An innovative cyber-driven approach that reduces business risks

wastewater treatment plant

At a glance

GHD Digital pioneered a holistic cybersecurity operating model for a large water and sewage utility, paving the way for their digital transformation journey. Using our Cybersecurity and Risk Centre of Excellence (CoE), we built an actionable and measurable risk-based strategy that reduced tangible business risks from cybersecurity threats.

GHD Digital pioneered a holistic cybersecurity operating model for a large water and sewage utility, paving the way for their digital transformation journey. Using our Cybersecurity and Risk Centre of Excellence (CoE), we built an actionable and measurable risk-based strategy that reduced tangible business risks from cybersecurity threats.

The challenge

A large water and sewage utility in Australia provides drinking water and sewage treatment across its region, facing challenges unifying multiple local government units into a single, cohesive entity. 

They recognised that a centralised model would need a closer review of their cybersecurity management practices, which is comprised of multiple strategic elements, including business alignment, governance, risk and compliance management, security architecture and security operations. To improve the current maturity score, consolidation was needed to help them with their current approach to cybersecurity and processes that historically lacked consistent cyber coverage. 

Our response

GHD Digital’s critical infrastructure cybersecurity team was engaged to assess and optimise their cybersecurity operating model and processes, and to develop a strategic digital roadmap that provided a path to more optimised management of cyber threats. They also needed a dynamic security operating model (SOM) that would evolve to meet their current and future cybersecurity needs. 

The SOM seamlessly integrates cybersecurity functions and provides a comprehensive outline of each function and its underlining process, particularly among operational adjustments or strategic shifts. The SOM would enable the implementation and management of cybersecurity controls that help reduce cybersecurity risks.

To help identify where their focus should be placed on improving their maturity, we conducted an assessment against the National Institute of Standards Technology (NIST) and the Cybersecurity Maturity Model Institute (CMMI) and performed a risk assessment aligned to the ISO 31000 framework, an international standard for risk management. These efforts were pivotal in tailoring a security framework that aligned with their business operations. 

We also developed a three-year strategic roadmap that outlined a clear investment plan. This built the groundwork for their future endeavours and provided a holistic cyber strategy with a clearer vision in mind.  

The impact

Our dynamic solution clearly defined the strategic initiatives and enabled capabilities that reduced business cybersecurity risks and gave them a comprehensive understanding of their cybersecurity posture. The cybersecurity uplift journey is now leading to increased efficiency, a higher maturity score and a more unified cybersecurity strategy that automated tasks and improved collaboration.

The SOM provided a structured approach to execute the cybersecurity strategy more effectively, which helped the utility realise a journey for cybersecurity that was cohesive and easy to measure.  

In today’s constantly changing world of cyber threats, it’s critical to secure digital and operational technology environments, and manage the complexity of cybersecurity processes. 

Leveraging our Cyber and Risk CoE and our global network of operation technology and information technology cybersecurity professionals, our framework grows with organisations and incorporates cybersecurity into every function.

Contact us today and discover how our global Cyber and Risk CoE can help you build a practical Cybersecurity Operating Model and operational resiliency within your organisation.