Cybersecurity standards for solar inverters, batteries and electric vehicle chargers are being developed by the Australian government amid concerns some equipment could leave the nation exposed to foreign interference.
The issue emerged in two Senate estimates hearings on Monday, as home affairs and energy department officials were quizzed over the government’s use of the technology, particularly equipment from Chinese manufacturers.
The questions came months after a report from the Cyber Security Co-operative Research Centre warned internet-connected devices, including solar inverters, could introduce security vulnerabilities if not correctly regulated.
Liberal Senator Hollie Hughes questioned representatives from the energy department about whether action had been taken to secure existing solar inverters used in government properties.
“The concern is that there is the possibility for international interference in these inverters because they can be controlled from the outside,” she told the committee.
But federal energy department spokesman Martin Squire told the committee the government had established a dedicated division to look at “security issues associated with distributed energy resources” including rooftop solar technology, EV chargers, and large batteries, and would develop a set of safety standards to regulate their use.
“We commissioned Standards Australia to undertake a cyber standards mapping gap analysis and develop a road map for us,” he said.
“The second stage of the project, which we’re in the process of commencing, will look at the development of cybersecurity standards for the Australian market in particular.”
Mr Squire said the energy department would also work with the Australian Energy Market Operator to develop “technical options” to enhance security of the products, and the Department of Industry, Science and Resources to tackle “supply chain vulnerabilities”.
Liberal Senator James Paterson also questioned home affairs officials over the potential risks of solar inverters from Chinese manufacturers, including GoodWe, Sungrow, Growatt and Huawei, and their use in government properties.
“We have providers, including Huawei, which were banned from the NBN, our 4G and 5G networks, who are finding a back way into providing, not just services to the broader economy and presumably critical infrastructure providers, but also federal government services,” he told the Senate committee.
But home affairs first assistant secretary Peter Anstee said the government would investigate risks posed by a wide range of connected equipment with a view to provide guidelines for government departments, and later a framework for businesses using connected technology.
“We’re looking to build both internal to government … but also a whole-of-economy framework that will capture the whole suite of technology risks that may present,” he said.
The questions came after the report by the Cyber Security Co-operative Research Centre in August last year identified potential issues with internet-of-things devices, “notably photovoltaic inverters”.
The report recommended the development of guidelines to assess and manage cybersecurity risks “as a matter of priority”.
Jennifer Dudley-Nicholson
(Australian Associated Press)