AEMC seeks input on proposed clarification of market operator's role in cyber security

The AEMC is considering a rule change that would clarify the role of the Australian Energy Market Operator (AEMO) to assist in maintaining the cyber security of our electricity system.

The proposal is set in out in a consultation paper for stakeholder feedback, following a rule change request by the Honourable Chris Bowen, Minister for Climate Change and Energy.

The AEMC sets the rules for the National Electricity Market (NEM) and provides independent expert energy advice to Australia’s State and Federal Governments. It is strongly focused on providing a framework for a reliable, sustainable electricity system in addition to affordable electricity prices

As our energy system becomes increasingly digitised and interconnected, AEMC Chair Anna Collyer says robust cyber security measures are crucial to ensure the reliability and resilience of electricity supply.

‘’Cyber security is an important enabler for the energy transition. For it be successful, the associated risks need to be well managed.

''The proposed rule change aims to formally recognise the provision of identified cyber security services as one of AEMO's core responsibilities under the National Electricity Rules.

''The objective is to provide clarity on their role in this area, enable cost recovery for cyber security services, and enhance accountability across the industry,'' she said.

The industry has already made significant progress in addressing cyber security challenges through initiatives like the Australian Energy Sector Cyber Security Framework (AESCSF).

Developed in collaboration with AEMO, industry, and government stakeholders, the AESCSF serves as a comprehensive framework and voluntary assessment program, enabling participants to evaluate and improve their cyber security maturity.

In addition, AEMO currently has existing emergency powers to respond to actual cyber incidents.

The proposed rule change aims to build upon these existing efforts, providing AEMO with the necessary tools and resources to further bolster the NEM's resilience against evolving cyber threats.

Under the proposed rule change, AEMO would be specifically required and funded to undertake four cyber security preparedness functions:

Coordinating a NEM cyber incident response plan
Supporting energy businesses to be prepared for cyber incidents
Providing expert cyber security advice to government and industry
Distributing critical cyber security information to market participants

The rule change would apply to AEMO in their capacity as operator of the NEM, which supplies electricity to the eastern states and South Australia.

The AEMC invites all interested stakeholders to provide feedback on the consultation paper by 18 July 2024. The insights gathered will inform the development of a draft determination, set to be published on 26 September 2024.

View the project page for more information and contact details.

Media: Jessica Rich, 0459 918 964, media@aemc.gov.au