Strengthening cybersecurity maturity and improving operational resilience
At a glance
GHD Digital supported an electricity and gas distributor in their bid to assess and advance their cybersecurity maturity. Using our Cyber and Risk Centre of Excellence (CoE), we helped the client evaluate their risk profile and designed a robust framework to provide clarity towards their target maturity state. Now guided by a comprehensive roadmap, the power utility is better equipped to address evolving cyber threats, fortifying their systems against vulnerabilities and ensuring asset reliability.
The challenge
A large energy distributor in Australia, supplies electricity to over 200,000 residential and business customers and 146,000 gas customers. They also provide 24/7 emergency response during blackouts and disasters.
As the power utility’s critical infrastructure becomes increasingly digitalised, the more exposed it becomes to security threats and malicious attacks that can compromise operations. Breaches in their electricity and gas assets could lead to prolonged downtime and financial losses. Failure to comply with industry regulations could result in fines and penalties. They wanted to perform a high-level architecture review to uplift security across their systems but were left wondering where and how to start.
Our response
GHD Digital’s Cyber and Risk CoE was engaged to understand their current cybersecurity posture and help address regulatory obligations, including those outlined in the Security of Critical Infrastructure (SOCI) Act.
First, we assessed the power utility’s current state maturity against the Australian Energy Sector Cyber Security Framework (AESCSF). While the AESCSF is a voluntary assessment program, it is also a framework that organisations can select to comply with to meet their SOCI obligations. The AESCSF developed for the Australian Energy Sector closely aligned with other industry standards for operational technology (OT), that provides owners and operators of energy assets a framework and guidance to evaluate and strengthen their cyber practices.
Our cybersecurity consultants, who achieved the International Society of Automation Cybersecurity Expert Certificate, examined the client’s current technical controls (hardware and software components) and their effectiveness against the International Electrotechnical Commission (IEC) 62443 Security for Industrial Automation and Control Systems standard. The IEC 62443 is part of a series of standards endorsed by the United Nations that define the requirements to address the cybersecurity of OT and industrial automation control systems.
The framework and capability assessments helped us develop a risk-based roadmap that detailed priority areas and investments to close gaps and achieve the client’s targeted level of maturity. This roadmap aimed to guide the power utility to future-proof their assets and strengthen their frontline of defence against threats that are becoming more sophisticated.
The impact
The assessments resulted in a more detailed picture of their system vulnerabilities and corresponding countermeasures.
Through this partnership, the electricity and gas distributor now has an in-depth cybersecurity strategy with a clear list of priorities towards achieving their desired maturity level. They have better visibility of their regulatory obligations and ideal courses of action to mitigate risks. In addition, the roadmap informs their management practices, future planning and investment decisions.
As our client bolsters their cybersecurity posture, they become better equipped to protect assets from diverse threats and improve operational resilience, enabling a more reliable supply of electricity and energy to their stakeholders.
Connect with us and take the next steps to improve your cybersecurity posture and build operational resilience.