Identification, Key Management and Trust for Inverters for Distributed Energy Resources
Purpose of project
All new inverters in Australia and New Zealand have been mandated to possess internet connectivity to comply with the Australian standard AS4777.2:2020 since December 2021. This connectivity significantly expands the cybersecurity attack surface for inverters and exposes them to potential threats from criminal activities, professional hackers, opportunistic or automated hacks and even nation-state controlled activities. Consequently, it becomes imperative to continually assess the risks associated with the compromise of these devices while ensuring the integrity and accuracy of the data received from these inverters. This is vital for the efficient and effective operation of grids that incorporate distributed energy resources.
The knowledge possessed by network operators about inverters is often inadequate for accurately estimating these risks. Inverters operate outside the security perimeter of network operators. Although encryption and authentication can safeguard against communication-based attacks, they provide limited defence against threats that exploit compromised inverters. Therefore, this project proposes the implementation of additional methods, including reliable identities, up-to-date software/firmware versions, and security metadata. These methods aim to facilitate more precise risk assessments and ultimately enhance the trustworthiness of inverters.
The objective of this project is to develop a distributed framework for device identity management and status information, empowering network operators and virtual power plant (VPP) operators to establish secure communication and maintain ongoing compliance with security requirements
Impact of project
2.86 million solar systems were installed in Australia by mid-2021, which implies a significant number of inverters that can potentially disrupt the grid, given the possibility of exisitng vulnerabilites. The secure design can thwart these potential threats. Successful completion of this project will contribute to the improvement of overall security of DER integration processes through inverters in the VPP context.
Elevated security, improved trust and transparency allows network operators to utilise DER in more efficient ways and reduces expenditure on security, which can be translated into cost savings.
Project partners – industry and research
Monash University (Lead), Selectronic
Industry Reference Group members
AEMO, Australian National University (ANU), Selectronic, Synergy, Western Power