The modern day guard

In the near future, our homes will likely have solar on the roof, batteries in the home and an EV in the garage. Indeed, many homes have all those things today and many of these devices are “smart”. Smart devices are generally defined as devices that can be connected to the internet and can be controlled or communicated to in some way.

Like almost half of Australia I fell victim to the 2022 Optus data breach and whilst there was momentary panic about my data being leaked to the internet (and people learning about my addiction to heartwarming dog videos) at least my service was still working. That changed last week in Optus’ latest kerfuffle where I awoke to a phone that wasn’t allowing me to check my emails, cue anxiety.

For some, seeing the output of your solar panels in real time or how it’s charging your home battery or maybe even your EV can be a liberating experience. But what if someone was able to hack into your devices? What if, instead of an unresponsive phone you awoke to a house with no heat, no light, no transport and nothing worked?  I’d argue a deeper feeling of dread and confusion may ensue.

What is CSIP-Aus & PKI?

Before we go too far into our hypothetical doomsday scenario, it is important to introduce a few terms to you and why they’re important to preventing it.  Prepare yourself for more acronyms.

“CSIP-Aus” stands for the somewhat cryptically named Common Smart Inverter Profile – Australia.  It is the minimum requirements for communications protocols for CER in Australia based on pre-existing international standards.  A handbook was written by the DER Integration API (Application Programming Interface) Technical Working Group (DERIAPITWG) and supported by ARENA.
In plain English, it’s how these energy resources connect to and communicate via the internet.

“PKI” stands for Public Key Infrastructure, which is the cybersecurity technology that secures the communications between CER and the internet. I won’t go too far into how it works because, frankly I don’t know either, but I do know that we need it to prevent or at least minimize the chances of future cyberattacks on CER. Translation – It’s like having McAfee antivirus for your CER.

By current estimates, AEMO is forecasting at least several times (by capacity) our current electricity system in 2050 will be generated, used, and stored by CER or otherwise orchestrated by Virtual Power Plants (VPPs) and the like.

It therefore makes the case that whilst new CER devices start to become “smarter” and more connected they should also be more secure.

Solutions coming very soon

Networks and many others in industry have been thinking and working on this issue for a long time. We’ll soon start to see the fruits of their labour being implemented into CER soon. The next cab off the rank is a nationally consistent PKI technology being led by network service providers in consultation with industry and government. We are working on this now and expect this to start coming together in early 2024.

The words “nationally consistent” is the quietly important part of this work because if we had multiple or competing forms of PKI it would have real world impacts on customer choice and affect the types of products that CER manufacturers (like inverter manufacturers) make and sell to customers.

The urgency to do it now stems from the moves by various governments to get their states prepared for emergency backstops to combat minimum demand. The Victorian  government currently has a notice to market open for consultation.

AEMO and other government bodies have already started us on the path through the AESCSF, but more needs to be done by industry to make sure all our ducks are nicely lined up for the future where the energy system can power the devices that society relies on.