Australia’s trusted utilities security advisor
Finkel Review recommendation 2.10 is that we tackle the challenge head-on, as summarised in the AEMO 2018 Summary Report into the cyber security preparedness of the National and WA Wholesale Electricity Markets.
Sense of Security can apply its nearly two decades of experience in utilities security to working with you and your internal teams to implement the recommendations, tighten your defences, and secure your organisation against existing and emerging threats.
Sense of Security partners with utilities
Increased use of technology for customers to access their accounts and make changes, as well as in the operation of the utility itself, have opened the door to significant cyber threats.
The preparedness of utilities to resist cyber threats varies across utilities, but the importance of being well defended does not.
Power and utilities are customer-centric industries, and protecting customer data is paramount.
As businesses work to improve the customer experience to meet customer expectations – including new ways for customers and the business to interact on digital channels – utilities must adapt their defences to meet customer expectations of security.
Sense of Security can work with you to identify and understand your vulnerabilities, implement correct policies and procedures, and strengthen your defences against cyber interference.
A cyber security toolkit for power and utilities businesses
We are trusted providers of cyber resilience, information security and risk management services to power and utilities businesses around Australia. Our team has been working with utilities and other large organisations for nearly two decades, and can help you to be well-prepared to create the secure, reliable digital experience that customers demand. We can work with you on an ongoing or retainer basis.
Some of the services we offer include:
Advice in achieving the Australian Energy Sector Cyber Security Framework (AESCSF)
We can perform a gap analysis and work with you to bring your systems and abilities up to the standards required by the Australian Energy Sector Cyber Security Framework (AESCSF) – formerly known as the Cybersecurity Capability Maturity Model (C2M2).
C2M2 is a useful self-evaluation tool your business can use to assess the maturity of your security model as you make improvements. We can guide you through the model with an eye on
- strengthening your cybersecurity capabilities
- Enabling you to effectively and consistently evaluate and improve your capabilities
- Sharing knowledge, best practice and references across the organisation with a view to improved cybersecurity
- Enabling you to prioritise actions and investments for the best effect
Our experience in SCADA security can help you to improve the security and security monitoring of remote and critical control systems, including all the latest changes including distributed SCADA networks.
PII data security
We can provide advice on how to protect personal identifiable information (PII), which is highly sensitive in nature.
Data breach notification
Sense of Security can advise you on how to create policies and procedures to meet your data breach notification requirements. In the rare event of a breach, Sense of Security can oversee your response, advise on any potential pitfalls and suggest improvements.
Red team, Blue Team, Purple Team
Red team exercises are the most rigorous test of your security systems. Sense of Security’s red team think like real attackers to find any weaknesses in your controls. We can also work with you on the defence side (blue team) and for the broadest coverage we provide red-blue blended testing and response services called purple teaming.
Sense of Security is your trusted cyber security partner in the Utilities sector.
Utilities sector case study
A large distribution network operator
Our client had a limited security capability, inadequate policies and procedures, and was not able to demonstrate compliance with any modern information security standard.
- Developed a complete threat analysis of their Information Technology (IT) and Operating Technology (OT)
- Created a cybersecurity risk register
- Planned, managed and implemented a program to achieve the C2M2 standard, which had not been achieved previously in Australia – the standard is now the Australian Energy Sector Cyber Security Framework (AESCSF)
- Defined all policies to comply with the requirements of ISO 27001 as a pathway to future certification
- Tested the changes with a series of human factor penetration tests and physical security red teaming
- Client feedback was that Sense of Security was able to make the organisation understand the standards
- Client felt that Sense of Security understood its mix of IT and OT environments and catered to their intrinsic differences
Penetration testing: A guide to achieving better outcomes.Read more
Dynamic risk assessment – The business case. Read more
Supply Chain Risk – The case for supply chain risk assessmentss. Read more
Windows 10 – Saving your Windows 10 rollout from calamity. Read more
Parliament issues and implications – The latest news on government cyber-attacks within Australia. Read more