters now web connected for monitoring and control purposes.
The CSCRC said that as the number of homes with solar systems continues to increase, the risk associated with inverters continues to grow with the devices vulnerable to a range of cyber intrusions including “hacking, malware attacks, manipulation and disruption.”
“As internet-connected devices they collect and distribute valuable data and are attractive targets for malicious cyber actors,” the research body said. “In the case of photovoltaic inverters, which play an increasingly vital role in Australia’s power supply, the potential ramifications could be catastrophic.”
“Conceivably such attacks could be so severe that they result in a ‘black start’ event, an effective restarting of a power grid,” she said. “It could take a week to recover from a black start because power plants would be incapable of turning back without reliance on an auxiliary power source.”
The CSCRC has recommended a raft of policy solutions, saying Australia needs to take a more hands-on approach to regulation of cyber security, especially as it relates to the security of critical infrastructure.
The CSCRC said is calling for cyber security impact assessments for all solar inverters sold in Australia and the introduction of mandatory cyber security ratings for solar inverters. It also declared that any inverters assessed as having serious cyber security vulnerabilities should be removed from sale and recalled from use, or appropriate security fixes should be applied if available.
“There is an opportunity to embed cyber security considerations into mandatory standards that solar inverters sold in Australia should be required to meet,” it said.
Author: Dave Carrol
This article was originally published in pv magazine and is republished with permission.
