Sydney-listed Energy One has been targeted in a cyberattack, with the company confirming that “certain corporate systems in Australia and the United Kingdom” were affected.
Energy One, which specializes in energy trading software, said in a statement that it “took immediate steps to limit the impact of the incident,” including disabling “some links between its corporate and customer-facing systems.” It said that it has alerted the Australian Cyber Security Centre and UK authorities of the breach. It noted that “analysis is underway to identify which, if any, additional systems may have been affected by the cyberattack.”
The attack comes after the government-backed Cyber Security Cooperative Research Centre (CSCRC) raised concerns that Australia’s use of foreign-made solar panel technology, notably inverters, has made the country susceptible to targeted cyberattacks that could undermine the stability of power grids. In a new report, the CSCRC said that the cyber risks associated with solar inverters has increased as the popularity of smart home energy systems has boomed, with most inverters now web connected for monitoring and control purposes.
The CSCRC said that as the number of homes with solar systems continues to increase, the risk associated with inverters continues to grow with the devices vulnerable to a range of cyber intrusions including “hacking, malware attacks, manipulation and disruption.”
“As internet-connected devices they collect and distribute valuable data and are attractive targets for malicious cyber actors,” the research body said. “In the case of photovoltaic inverters, which play an increasingly vital role in Australia’s power supply, the potential ramifications could be catastrophic.”
While individual attacks wouldn’t affect the grid more broadly, CSCRC Research Director Helge Janicke said a widespread attack could destabilize an entire power grid, leading to widespread blackouts.
“Conceivably such attacks could be so severe that they result in a ‘black start’ event, an effective restarting of a power grid,” she said. “It could take a week to recover from a black start because power plants would be incapable of turning back without reliance on an auxiliary power source.”
The CSCRC has recommended a raft of policy solutions, saying Australia needs to take a more hands-on approach to regulation of cyber security, especially as it relates to the security of critical infrastructure.
The CSCRC said is calling for cyber security impact assessments for all solar inverters sold in Australia and the introduction of mandatory cyber security ratings for solar inverters. It also declared that any inverters assessed as having serious cyber security vulnerabilities should be removed from sale and recalled from use, or appropriate security fixes should be applied if available.
“There is an opportunity to embed cyber security considerations into mandatory standards that solar inverters sold in Australia should be required to meet,” it said.
This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: editors@pv-magazine.com.
2 comments
By submitting this form you agree to pv magazine using your data for the purposes of publishing your comment.
Your personal data will only be disclosed or otherwise transmitted to third parties for the purposes of spam filtering or if this is necessary for technical maintenance of the website. Any other transfer to third parties will not take place unless this is justified on the basis of applicable data protection regulations or if pv magazine is legally obliged to do so.
You may revoke this consent at any time with effect for the future, in which case your personal data will be deleted immediately. Otherwise, your data will be deleted if pv magazine has processed your request or the purpose of data storage is fulfilled.
Further information on data privacy can be found in our Data Protection Policy.