Federal energy minister Chris Bowen has called for changes to the national energy rules to bring cyber security into the remit of the Australian Energy Market Operator, as a core part of its role keeping of keeping the lights on.
In a rule change request submitted to the Australian Energy Market Commission on Friday, Bowen says cyber security has “evolved rapidly as an energy security risk and is now inextricably linked with the management of the electricity and gas systems and markets.”
Citing Russia’s targeting of energy assets in Ukraine using both military and cyber attacks, Bowen says he wants to ensure that AEMO has the authority and resources to mitigate cyber security risks and respond to incidents or vulnerabilities that could affect Australia’s power supply.
Bowen says early estimates provided by AEMO for the cost of this new role is expected to be less than $10 million a year, including an establishment cost of $6.4 million followed by another $7.4 million in the first year, and then around $5.4 million a year after that.
“This rule change request seeks to establish, at minimum, a set of functions for cyber security for AEMO within the broader context of power system security,” Bowen says.
“This will ensure AEMO has clear authority to deliver these functions and is resourced to support mitigation and management of cyber security risks in the markets it manages.
“It will also give industry and government confidence in what to expect from AEMO in terms of supporting cyber security uplift and responding to cyber incidents or vulnerabilities which have the potential to impact energy supply.”
The move to put cyber security on the radar for the market operator follows the findings of a report, last year, that the threat of cyber attacks on Australia’s energy industry and infrastructure is rising.
The annual threat report from cyber spy outfit the Australian Signals Directorate detailed a cluster of strikes on energy companies and infrastructure in 2022, in amongst the major cyber attacks on Medibank, Optus and others that dominated news headlines.
Another report in August by the Cyber Security Co-operative Research Centre identified potential issues with internet-of-things devices, “notably photovoltaic inverters.”
Concern about Australia’s huge uptake of rooftop solar systems using inverters predominantly made in China has been a particular Coalition bugbear, leading to regular claims it exposes the nation to “potentially catastrophic” cyber attacks.
“We cannot afford for our electricity grid to be riddled with exploitable cyber security vulnerabilities in the most dangerous strategic environment since World War II,” said the Coalition’s home affairs spokesperson James Paterson told Sky News last year.
“Smart inverters are internet-connected devices that can be controlled remotely over the internet, and are overwhelmingly supplied by manufacturers with links to the Chinese Communist Party,” he said.
“We know that critical infrastructure networks like power are of great interest to signals intelligence agencies in foreign authoritarian states, including China.”
But as was last year clarified by Grace Young – chief innovation officer at WattWatchers and one of the experts cited in a “fact sheet” distributed on the subject by Paterson – while cyber security in distributed energy is a concern, it’s not something that should be stopping progress towards renewables.
“There’s plenty that’s being done and there’s plenty to do – we need to be ever vigilant, but it should definitely not be something that stops requires us to stop,” Young told RenewEconomy in July.
“We are looking at mandated control mechanisms for solar over the next 18 months or so across the eastern seaboard – we’re not looking at an imminent threat.
“We need to be vigilant, because these systems are being developed with a 10-year horizon. But right now, we need, more, to offset the potential for disruption and increase resilience of the network [through renewables].”
Young also stresses that the shift to distributed energy resources has, in no small part, been driven by the need to create a much more resilient grid, particularly as climate change brings more unpredictable weather extremes.
“An islandable microgrid or an islandable feeder is far more resilient a sub-system … and means that the overall grid can be more stable if one segment goes offline or one segment is interrupted.”