It’s Not Just Software. Physical Critical Equipment Can’t Be Trusted, Either
Inverters and controllers similar to those exposed in the United States are deployed across Australia’s solar energy sector, particularly in residential and commercial-scale distributed energy resources. Many are connected to the grid and managed remotely via mobile networks.
The structural risks highlighted in the US investigation almost certainly exist here. It’s likely we simply haven’t looked closely enough. We may not even know how to look or where to start.
So far, Australia’s policy focus has been on network security and operational resilience. The Security of Critical Infrastructure Act and its Risk Management Program reforms have strengthened awareness and governance. But hardware integrity remains a blind spot. Vendors are often evaluated based on documentation or country of origin. Few components are independently tested for physical or embedded threats. Even fewer are built with tamper evidence or verifiable firmware.
So what would a zero-trust model for hardware look like? It starts with rejecting assumptions. Devices used in critical environments should be able to prove they are genuine and unaltered, using cryptographic signatures that can be independently verified. Firmware should be auditable and digitally signed. Hardware platforms need runtime integrity checks, tamper detection and the ability to isolate or disable compromised components. These capabilities exist today but are rarely adopted at scale.
Procurement models must also evolve. Hardware cannot be selected from trusted supply chains on cost-efficiency alone. It requires a broader risk lens, one that accounts for consequence, likelihood, adversary capability and intent. Mitigation may require investment in local capacity, or co-development with partners that share our security posture. Where equipment cannot come from reliable foreign countries, governments must cultivate domestic sources.
This is not about closing off our economy. It is about building resilience. In a contested region, the ability to operate independently of hostile actors may determine national outcomes.
We must also let go of the idea that trust is permanent. Zero-trust is not a one-off assessment; it’s a posture of continuous verification. Supply chains evolve. Vendors change hands. Firmware updates introduce new code. Just as we monitor software over time, we must now monitor the behaviour and integrity of the physical devices that carry our systems.
The ghost machines uncovered in US infrastructure cannot be understood as an isolated glitch. They represent a deliberate strategy: embedding long-term access and influence into the physical core of critical systems.
Australia has made progress in recognizing cyber threats as national security challenges. The next step is to extend that awareness to hardware.
We cannot secure the future while building on unexamined trust.
Jason Van der Schyff is a consulting technologist whose work spans secure infrastructure, strategic supply chains and sovereign industrial capability within the AUKUS and Indo-Pacific context. This article is published courtesy of the Australian Strategic Policy Institute (ASPI).
