In alignment with the Finkel Review recommendation 2.10, AEMO developed the Australian Energy Sector Cyber Security Framework (AESCSF) to provide a consistent maturity baseline for the energy industry. To support this initiative, Secolve was invited by a leading Renewable Energy organisation to perform an independent assessment of one of their Solar Farm’s and Synchronous Condenser site. The purpose of this engagement was to review the current cyber security posture, identify gaps against AESCSF Version 2 SP1 requirements, and provide a roadmap for uplift.
The assessment focused on four key objectives to strengthen the water utility’s OT cyber security posture. First, it aimed to achieve compliance with AESCSF SP1 V2, ensuring alignment with the SOCI Act CIRMP Rules. Second, it involved engaging with internal stakeholders and external partners to understand current cyber security practices and management approaches. Third, a comprehensive gap analysis was conducted to identify discrepancies between existing controls and AESCSF requirements. Finally, the engagement delivered a clear roadmap with prioritised recommendations to uplift maturity and guide the organisation toward its target state.Â
To achieve the assessment objectives, Secolve applied a structured methodology tailored to the utility’s operational context. The engagement began with a kickoff meeting to define scope, logistics, and stakeholder involvement, followed by a desktop analysis of available artefacts, policies, and technical documentation. Targeted stakeholder interviews were conducted to gather insights into site operations, governance, and existing security practices. These inputs, combined with the desktop review, informed a detailed gap analysis against AESCSF SP1 V2 requirements. The final deliverable was a high-level report outlining identified gaps and a prioritised roadmap to guide the organisation’s journey toward enhanced cyber maturity and regulatory compliance.
AESCSF SP1 V2 Gap Assessment and Prioritised Roadmap. A comprehensive report was delivered, detailing the current state of cyber maturity, the identified gaps against AESCSF requirements, and a prioritised roadmap of recommendations to support compliance with the SOCI Act CIRMP Rules and strengthen resilience in the renewables sector.
The key deliverable for the scope of assessment was a comprehensive report outlining identified gaps against AESCSF SP1 V2 requirements, along with a prioritised roadmap to guide compliance and uplift OT cyber security maturity.
Report – Current State OT Network Segmentation Review and Prioritised RoadmapÂ
Report – AESCSF SP1 V2 Gap Assessment and Prioritised Roadmap
This Energy company faced mounting cyber security risks within its Operational Technology (OT) environment, driven by increasing integration with IT systems and evolving regulatory requirements. Key vulnerabilities included shared IT/OT infrastructure, inadequate network segmentation, incomplete asset inventories, and governance gaps. These issues posed significant threats to operational resilience and compliance with the Security of Critical Infrastructure (SOCI) Act and AESCSF standards.
To address these challenges, Secolve conducted a structured OT security assessment aligned with AESCSF SP1 V2. The approach included desktop analysis, stakeholder interviews, and a detailed gap assessment to identify discrepancies between current practices and regulatory expectations. The outcome was a comprehensive report and prioritised roadmap, providing clear guidance to uplift cyber maturity, strengthen governance, and support the journey toward compliance and improved OT resilience.
Safeguarding the industries
that power the world.
Safeguarding the Industries
That Power the World.
Stay updated with Secolve
