The government is set to coordinate a national cybersecurity exercise for the electricity industry in November under a broader push to protect critical infrastructure from attacks.
The Australian Cyber Security Centre (ACSC) is set to lead the two-day exercise in November, which will also involve players from across the electricity supply chain and agencies with energy-related remits.
Participating organisations “are expected to plan, coordinate, conduct and evaluate their involvement in the exercise and contribute exercise learnings to inform a national exercise report,” the ACSC said.
Planning for the national exercise is set to be undertaken between March and July of this year.
“‘The electricity industry provides an essential service for all Australians, and, like other critical infrastructure sectors, is a target for malicious cyber criminals,’ ACSC head Alastair MacGibbon said.
‘We’re inviting participation from across the electricity industry – market and power system operators, generators, storage providers, transmission and distribution network service providers, and retailers – as well as government.”
MacGibbon said the ACSC is already “working closely” with the Australian Energy Market Operator (AEMO), industry organisations and state and territory government agencies.
‘We’re building on work already happening in the electricity industry and by government agencies to strengthen cyber security,’ MacGibbon said.
Registration to participate in the two-day functional exercise closes 31 May 2019.
The government has increased its focus over the past year on beefing up protection of critical infrastructure from attackers.
Operators of Australia's electricity, water, gas and port infrastructure must now detail their IT environments to the government under laws passed in March last year.
At the end of last year, the ACSC helped coordinate the creation of documentation [pdf] to show how different levels of government would work together in the event of a national cyber incident.
Part of this documentation included “plans to institutionalise, for the first time, regular cyber incident exercises that address nationwide needs”, UNSW researchers said at the time.
Such exercises are open to “owners and operators of Australia’s critical infrastructure and Australian, state and territory government organisations”, the ACSC said.
The UNSW researchers had urged the government to target electricity companies “among the first businesses targeted for collaboration [with government] due to the scale of potential fallout if they came under attack.”
