EXPERT PERSPECTIVE — The recent revelations from Reuters and other U.S. news outlets, detailing the discovery of “rogue” communication devices embedded within Chinese-manufactured solar power inverters, are far more than just another cybersecurity scare; they represent a chilling, tangible manifestation of a threat Australia has been grappling with in increasingly abstract terms.
For a nation like Australia, deeply enmeshed in global supply chains for critical technologies and navigating an ever-more complex geopolitical landscape, the potential presence of these “ghost machines” in the very hardware that underpins our transitioning energy infrastructure is a profound national security challenge. This isn’t simply about data breaches or intellectual property theft, as profoundly serious as those are; this is about the potential for remote, physical sabotage of essential services, a threat that strikes at the heart of national sovereignty and resilience.
The technical nature of this threat is insidious. These undisclosed devices, including cellular radios, create undocumented communication channels that can circumvent existing protective security measures. Their purpose, U.S. officials and security experts suggest, could be to allow remote manipulation or disabling of power grids, potentially triggering widespread blackouts or even physical destruction of energy infrastructure. One source ominously told Reuters, “That effectively means there is a built-in way to physically destroy the grid”.
The intersection of technology, defense, space and intelligence is critical to future U.S. national security. Join The Cipher Brief on June 5th and 6th in Austin, Texas for the NatSecEDGE conference. Be in the room.
The fact that Chinese companies are global leaders in inverter manufacturing and are required by Chinese law to cooperate with their government’s intelligence agencies, adds a deeply unsettling layer of state-sponsored risk. An incident in November 2024 discovered by U.S. Energy officials and cybersecurity officials, where solar power inverters in the U.S. and elsewhere were reportedly disabled from China, serves as a troubling precedent.
Australia’s vulnerability to such hardware-based threats is acute. Our energy sector is undergoing a rapid transition, increasingly reliant on imported technologies and complex, interconnected digital systems. While much of our cybersecurity focus has rightly been on software vulnerabilities and network intrusions typically in government, defence and more traditional sectors such as banking and telecoms, the compromise of physical hardware components in the renewable energy sector introduces a more fundamental and difficult-to-detect risk. The Australian Cyber Security Centre (ACSC) consistently reports that critical infrastructure is a prime target for malicious actors, including state-sponsored entities.
The “attacker-as-a-service” model further democratises sophisticated attack capabilities, meaning even non-state actors could potentially leverage such embedded vulnerabilities if their existence became known.
From AI to unmanned systems, experts are gathering at The Cipher Brief’s NatSecEDGE conference June 5-6 in Austin, TX to talk about the future of war and national security. Be a part of the conversation.
This discovery must be viewed through the lens of escalating geopolitical competition, particularly the U.S.-China tech rivalry. The strategic pre-positioning of capabilities that could be used to disrupt critical infrastructure aligns with documented tactics by state-backed actors, such as the Volt Typhoon operation.
As former U.S. National Security Agency Director Mike Rogers warned, “We know that China believes there is value in placing at least some elements of our core infrastructure at risk of destruction or disruption”. This is not just about espionage; it’s about coercive leverage and the potential to project power in non-kinetic ways, blurring the lines of conflict in what some analysts term “geocriminality”. For Australia, a key U.S. ally and a nation with its own complex relationship with China, the implications are direct and demand a clear-eyed assessment.
Canberra has not been idle. The 2023-2030 Australian Cyber Security Strategy, the landmark Cyber Security Act 2024, and ongoing amendments to the Security of Critical Infrastructure (SOCI) Act all signify a commitment to bolstering national cyber defences. The new Act’s provisions for mandatory security standards for smart devices and the establishment of a Cyber Incident Review Board are steps in the right direction.
However, the “ghost machine” revelations, brought to light by media organizations, expose potential limitations. As ASPI analysts have previously noted in the context of software vulnerabilities, Australia “is making progress, but not quickly enough to keep pace” with the rapidly evolving threat landscape.
The Cipher Brief brings expert-level context to national and global security stories. It’s never been more important to understand what’s happening in the world. Upgrade your access by becoming a subscriber.
The challenge is exponentially greater when the threat is embedded in the hardware itself. “Secure-by-design” principles, a cornerstone of the new strategy, are rendered moot if undisclosed components bypass those designs. The historical ineffectiveness of voluntary measures, such as the 2020 IoT Code of Practice, underscores the need for robust, mandatory, and verifiable standards for all critical technology imports.
The path forward for Australia requires a paradigm shift in how we approach supply chain security for critical infrastructure.
Firstly, there must be an urgent, comprehensive audit of existing critical infrastructure components, particularly those sourced from high-risk vendors, to identify similar hardware vulnerabilities. This is a monumental task, but the alternative – operating critical systems with unknown backdoors – is untenable.
Secondly, Australia must accelerate efforts to build sovereign capabilities and diversify supply chains for critical technologies, even if this involves co-development with trusted international partners. The recent AIIA 2025 Digital State of the Nation survey highlighted industry concerns about underinvestment in this area.
Thirdly, our regulatory and inspection regimes for imported critical technologies need significant strengthening, moving beyond paper-based compliance to include rigorous physical and technical verification.
This is not a challenge Australia can face alone. Deepened intelligence sharing and collaborative research with Five Eyes partners and other like-minded nations on hardware vulnerabilities and supply chain integrity are essential.
The “ghost machines” are a potent reminder that in an era of strategic competition and technological entanglement, vigilance cannot be outsourced, and trust must be rigorously verified. The security of Australia’s critical infrastructure, and indeed its national sovereignty, depends on it.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to [email protected] for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
