| Work Detail |
Sydney-based wholesale energy software provider Energy One has suffered a data breach, just days after an Australian government-funded research body warned of potential cyber risks to the countrys energy grids due to foreign-made solar technologies.
The company Energy One, which is listed on the Sydney Stock Exchange, has been the target of a cyberattack and has confirmed that “some corporate systems in Australia and the United Kingdom” have been affected.
Energy One, which specializes in energy trading software, said in a statement that it "took immediate steps to limit the impact of the incident," including disabling "some links between its corporate and customer-facing systems." It has also alerted the Australian Cybersecurity Center and the British authorities about the leak. It noted that "analysis is underway to identify what, if any, additional systems may have been affected by the cyberattack."
The attack comes after the government-backed Cooperative Cyber ??Security Research Center (CSCRC) raised concerns that Australias use of foreign-made technology for solar panels, investors in particular, has made the country susceptible to targeted cyberattacks that could undermine the stability of electricity grids. In a new report, the CSCRC says that cyber risks associated with solar inverters have increased with the rise in popularity of smart home energy systems, with most inverters now connected to the grid for monitoring purposes. And control.
The CSCRC said that as the number of homes with solar systems continues to rise, the risk associated with inverters continues to grow with devices vulnerable to a range of cyber intrusions including "hacking, malware attacks, tampering and disruption."
“As Internet-connected devices, they collect and distribute valuable data and are attractive targets for malicious cyber-agents,” the research body states. "In the case of photovoltaic inverters, which play an increasingly vital role in Australias electricity supply, the potential ramifications could be catastrophic."
Although individual attacks would not affect the grid as a whole, CSCRC Research Director Helge Janicke said a widespread attack could destabilize an entire power grid and cause widespread blackouts.
“It is conceivable that such attacks would be so severe that they trigger a black boot event, an effective restart of a power grid,” he said. “It could take a week to recover from a blackout, because power plants would be unable to restart without resorting to an auxiliary power source.”
The CSCRC has recommended a number of policy solutions, saying Australia needs to take a more hands-on approach to regulating cybersecurity, especially as it relates to critical infrastructure security.
The CSCRC calls for all solar inverters sold in Australia to be assessed for the cybersecurity impact and for mandatory cybersecurity qualifications for solar inverters to be introduced. It also stated that any inverters found to have serious cybersecurity vulnerabilities should be removed from sale and removed from use, or appropriate security fixes should be applied if available.
“There is potential to include cybersecurity considerations in the mandatory standards that solar inverters sold in Australia must meet,” he said. |
