Skip to main content

Australian Energy Sector Cyber Security Framework (AESCSF)

The Australian Energy Sector Cyber Security Framework (AESCSF) was developed collaboratively between industry and government stakeholders including the Australian Energy Market Operator (AEMO), ACSC, Critical Infrastructure Centre (CIC) and the Cyber Security Industry Working Group (CSIWG).

“The AESCSF leverages recognised industry frameworks such as the US Department of Energy’s Cybersecurity Capability Maturity Model (ES-C2M2) and the NIST Cyber Security Framework (CSF), and references global best-practice control standards (e.g. ISO/IEC 27001, NIST SP 800-53, COBIT, etc.). The AESCSF also incorporates Australian-specific control references, such as the ACSC Essential 8 Strategies to Mitigate Cyber Security Incidents, the Australian Privacy Principles, and the Notifiable Data Breaches scheme (NDB).”

- Australian Energy Market Operator (AEMO)

While this framework was tailored to the Electricity sector, it contains useful cyber security controls that are relevant to any critical infrastructure organisation, including asset management, event detection and logging.