Government priorities

energy-theme-blue

Cyber security

Cyber Security Work Plan

On 11 June 2021, the Energy Ministers Meeting agreed to add cyber security as a priority.

The Cyber Security Work Plan will complement ongoing jurisdictional government cyber security reforms and focus on measures to improve cyber preparedness, response and recovery in the energy sector.

To oversee the progress of the work plan, a Cyber Security Working Group has been established, in September 2021, with representatives from all Australian state and territory governments. The working group will focus on enabling a co-ordinated, comprehensive, and non-duplicative uplift in cyber security across the energy sector, to achieve a cyber resilient sector.

Australian Energy Sector Cyber Security Framework

Industry, AEMO and the Australian Government are working together to improve cyber security preparedness in the energy sector.  

The Australian Energy Sector Cyber Security Framework (AESCSF) has been in place since 2018 to enable electricity market participants (as well as gas participants from 2020) to assess their cyber security preparedness. The AESCSF includes an annual assessment program and a report to Energy Ministers.

The AESCSF leverages recognised industry frameworks such as the US Department of Energy’s Cybersecurity Capability Maturity Model (ES-C2M2) and the NIST Cyber Security Framework (CSF), and references global best-practice control standards.

Gridex VI

The Department of Industry, Science, Energy and Resources is working with energy companies and other Australian government agencies to deliver a national energy cyber security exercise in 2022, called GridEx VI.

Malicious cyber activity is an emerging threat to the security of Australia’s energy systems. The national exercise will test response capabilities to a major cyber security incident.  

Review of cyber incident and emergency management arrangements 

In the event of a serious cyber incident, the energy sector has emergency response arrangements in place to manage any potential supply and operational impacts.

The Australian Government is working with state and territory governments, AEMO and industry to review existing emergency management arrangements during complex cyber incidents. This will ensure the energy sector is able to efficiently communicate and respond to increasingly sophisticated cyber threats.