Australian utilities and associated companies are highly regulated entities. Although they have been working toward control requirements, they are amidst the evolution of significant legislation that will impose further cyber security obligations.
The Security Legislation Amendment (Critical Infrastructure) Bill 2020 was introduced in December 2020 and acknowledges the real and growing threat imposed to this industry and the impact to the Australian economy if they were to suffer a serious cyber-attack.
ISD Cyber is working closely with our clients to design cyber security strategies based on their unique risk profiles. Doing so we have utilised the following industry standards to design and communicate threats, vulnerabilities and control requirements:
- ACSC Essential Eight
- ISO 27001
- NIST
- Security Legislation Amendment (Critical Infrastructure) Bill 2020
- International Association of Ports and Harbors (IAPH) Cybersecurity Guidelines
- the Australian Privacy Act
- General Data Protection Regulations (GDPR).
In addition to cyber security strategic planning and development (incorporating AESCSF, NIST and ISO 27001), ISD Cyber have supported resilience capabilities of our clients through a variety of services, including:
- Technical consulting, operations and control implementation
- Control validations/audit
- Operational risk management
- Development and testing of incident response and recovery plans, strategies, and technology
- Validating backup and recovery strategies
- Business impact analysis
- Third party risk management.