Cyberattacks are a growing problem in the energy sector overseas. The first known successful cyberattack on a power grid happened in the Ukraine in December 2015 using phishing emails with attached hidden malware – it blacked out approximately 230,000 houses.

This potential for Australia’s energy sector to be impacted in a similar way is why we need clear guidelines on how to protect the industry.

It kicked off with the Finkel Review and its recommendation that an annual report should be developed on the National Electricity Market’s cybersecurity preparedness. The Finkel Review recommended that all energy market participants be assessed annually for cyber maturity. This assessment requires a framework to act as a baseline and a guide to ensure the right cybersecurity controls and processes are in place to protect our critical infrastructure.


How did the industry respond to the Finkel Review?

In response to the Finkel Review, the Australian Energy Market Operator (AEMO) introduced a Cyber Security Industry Working Group (CSIWG) to develop a tailored cyber security framework for the Australian energy sector. This is called the Australian Energy Sector Cyber Security Framework (AESCSF) and will provide all energy market participants, regardless of type or size, with a structured approach to describe and measure the maturity of their organisation’s cyber security capabilities.


What does the framework mean for AGL?

Over the last four years we have been measuring ourselves against the global cybersecurity framework developed by the National Institute of Standards and Technology (NIST). This has been key to outlining our current cybersecurity strategy and objectives.

The new energy-specific AESCSF framework will provide a more targeted tool that will allow us to compare ourselves to other energy organisations in Australia and work together to keep our sector safe.

We’ve been a keen contributor to the framework, helping guide decisions and policies. We chair the AEMO Cybersecurity Working Group and have a seat on the industry board for cybersecurity.


What is the biggest concern for the energy sector?

As the energy sector transforms and digitises there is now a larger surface area to protect, which extends from our customers’ homes with the Internet of Things (IoT) – interrelated devices that talk to each other over a network without human interaction – all the way through to ICS (Industrial Control Systems, which manage our operational technology from a management and safety perspective) technology systems in generation sites. A cyber incident can now transform into the physical world and have a direct impact on our customers.


Safer Internet Day

As an essential service provider, we take cybersecurity very seriously. This article was published on Safer Internet Day, an initiative celebrated in more than 150 countries that aims to raise awareness about the role we all play in creating a better and safer internet.


Further reading