When the sun beats down on your solar panels it’s providing you with beautiful, clean energy. But a cyber security agency warns that hackers could use those panels to bring down the power grid.
The warning was issued by the Cyber Security Cooperative Research Centre (CSCRC), an independent security assessment organisation.
How could solar panels be a cyber security risk?
First, solar panels have been developed to the point where they are now ‘smart’. Not quite ‘AI’ smart (yet) but smart in that new ones are all internet connected. And with internet connection come security vulnerability.
Second, like many things in today’s world, the majority of solar panel components are made in China. That includes what’s known as a solar inverter. In simple terms a solar inverter converts the direct current output of a solar panel into alternating current. That AC current can then be used by a local, off-grid electrical network or fed into a commercial electrical grid.
In terms of cyber security, you can probably see where this is heading. Solar inverters made in China, installed across Australia, connected to the world wide web. In the words of today’s young’uns, ‘What could possibly go wrong?’
The CEO of CSCRC, Rachael Falk, answers that question: “While an attack on one home solar system would not impact the grid, scaled, targeted simultaneous attacks could be catastrophic, resulting in a ‘black start’ event.”
A black start event is one in which power plants are unable to turn back on without an auxiliary power source. “This could bring down an entire power grid,” says Ms Falk, “and it could take a week to recover.”
“Traditionally, cyber risk with solar inverters was low because they were not connected to the internet,” Ms Falk explained. But with a boom in smart home energy systems, most solar inverters are now web connected, she said.
How do we protect the system?
Clearly, dealing with these cyber security threats won’t come down to individual Australians. The CSCRC says a three-pronged approach is required.
First, it recommends cyber security impact assessments for all solar inverters sold in Australia. Chances are those inverters will come from China, with Beijing now providing 76 per cent of the global supply.
Second, the CSCRC recommends the introduction of mandatory cyber security ratings for solar inverters.
Third, solar inverters assessed as having serious cyber security vulnerabilities should be removed from sale and recalled from use. Alternatively, appropriate security fixes should be applied if available.
These recommendations form part of a newly released CSCRC report, ‘Power Out? Solar Inverters and the Silent Cyber Threat’. The report was co-written by Ms Falk and Anna-Louise Brown, director of policy at CSCRC.
There’s little that individual Australians can do to thwart a solar panel cyber security breach. The onus is on the government to assess and act on the recommendations made by the CSCRC, which is, after all, a government-funded organisation.
Do you have solar panels? Were you aware of the potential cyber security threat posed by solar inverters? Let us know via the comments section below.
Also read: Explained: Solar hot water
So true When you think i can now read my smart meter on my smart phone to watch my smart panels make power, I bet someone in China can also