We are all aware from media reports, political jockeying and our power bills, that Australia is undergoing a shift in its energy sector. We’ve all heard the constant buzz around the integration of renewable energy sources like solar and wind to meet our net zero targets. Regardless of your thoughts on the accuracy of the science around climate change, the move to renewables is happening whether we like it or not.

The move to renewables introduces several challenges for the energy sector, particularly in maintaining grid stability and securing operations against cyber threats.

The eventual progression to a grid that might rely on synthetic inertia (an artificial means to maintain inertia in the grid) to support renewables, and the increasing digitisation of energy systems, amplify cybersecurity risks that can have significant implications for operational reliability.

Let’s unpack Australia’s energy transition, synthetic inertia, renewable energy integration, and the cybersecurity threats that could disrupt this delicate balance.

The Australian Energy Transition and Renewables Integration

In Australia in 2024, renewables accounted for 38% of electricity generation, up from 24% in 2019. AEMO predicts that by 2030, renewables could supply over 60% of the NEM and with the current political landscape not changing in the near future, this date is looking more certain.

This shift means that Australia will reduce reliance on coal-fired power plants, which traditionally provided stable baseload power and inertia to maintain grid frequency at 50 Hz.

Imagine the power grid as a giant playground swing, and 50 Hz is the perfect rhythm of pushing it to keep it swinging smoothly. In Australia, our electricity hums along at 50 cycles per second (50 Hz), which keeps everything from your toaster to big factories running in sync.

Anything with a turbine, such as a coal-fired power plant, has the stead momentum to keep the swing going, and if there’s some impact or wobble to the swing, like a storm or fault, the system can recover due to the steady consistent motion.

Renewables such as solar and wind generate power intermittently and lack the physical inertia provided by spinning turbines in conventional power plants. So if the grid’s rhythm becomes unbalanced or spikes above or below 50 Hz, things can go wrong, like lights flickering or even blackouts.

This makes keeping the grid stable a challenge, especially when disruptions occur. To address this, adding synthetic inertia and grid scale battery storage to mimic the stabilising effects of traditional generators with some traditional turbines such as hydroelectric or gas, can stabilise the grid.

What role can a cyber event play in grid stability?

We are all aware that cyber attacks are on the rise, but how do we make this message really meaningful from an operational and safety perspective, then relate this to a move to understand the cyber risks from adding more renewables to the grid?

1. More tech means more attack surface: Distributed Energy Resources like rooftop solar, smart meters and Battery Energy Storage Systems expand the number of connected devices. Each device is a potential entry point for attackers. For instance, a compromised inverter could disrupt synthetic inertia delivery, destabilising the grid or at least the portion of the grid connected to the transmission or distribution network.
2. Can’t work without comms: Synthetic inertia systems rely on highspeed communication protocols like IEC 61850 for real time coordination. A denial of service (DoS) attack or network intrusion could delay or falsify frequency data, causing improper responses that amplify grid instability.
3. Risky Business with trusted 3^rd and 4^th parties: Many grid components, including inverters and control software, are sourced globally. Malicious code or hardware backdoors embedded during manufacturing could be exploited to manipulate synthetic inertia or disable renewable assets.
4. The old tech still works: Older grid infrastructure that was not originally designed with cyber security protocols, is often integrated with modern renewable systems. These legacy systems lack robust encryption or authentication, making them susceptible to attacks that could cascade to newer assets.

Linking Renewable Risks to Cyber Security and Operations

With this focus in mind, the operational risks of adding renewables to the grid are amplified by cyber security threats. Without physical inertia, the grid is less forgiving of disruptions, and synthetic inertia’s reliance on digital systems creates a single point of failure. Consider the following scenarios, noting that there are a lot of ‘coulds’ here when discussing the potential impacts:

• Frequency Instability: A cyber attack that manipulates inverter settings could prevent synthetic inertia from responding to a frequency drop, triggering cascading failures. For example, during a 2020 South Australian blackout, rapid frequency changes overwhelmed control systems, highlighting the grid’s sensitivity to disruptions.
• Data Integrity Attacks: Attackers could inject false data into grid monitoring systems causing synthetic inertia systems to over or under correct the frequency. This could lead to voltage collapses or equipment damage, as seen in past incidents involving manipulated SCADA systems.
• Ransomware on Critical Assets: A ransomware attack locking out operators from BESS or wind farm controls could disable synthetic inertia, leaving the grid vulnerable to sudden renewable output drops, especially during extreme weather events.

These risks are compounded by Australia’s geographically dispersed grid, where remote renewable facilities are harder to secure physically and digitally.

So what now?

There is no doubt that within the next 10-15 years, Australia will be reliant on synthetic inertia via renewables. This does pose additional risk that could undermine operations and pose an impact to safety if maliciously operated.

Anchoram Consulting recommends that the energy sector prioritises robust cyber security measures across key areas such as standards-based industrial control system design, implementing zero trust architectures, uplifting supply chain security and proactive testing.

Keeping Australia’s grid secure is not just a technical necessity but a foundation for economic stability and public safety. As renewables and digital systems become the backbone of the NEM, safeguarding them against cyber threats is as critical as the transition itself.

For more information on how Anchoram Consulting can assist your organisation with an operational risk assessment and technology, data, physical and cyber security challenges, reach out for a confidential discussion today.