Cyber Vulnerabilities Identified in Australia’s Rooftop Solar Systems

Written by staff writer.

Senator James Paterson, the Shadow Minister for Home Affairs and Cyber Security, is warning that over half of the internet-connected photovoltaic (solar) inverters now installed on rooftops around Australia could be weaponised by unfriendly nation-states.

A solar inverter converts the energy output from solar panels into a usable electricity form. The inverter is essential in every solar panel installation across Australia, including residential solar systems.

Paterson told Sky News on the weekend that 58% of the internet-connected solar inverters installed in Australia come from companies headquartered in China, which are subjected to China’s national intelligence laws and can be compelled to assist the work of Chinese intelligence agencies.

“These solar inverters could be weaponised against Australia,” he said. “The threat comes in two ways. Firstly, the inverters could be destabilised through cyber vulnerabilities, which would take out power to homes and businesses. Secondly, if enough of them are connected to the grid, they could be used to destabilise our entire electricity grid, destabilising the whole country or whole regions of the country.”

Over three million (or 30%) Australian households have solar installations on their roofs. It is the fastest-growing power generation type in the country, accounting for approximately 10% of all power generated.

Paterson also used the media interview to attack the current Australian government, saying that while they were aware of the risk and had talked about it, the government had done little to mitigate it. Paterson says the push to increase the role of renewable energy sources in Australia will “massively exacerbate the risk.”

Claire O’Neil, the incumbent Minister for Home Affairs and Cyber Security, says the government is working to remedy a broad range of cyber threats to the economy, including those left unaddressed while Paterson’s (Liberal-National) party was in power and he was Chair of the Parliamentary Joint Committee on Intelligence and Security.

Chinese manufacturers have captured around 70% of the world’s solar inverter market, with Huawei, GoodWe, and Sungrow among the most prominent players. Last week, Perth’s Cyber Security Cooperative Research Centre also flagged the cyber threat, saying tampering with Australia’s power supply had potentially catastrophic ramifications, including threats to national security, economic prosperity, and individual citizens.

“Solar inverters are now web-connected for monitoring and control purposes,” the Centre’s report reads.” In turn, this has increased the cyber attack surface of solar systems and, as internet-connected devices, solar inverters are vulnerable to a range of cyber intrusions, including hacking, malware attacks, manipulation and disruption. As the number of homes with solar systems continues to increase, the risk associated with solar inverters continues to grow.”

The Centre notes that agencies and governments in the United States, European Union, and the United Kingdom have all implemented or are about to implement rules and regulations to help manage and govern the cyber risks to operational IoT devices such as solar inverters.

The report recommends assessments be conducted on all solar inverters sold in Australia, with identified vulnerabilities requiring remediation. The report also says cyber security ratings should be introduced for solar inverters and IoT devices more generally, as well as recommending solar inverters with identified serious cyber vulnerabilities be banned from retail sale in Australia.