SOCI ACT / AESCSF COMPLIANCE /
PROJECT SUMMARY
Our client is an integrated energy company with generation, wind and storage assets.
The Security of Critical Infrastructure (SOCI) Act was introduced by the Australian Government to address growing national cyber security concerns related to the increasing complexity, connectivity, and vulnerability of critical infrastructure systems. The SOCI Act requires entities to manage the risks associated with physical security, cyber security, personnel security, and supply chain security.
The Australian Energy Sector Cyber Security Framework (AESCSF) program provides a tool for assessing cyber security maturity across Australia’s energy sector.
SCOPE
The key aspects for our client was to assess their network architecture, document OT risks and create an OT Architecture framework and OT cyber security roadmap in meeting the obligations as set out by the SOCI Act.
Tier16 was engaged to develop the site-specific OT Network Reference Architecture that focuses on the hardware and software that manages and controls physical processes.
The project scope included:
Conduct a Target State Assessment (TSA) review
Prepare a Target State Assessment (TSA) report
Develop an OT governance and controls framework (AESCSF SP-2)
Create a functional and physical reference architecture
Develop a detailed site assessment framework
Develop a Current State Architecture (CSA)
Develop a critical asset report
Develop a gap assessment for each site
Develop a site-specific architecture
Perform site-specific remediation
TECHNOLOGIES USED
Claroty
CHALLENGES
Workshops with IT, OT, Asset Management & Cyber Security teams with conflicting priorities, made it more rigorous to consolidate a unified architecture that meets regulatory and operational needs.
Certain sites lacked detailed diagrams, which made visibility difficult to understand existing infrastructure, device connection and communications pathways; making it harder to identify vulnerabilities and implement security controls.
RESULTS
Successful harmonisation of the various teams enabling energy transition goals through compliance with regulatory requirements. Strengthened the clients risk management for critical assets; improving protection against cyber threats, physical risks, and operational disruptions.
TESTIMONIALS /
NAME OF THE COMPANY /
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.