Key points
- Protecting Australia’s energy data is everyone’s responsibility.
- Small adjustments made in your home or workplace can have a significant impact on your data security and the security of the grid.
- We are researching ways to better protect the security of our nation’s energy data.
Technology is not just revolutionising our lives, but also our energy sector.
The rise of smart appliances, solar inverters, and smart meters offers convenience and efficiency but also brings new challenges, particularly concerning data security. In Australia, safeguarding against these risks isn't just about personal privacy. It's also about protecting the integrity of our energy infrastructure and ensuring the safety of our nation.
Our Smart Energy Mission (SEM) and the Critical Infrastructure Protection and Resilience Mission (CIPR) are spearheading efforts to tackle these challenges head-on.
SEM is specifically focusing on enabling Australia’s next generation of integrated and customer-centric energy systems. Meanwhile, the CIPR Mission addresses the combined risks to critical infrastructure from overlapping threats across interconnected sectors.
For example, a cyclone can cause severe flooding that cuts off roads and bridges. This not only affects the supply chain but also the energy supply, mobile phone reception and essential services such as urgent medical supplies.
By fostering collaboration between these two missions, we aim to enhance sector resilience from within the energy sector. This will also cascade down to other critical infrastructure sectors within Australia.
Understanding the risks
Smart meters, inverters and appliances can provide a wealth of data about household activities and energy usage.
Each one also has potential vulnerabilities. Individually compromised devices can harm the security of your home. But if many are affected at once, they could disrupt the power grid and have a cascading effect on other essential services. This would lead to larger-scale problems that affect multiple critical infrastructure sectors.
These risks are real, but the SEM and CIPR Missions are working towards solving these national-level problems.
A collaborative approach
Dr Carolyn Huston is a statistical machine learner and SEM’s Digitalisation lead. Dr Marthie Grobler is a human-centric security specialist and the CIPR mission lead. By bringing together experts like this, we are developing holistic solutions to support innovation and address emerging digital threats that can cause risks and hazards.
In the digital space, the CIPR Mission is examining cybersecurity risks within a broader framework. This framework addresses various, simultaneous hazards converging on interdependent critical infrastructure sectors and their essential services. Essentially, this means multiple hazards occurring at the same time can impact interconnected sectors and services.
Meanwhile, SEM is focusing on how digital technology is affecting the transition in the energy sector. Together, they're joining forces to tackle one of Australia’s major challenges: staying ahead in the digital energy transformation while ensuring safety and security.
Data security in a changing landscape
The energy sector has numerous connections with other industries and handles a wealth of sensitive user data. In this context, ensuring data security becomes paramount.
Carolyn explained that many people assume that the best approach to protect data against potential threats is to follow strict compliance measures. However, this approach can hinder innovation and become obsolete as technology evolves.
“This is particularly problematic in the rapidly changing energy sector, where new technologies and companies are constantly emerging, and established players are exploring new ways of deploying and operating technologies," Carolyn said.
Marthie suggested conducting risk assessments throughout the energy system to pinpoint weaknesses and enhance privacy and security measures.
“You need to determine if the data collected are truly essential for business purposes. If not, refraining from storing such data can mitigate privacy and security risks. Protect the user by protecting the data,” she said.
Carolyn emphasised the importance of considering data storage and computation methods.
“Individuals and organisations should exercise caution in selecting partners, opt for servers located within Australia, and diversify data storage to mitigate risks associated with centralised repositories. These measures closely align with those adopted by government agencies, including CSIRO itself.
"Currently we are applying these principles in developing the National Energy Analysis Centre (NEAC), where data access, use, privacy and cyber protections are core to our systems design process,” she said.
Privacy a top priority
We have many groups that focus on privacy in different sectors. As part of his research, Dr Paul Tyler led a comprehensive review of privacy considerations within the Australian power sector. They uncovered crucial insights into the privacy risks linked to different types of energy data.
“We gained valuable insights into the various privacy risks associated with different types of energy data.
“Moreover, we pinpointed ways to enhance privacy, like granting exclusive access to specific data for authorised users, while providing modified versions to others. These measures are vital for a secure digital evolution in the energy field,” Paul said.
Embracing innovation responsibly
As we journey toward a secure energy future, the balance between innovation and responsibility is key.
Initiatives like NEAC are crucial for understanding energy needs. But it's not just up to one sector or group of people. CIPR and SEM collaborate across sectors to share insights and elevate innovation. This broader approach ensures lessons learned in securing energy data benefit all Australians. Everyone should be adopting this approach.
Simple solutions in the home
Mitigating risks doesn't require rocket science, but it does require cyber hygiene. Simple steps, like changing default passwords on inverters and network devices, can significantly enhance security.
Strong, regularly updated passwords act as a barrier against unauthorised access, safeguarding both individual homes and the broader energy network.
Utilising tools like keychain password services, which require just one secure login and then track passwords, can also greatly enhance security.
When an energy service provider requests your data, ask them some simple questions:
- What are your data privacy protocols?
- What is the data being used for?
- How is the data being shared?
- How is it being protected?
Working together to secure our future
Securing our energy future requires a delicate balance between innovation and responsibility.
As we embrace new technologies, we must all remain vigilant against potential threats. It's how we ensure that our data remains safe and our energy infrastructure resilient.