Secolve Update: July 2023

This month has been a busy start to the new financial year for Secolve. We held our company kick-off at the beginning of July, and it was great to get together as a team. We reflected on everyone's wins from the previous year and focused a lot of thought into brainstorming ideas around our mission statement, company values, and our OT security awareness training platform, OT-SAT . ???

The theme that came up repeatedly during our session is that we are OT security specialists. We truly have an incredible team of OT security experts at Secolve who partner with critical infrastructure organisations on their OT security journey. This is something we are all passionate about!???

Some of the team were in Hobart last week, for our Hobart OT cyber security meetup. They had a great time and enjoyed catching up with the local OT security community. This week, the team are off to New Zealand to attend?the first NZ ICS conference and are looking forward to an excellent event. Don't hesitate to come and?say hi if you’re also planning on attending.?

AESCSF V2 is nearly here! AEMO have indicated ?we can expect the updated version 2 to be landing between August and September. Organisations will also now have until October to December 2023 to submit their assessment. AESCSF compliance is a Secolve specialty, so if you need help with your assessment or uplifting compliance to meet the requirements, reach out to our team today. ?

We’ve added even more content on OT-SAT around OT security topics such as IEC 62443 .? A frequent concern that has been brought up in our industry discussions is the importance of cyber safety culture, and security awareness training is a core component in establishing and driving cultural change within an organisation. Get in touch for a demo to see how our video-based OT security awareness training platform could suit your organisation.?

Finally, as we move into the latter part of this year, our team is keeping busy ensuring OT security is staying front and center! We’re planning more OT security events to connect industry professionals and continuing to?help organisations with their obligations surrounding?the CIRMP (Critical Infrastructure Risk Management Program), AESCSF, and all their other OT security needs. ?

- Belinda?

August 1

The?2023 NZ ICS/OT Cyber Summit ?is almost on!?This in-person event will provide valuable insights for?Industrial Control System (ICS) Engineers and Managers, Technical/Management from IT/Security teams responsible?for ICS/OT network/security in industrial organisations, and?ICS/OT Cyber Security Engineers/Architects/Consultants.?

August 2

If you regularly come across the terms “RPEQ sign-off” or “RPEQed” in your workplace then it is likely that there is some confusion regarding how the modern Professional Engineers Act of Queensland operates. This could cause significant issues for you and for your colleagues.?

Our own Sean Murdoch will be presenting?Sign-off by a registered engineer is not enough - Legal obligations of performing and managing engineering?at?Professionals Australia's offices in South Brisbane.?Click through for more details and to register your attendance .?

Land transport, government, and mining are the newest sector groups to have been added to the Trusted Information Sharing Network (TISN) . This brings the total included sector groups from 13 to 16.?

AEMO have revised their?AESCSF schedule?timeline, with updates to the release of AESCSF V2 and self-assessment period deadlines. If this is a requirement for your organisation, you should familiarise yourself with the updated timeline .?

More details have been released about an attack on a US water treatment facility’s critical infrastructure . A disgruntled ex-employee intentionally uninstalled the main operational and monitoring system for the water treatment plant in an attack reminiscent of the Maroochy Shire Sewage Spill 2000.??

Hundreds of internet-exposed devices inside solar farms remain unpatched against a critical and actively exploited vulnerability allowing remote attackers to disrupt operations or gain a foothold inside the facilities. Roughly 30,000 power stations have introduced the devices, sold by Contec under the brand name SolarView.?

The Port of Nagoya was targeted in a ransomware attack that impacted the operation of container terminals. The port is the largest and busiest port in Japan, and accounts for roughly 10% of Japan's total trade volume. You can read more about the incident here .?