The widespread adoption of rooftop solar panels and smart appliances is increasing the risks of cyber attacks on Australia’s electricity grid.
Russia’s invasion of Ukraine has heightened fears Moscow could take the war into cyberspace as it seeks to retaliate against the West over massive and unprecedented economic sanctions.
Two of Australia’s top cyber security advisors said the electricity networks of Russia’s adversaries would be firmly in sight as part of any attack and Australia was not immune.
Their comments came amid warnings that Australia’s embrace of rooftop solar and technologies that communicate with the grid through the internet could make the country more vulnerable to hackers.
One of Australia’s leading energy regulators acknowledged the need for electricity networks to boost spending on cyber security to help safeguard the grid.
Alastair MacGibbon, the chief strategy officer at consultancy CyberCX and a former cyber security advisor to the federal government, said the risks were growing as the electricity system became more complex.
Cyber risks to grid ‘catastrophic’
“The more connected you are the more important cyber security is,” Mr MacGibbon said.
“We rely upon those connected devices that make up our society to function to the point now where there would literally be potential loss of life, potential catastrophic, cascading effects on the very functioning of society if we don’t get cyber security right.
“That sounds like a sky-is-falling type of statement.
“But it’s just a reality when our transport, our power, our water, our banking, the way we communicate with each other, literally the way everything functions, relies on a connected device.”
Last year, Queensland electricity generator CS Energy was almost brought to its knees after criminal Russian hackers hit the company with a devastating ransomware attack.
Such attacks involve hackers infiltrating a company’s computer systems and threatening to destroy or withhold critical information unless the victims pay a ransom.
Frequency of attacks ‘astonishing’
Cyber Security Cooperative Research Centre chief executive Rachael Falk said the CS Energy attack was a serious incident that almost disabled electricity provision in one of Australia’s biggest states.
But she said it wa far from isolated.
“It is a common story,” Ms Falk said.
“Ransomware is one of the biggest threats we have at the moment to our organisations and we know that particularly electricity and industrial companies are a main target.
“It’s the equivalent of having a tsunami through your business — it’s ruined everything, there is nothing left untouched, it’s devastating.”
According to Ms Falk, one of the most common ways for hackers to get into a company’s systems was through “phishing” emails, which might be disguised as bills or notifications.
She said cyber criminals were becoming increasingly sophisticated in their design of phishing emails.
They were also becoming more nimble.
“Cyber criminals are very adaptable,” Ms Falk said.
“During COVID, we saw a quick spike in mimicking official government emails, say about JobKeeper or JobSeeker.
“Within hours they had pivoted to mimic, and very convincingly mimic, official government emails with lures … in order to dupe people.”
Households are unwitting targets
Mr Edwell said the rapid uptake of solar and smart appliances, such as internet-enabled fridges and air conditioners, had been a boon for consumers, lowering bills and giving them greater autonomy over their needs.
Nevertheless, he said there were downsides from a security point of view, noting that households had potentially become entry points through which hackers could infiltrate the network.
“So, here in WA … we’ve got [one] third of households now with solar [photovoltaic cells],” he said.
“You have these two-way flows of generation back into the system.
“The challenge that network businesses have now is much greater than in the past.
“And the way they do that is to digitalise, automate.
“The more you have of that, the more your system is open to cyber-attack.
“We now have inverters in … households in Perth and surrounds all ultimately talking to the network business.
“That’s where the risk comes in.”