A third of homes in Australia now have rooftop solar panels
zstockphotos/iStockphoto/Getty Images
Power grids around the world are increasingly under threat from cyberattacks because of the vulnerabilities of home solar installations.
As distributed energy resources like rooftop solar become more prevalent, grids are increasingly reliant on smart inverters, which manage connections to local power networks.
“While these technologies offer many benefits, they also introduce new operational and cybersecurity challenges,” says Sid Chau at CSIRO, an Australian government research agency.
Smart inverters convert the direct current produced by solar panels into the alternating current needed to power appliances. They also optimise energy storage and enable remote monitoring via the internet.
These web connections mean they pose a threat not just to home solar systems, but also to the wider power-generation network, Chau and his colleagues warn.
The team identified multiple ways that smart inverters could be hacked, including exploitation of the security flaws in the physical hardware and software of smart inverters. Malicious actors could trick users into granting excessive permissions for apps connected to the inverter or work with manufacturers to embed malicious code into the hardware.
Chau and his colleagues only modelled the threat from inverters in Australia, where around a third of homes have rooftop solar. But the situation is similar for power grids throughout parts of the world where private solar systems are becoming more common.
While any attack would require careful orchestration and planning, the researchers found that, if vulnerabilities align, relatively few solar smart inverters would need to be hacked to cause disruption.
Once the smart inverter has been compromised, hackers can then mount coordinated attacks on the broader power grid, according to the researchers.
Of particular concern are attacks targeting the frequency control of the power grid. In Australia and Europe, the grid frequency needs to stay close to 50 hertz. While there are mechanisms in place to protect the grid, any deviation away from this can lead to cascading power-system failures.
Compounding the risk, many inverters have extremely long lifespans, of over 15 years, meaning their cybersecurity defences can easily become outdated.
Chau says authorities need to have better oversight of private inverters so they can quickly override them if suspicious activity is detected.
He also says there needs to be long-term support for owners and compliance checking to ensure smart inverters meet cybersecurity and maintenance requirements.
Zubair Baig at Deakin University in Melbourne, Australia, says the security validation of all imported inverters is a must.
“As these devices are not manufactured locally, there’s always a chance of pre-configuration of inverter chips and firmware with malware that could be waiting for a trigger to detonate and to cause current fluctuations, permanent equipment damage and grid disruption,” says Baig.
Ernest Foo at Griffith University in Brisbane, Australia, says critical infrastructure is vulnerable to cyberattack because of its legacy design and components.
“With the help of a bigger uptake of distributed photovoltaics and perhaps with the use of machine learning and AI, cyberattack is more likely than previously thought,” he says.
Topics:
