Australian Energy Sector Cyber Security Framework

The 2023 AESCSF Program is now closed.

Protecting Australia’s energy sector from cyber threats is of national importance. This has been as recognised by the inclusion of the energy sector within the Security of Critical Infrastructure Act 2018 (SoCI Act) reforms. These reforms support the ability of the energy sector to maintain secure and reliable energy supplies thereby supporting our economic stability and national security.


In response to the Independent Review into the Future Security of the National Electricity Market - Blueprint for the Future recommendation 2.10, in 2018 the Australian Energy Market Operator (AEMO) collaborated with industry and government to develop a tailored cyber security framework for the Australian energy sector – the Australian Energy Sector Cyber Security Framework (AESCSF).

The AESCSF is both a framework and an annual voluntary assessment program. The program covers Australia’s electricity, gas markets (since 2021) and liquid fuels sector (since 2022).

Participation in the AESCSF program enables participants to undertake assessments of their own cyber security capability and maturity. Participants can use the results to inform and prioritise investment to improve cyber security posture. Participation is voluntary.

Each participating organisation’s assessments are anonymised, and the aggregated results analysed to produce the annual Report into the cyber security preparedness of the Australian electricity, gas and liquids sector. The confidential report is provided to Energy Ministers to support the energy sector’s developing cyber maturity. The program provides valuable national energy cyber security capability and maturity insights to complement SoCI Act reforms.

2024 June Update

Details on future AESCSF programs are expected from August 2024.

Organisations can continue to utilise the AESCSF offline tool kit to perform self-assessments that support cyber uplift programs, prioritisation, and investment and supporting Risk Management Plan (RMP) regulatory obligations under the SoCI Act.

You can complete the AESCSF Offline Toolkit anytime by visiting our AESCSF Framework and Resources page.


For further information on the AESCSF please contact the Project Team:

Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.