Today’s cyber security measures will shape our energy future

Written By Tim Schier

The key questions are, ‘Are you vulnerable?’ and ‘What can you do about it?’ 

Whether we are householders, or complex commercial and industrial organisations, our critical infrastructure is the essential scaffolding of our economies. What we all know is our energy networks must be secured and protected.

However, in Australia and globally, cyber threats to our energy networks are growing. In FY2023-24, the Australian Cyber Security Centre reported that 11% of all cybersecurity incidents targeted critical infrastructure. Simultaneously, our electricity grid's attack surface continues to expand. 

In particular our Consumer Energy Resources (CER), aka rooftop solar, batteries and EVs, are growing exponentially, with one in three Australian households currently generating renewable power. And this widely distributed base is projected to continue to increase to one in two households by 2050, making up a significant percentage of overall electricity generation. ​

The good news vs. the bad news

This growth in renewables is the ‘Good News’. Renewables drive down carbon emissions, protect the planet, save us all money, and are readily available in Australia. The ‘Bad News’ is they extend our cybersecurity attack surface. 

Unlike traditional electricity network components, which operate on isolated networks, CER requires orchestration over public networks (think flexible exports and emergency backstop). As the attack surface expands and more power is managed, strong cybersecurity becomes critical.​

In key support of this, the Federal Government recently published its National CER Roadmap. It cites improving security for our rooftop solar, batteries and soon to be connected electric vehicles as a very high priority. Unfortunately these important assets are high value targets for state-based cyber espionage and organised cyber crime. 

Public Key Infrastructure (PKI) services play a key role in securing this evolving energy network by providing essential security functions including: 

  • verifying CER device identities

  • authenticating and authorising connections

  • and encrypting data. 

At SwitchDin, we firmly believe in taking a coordinated national security approach to CER PKI in line with the National CER Roadmap. The outcomes, with industry support, will accelerate CER adoption, reduce duplication across industry players, and improve security.

What can we do about it? Collaboration and a holistic approach are critical

To this end, SwitchDin has developed a future-ready PKI solution, as documented in the still very relevant Gatekeeper Public Key Infrastructure Framework. With our combined industry knowledge and CER  PKI experience, we are coordinating Distribution Network Service Providers (DNSPs) and Original Equipment Manufacturers (OEMs) onto a unified Public Key Infrastructure. This makes it easier for OEMs and a speedier onboarding for DNSPs, no matter the location. All while improving the security posture. 

In addition to the PKI Certificate Authority function, our services also include some often overlooked important elements for a properly secure system, including: 

  • Registration Authority (RA) - The gatekeeper of trust. This verifies identities before issuing certificates, preventing unauthorised devices from connecting to the network. As the number of players grows, this step is critical. Many standalone PKI/CER implementations don’t include it. By coordinating between DNSPs, we reduce the burden on the equipment manufacturers and improve security.

  • Certificate Policy (CP) and Certificate Practice Statement (CPS) - These align stakeholders and provide an auditable framework for certificate management. Aligning stakeholders, especially the OEMs that own part of the Certificate Authority trust chain, is a challenge. We’re working with them to change this, reducing their operational burden while strengthening security. 

  • Repository - A shared repository including invalid certificates and compliant device and server lists. A single process for device compliance and PKI makes integration smoother. For years SwitchDin has provided the certification platform for the Clean Energy Council (CEC) approved device list.

Under the 2030.5 standard, CER certificates last a lifetime. The security measures we put in place today will shape our future baseline. A more coordinated approach will drive faster CER adoption, strengthen security, and reduce duplication across the industry.

Contact us for advice.

Tim Schier
Previous

Energy once was simple and now it’s complex … BUT it needn’t be 
Next

The grid isn’t broken, it’s asleep