Demand side cyber security threats to Australia’s renewable energy transformation
Barely a day goes by without some front page news about the energy crisis, a coal fired generator being closed early or new records in renewable generation being broken. The rapid consumerisation of generation and the two way market is the kodak moment for the Australian energy sector. From a climate change and carbon footprint perspective, this is great news! But like all innovation at speed – there are risks.
Consumer energy installations, also known as demand side generation - are the future of Australia's power system. These distributed energy resources (DER) are either smart, networked devices themselves or operated by a smart device.
The traditional energy system has historically operated as a closed environment – mature, technically capable actors, with their infrastructure behind fenced or walled private property, systems connectivity using proprietary communications protocols over private networks.
DERs have almost entirely the opposite characteristics to the traditional energy system. DER’s are for the most part, purchased (or leased) by members of the public, installed in a public, untrusted environment (i.e. your roof) and are primarily communicating over the public Internet. Like all consumer grade technology - breadth of features and speed to market rule the roost, unfortunately meaning that security measures are often an after thought.
As the energy sector faces the largest fundamental change of its existence, we will explore the top cyber security threats that could impact this new model and the most pragmatic ways to address them. Additionally, we will cover the standards that are being developed locally and internationally to help bring consistency and interoperability to the DER cyber security environment.
Dave describes himself as a pragmatic security delivery professional. Starting out as a developer he was drawn into security auditing back when dotcoms were the speculative investment du jour and caught the bug – getting into project management and subsequently architecting security solutions in the banking and energy sectors, including the Australian Energy Market Operator (AEMO).
Dave assisted in the formation of the Australian DER cyber security working group and has run an initiative with MITRE on the wider topic of demand side threats and mitigants in the energy sector. He has presented previously at the AISA cyber conference, Auscert, IoT Festival and internationally for the global power systems transformation consortium (G-PST).