The Australian Energy Market Commission (AEMC) has published a consultation paper on a rule change request to establish cyber security as one of the Australian Energy Market Operator (AEMO)’s responsibilities under the National Electricity Rules (NER).
The request has been issued by federal Energy Minister Chris Bowen to help the energy industry be cyber security ready.
Under the proposed rule change, AEMO would specifically be required and funded to undertake four cyber security preparedness functions, including coordinating a National Electricity Market (NEM) cyber incident response plan and supporting energy businesses to be prepared for cyber incidents.
AEMO would be required to also provide expert cyber security advice to government and industry and distribute critical cyber security information to market participants.
AEMO currently has existing emergency powers to respond to actual cyber incidents.
AEMC Chair Anna Collyer said as the country’s energy system becomes increasingly digitised and interconnected, robust cyber security measures are crucial to ensure electricity supply reliability and resilience.
‘’Cyber security is an important enabler for the energy transition. For it be successful, the associated risks need to be well managed, and the proposed rule change aims to formally recognise the provision of identified cyber security services as one of AEMO’s core responsibilities under the National Electricity Rules,” Collyer said.
”The objective is to provide clarity on their role in this area, enable cost recovery for cyber security services, and enhance accountability across the industry.”
Electricity industry cyber security challenges are being addressed through the stakeholder collaboration, Australian Energy Sector Cyber Security Framework (AESCSF), which serves as a voluntary assessment program, enabling participants to evaluate and improve their cyber security maturity.
The proposed rule change aims to build upon these existing efforts, providing AEMO with the necessary tools and resources to further bolster the NEM’s resilience against evolving cyber threats.
Image: Australian Signals Directorate
The Australian Signals Directorate Cyber Threat Report 2022-2023 found that 15% of all cyber security incidents that financial year were categorised as C3 or above, 17% of which were from the energy sector.
Common C3 incident types include compromised assets, network or infrastructure, data breaches, ransomware, following by exploitation of public-facing applications and phishing.
In May 2024, Victorian electricity company Sumo confirmed a data breach of personal information of 40,000 customers and in June 2024, two rare-earth mineral companies, Iluka Resources and Northern Minerals were targeted respectively by denial-of-service and ransomware attacks.
Feedback on the consultation paper close 18 July 2024 and insights will be published in draft on 26 September 2024.
This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: editors@pv-magazine.com.
By submitting this form you agree to pv magazine using your data for the purposes of publishing your comment.
Your personal data will only be disclosed or otherwise transmitted to third parties for the purposes of spam filtering or if this is necessary for technical maintenance of the website. Any other transfer to third parties will not take place unless this is justified on the basis of applicable data protection regulations or if pv magazine is legally obliged to do so.
You may revoke this consent at any time with effect for the future, in which case your personal data will be deleted immediately. Otherwise, your data will be deleted if pv magazine has processed your request or the purpose of data storage is fulfilled.
Further information on data privacy can be found in our Data Protection Policy.