Endeavour Energy’s ISMS (Information Security Management System) has achieved the ISO 27001:2022 certification, the internationally recognised standard for cyber and information security management.
The utility said that this is a pioneering move for the Australian energy industry that paves the way for a cyber-secure energy future.
The certification, which covers 20 physical locations including 16 critical substations and control rooms, ensures secure, reliable services across Endeavour Energy’s critical infrastructure, including data centres, training rooms, and secondary systems.
Endeavour Energy said this marks a significant milestone in the company’s ongoing commitment to ensuring the security of its customers, critical infrastructure, and the broader energy sector against the growing threat of cyberattacks.
Endeavour Energy CEO, Guy Chalkley, said, “As we move towards an increasingly smarter grid, cybersecurity remains one of our top priorities.
“The protection of our assets, systems and customer data is critical to maintaining the safety and reliability of energy supply, supporting the clean energy transition, and enabling customers to confidently connect their energy resources to the grid.
“This certification sets a new standard for cybersecurity within the Australian energy sector. It supports secure, bidirectional energy flows powered by our advanced grid management technologies, reinforcing our commitment to building a cyber-resilient future for our business and customers,” Mr Chalkley said.
The ISO 27001:2022 certification is a vital step in Endeavour Energy’s efforts to integrate both operational technology and information technology systems, bolstering its cyber resilience across both domains.
To enhance its cyber security posture and achieve ISO 27001:2022 certification, Endeavour Energy partnered with provider CyberCX.
Endeavour Energy said that CyberCX played a crucial role in helping the utility meet its requirements under the Security of Critical Infrastructure (SOCI) Act, developing a comprehensive ISMS covering both Information and Operational Technology. The implementation process, which spanned 18 months, involved:
- Physical site visits
- Tailored education and training programs
- Identification of critical systems and security controls
- Risk mitigation planning across critical infrastructure and personnel
CyberCX CEO, John Paitaridis, said, “Endeavour Energy is setting the benchmark for building customer trust within the energy sector. CyberCX is proud to support this commitment to safeguarding our electricity grid and enhancing the resilience of critical infrastructure for all Australians.”
Endeavour Energy Information Security Manager, Gijo Varghese, said, “With this certification, we have strengthened the protection of our advanced distribution management systems, substations, and control rooms, ensuring that Endeavour Energy’s operations remain resilient against evolving cyber threats.
“As Australia navigates the current energy transition, it’s essential for the electricity supply industry to continuously enhance its cybersecurity posture to stay ahead of emerging threats.
“The certification allows Endeavour Energy to demonstrate to key stakeholders our commitment to continually improving its cyber security posture, enabling it to be at the forefront of energy transition,” Mr Varghese said.
Featured image: Endeavour Energy