CASE STUDY — Building Resilience with Cyber Security

Problem statement

TasNetworks required a sustainable approach to cyber security to protect its assets and operations using a risk management approach and in preparation for upcoming changes to the Security of Critical Infrastructure (SoCI) Act.

Phase one

The customer (CISO) requested a comprehensive response to Cyber Security for the organisation. Phase 2 included extensive consultation with all areas of the business including corporate services, ICT and OT. This highlighted a range of gaps in terms of technology and BAU capabilities (role gaps).

Phase two

Phase 2 included the development of a business case that proposed significant further investment in Cyber Security (+$10M) over the regulated period. Investment included an uplift to tooling (detection, asset inventory management) and the implementation of a Cyber Security Target Operating Model (TOM) including the hiring of key roles such as Threat Analysts, a full-time Program Manager and Architects. The Business Case was approved and TOM/tooling implemented.