AESCSF framework and resources

The Australian Energy Sector Cyber Security Framework (AESCSF) has been developed through collaboration with industry and government stakeholders, including the Australian Energy Market Operator (AEMO), Australian Cyber Security Centre (ACSC), Critical Infrastructure Centre (CIC), and the Cyber Security Industry Working Group (CSIWG), which includes representatives from Australian energy organisations.

The AESCSF leverages recognised industry frameworks such as the US Department of Energy’s Cybersecurity Capability Maturity Model (ES-C2M2) and the NIST Cyber Security Framework (CSF), and references global best-practice control standards (e.g. ISO/IEC 27001, NIST SP 800-53, COBIT, etc.). The AESCSF also incorporates Australian-specific control references, such as the ACSC Essential 8 Strategies to Mitigate Cyber Security Incidents, the Australian Privacy Principles, and the Notifiable Data Breaches scheme (NDB).

While there have been no major changes from the inaugural AESCSF assessment, important lessons learnt from the 2018 assessment process and feedback attained from participating members have been utilised in updating the 2019 version of the AESCSF.

Upon the completion of the first round of the Educational Training Workshops, additional AESCSF training materials will be made available, incorporating the feedback from these sessions. These are expected to be delivered in early October.

AESCSF 2019 Education Workshop Walkthrough

This video provides a walkthrough of the framework resources providing additional support and context.

Key sections of this video are as follows:

0:01:49 – Background
0:30:43 – Introduction to the AESCSF
0:44:10 – Criticality Assessment
1:01:36 – Framework Structure
1:12:08 – AESCSF Full Self-Assessment
1:49:07 – AESCSF Lite Self-Assessment
1:59:56 – Target State
2:10:32 – Assessment Outcomes & Next Steps