Major programs

Australian Energy Sector Cyber Security Framework

Protecting Australia’s energy sector from cyber threats is of national importance. This has been as recognised by the inclusion of the energy sector within the Security of Critical Infrastructure Act 2018 (SoCI Act) reforms. These reforms support the ability of the energy sector to maintain secure and reliable energy supplies thereby supporting our economic stability and national security.

AESCSF promo image

Background  

In response to the Independent Review into the Future Security of the National Electricity Market - Blueprint for the Future recommendation 2.10, in 2018 the Australian Energy Market Operator (AEMO) collaborated with industry and government to develop a tailored cyber security framework for the Australian energy sector – the Australian Energy Sector Cyber Security Framework (AESCSF).

The AESCSF is both a framework and an annual voluntary assessment program. The program covers Australia’s electricity, gas markets (since 2021) and liquid fuels sector (since 2022).

Participation in the AESCSF program enables participants to undertake assessments of their own cyber security capability and maturity. Participants can use the results to inform and prioritise investment to improve cyber security posture. Participation is voluntary.

Each participating organisation’s assessments are anonymised, and the aggregated results analysed to produce the annual Report into the cyber security preparedness of the Australian electricity, gas and liquids sector. The confidential report is provided to Energy Ministers to support the energy sector’s developing cyber maturity. The program provides valuable national energy cyber security capability and maturity insights to complement SoCI Act reforms.

2024 August Update

In July 2024 Energy Ministers confirmed their support for the continuation of the AESCSF program. Accordingly, planning for the FY25 AESCSF Program is now underway.

Note that in FY25, the AESCSF program dates will change from prior programs to align with reporting and attestation windows for related regulatory obligations. The planned timeline for the FY25 Program is as follows:

  • Australian energy organisations will be invited to participate from February 2025.
  • The benchmarking portal will be made available in March-April 2025 for 6-8 weeks.

All provided dates are indicative in nature and subject to change.

The FY25 Program will allow organisations to self-assess and benchmark against AESCSF Version 2 and Version 2 Lite. Version 1 and Version 1 Lite will not be included. The offline toolkit and supporting materials for Version 1 and Version 1 Lite will continue to be available via the AEMO website.

Organisations can utilise the AESCSF Version 1, Version 2 and Lite Version offline toolkits at any time by visiting the AESCSF Framework and Resources page to perform self-assessments in support of cyber uplift programs, prioritisation of investment and Risk Management Plan (RMP) regulatory obligations under the SoCI Act.

Contacts 

For further information on the AESCSF please contact the Project Team:
E: aescsf@aemo.com.au

Cyber SecurityNational Electricity Market
X
Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.
Confirm