FuturePlace Interview Spotlight, Qudsia Maher.
FuturePlace recently interviewed Qudsia Maher, Senior Manager – Cybersecurity Platforms at AGL Energy, Australia’s largest electricity generator. Qudsia shared her insights on the importance of cybersecurity in risk management strategy for today’s crucial infrastructure assets and their heightened threat landscape.
FuturePlace: Could you describe your role?
Qudsia Maher: As the Senior Manager of AGL’s Cybersecurity Platforms team, I oversee the delivery of two critical security capabilities and manage the enabling platforms. The first capability is identity, which involves protecting and governing workforce identity and its digital assets. The second capability is Network Security and Automation, which focuses on automation to ensure platform optimisation and efficiency. With the convergence of OT and IT devices, along with an increasing dependency on IoT, continual optimisation of security platforms and integration with monitoring tools is necessary to achieve breadth and depth of coverage. Additionally, my team is focused on creating and implementing fine-grained metrics to achieve operational excellence. I am excited to speak at the Cybersecurity in Infrastructure Assets event and address the growing industry challenges and opportunities to achieve operational excellence in OT/IT security.
FP: What role does Cybersecurity play in your risk management strategy?
Qudsia: Technology and Cybersecurity are at the core of AGL’s business strategy. Unlocking growth through technology, digitisation, and AI – enhancing customer experience as well as trading, operational and risk management capabilities. With growing proportion of organisational assets being digital and public internet facing, the threat landscape is ever changing. Therefore, continual identification, analysing, evaluating, and addressing AGL’s cyber threat and protecting AGL and its customers is the primary role of Cybersecurity.
FP: How do you collaborate with internal and external stakeholders to ensure that Cybersecurity is integrated into all aspects?
Qudsia: At AGL, we take Cybersecurity seriously and have established several internal teams and processes to ensure it is integrated into all aspects of our operations. Our Cybersecurity awareness team and cyber champions foster a culture of security awareness, while our Architecture and advisory team acts as the conduit between Cybersecurity and the rest of the organisation. Our 3rd party/supplier risk management team works with suppliers to ensure the products and services we use meet our security requirements. By working together, these teams ensure that AGL is secure and protected against potential cyber threats.
At AGL, our Cybersecurity team plays a crucial role not only in engaging with individuals outside of our organisation but also with various external regulatory and governance bodies. These include the Department of Home Affairs and the Australian Energy Market Operator (AEMO), as well as the Trusted Information Sharing Network (TISN) and the Australian Cyber Security Centre (ACSC).
In line with the requirements of the Security of Critical Infrastructure (SOCI) Act 2018, we have adopted an all-hazards based approach to managing risks to the critical infrastructure we operate, particularly the electricity we generate. This approach enables us to proactively identify, prevent, and mitigate risks, including cyber risks, for our critical electricity generation capacity. By taking a holistic approach to risk management, we ensure the safety and security of our operations, our employees, and our customers.
FP: What are some of the emerging trends and technologies that you are closely monitoring in the field?
Qudsia: As security professionals, we are closely monitoring emerging trends and technologies such as Artificial Intelligence (AI), Drones, Distributed Energy Resources, Customer Data Platform, and Edge Computing to ensure we are aware of and managing the security threats and vulnerabilities associated with these technologies.
FP: What advice would you give to other organisations looking to enhance the Cybersecurity of their infrastructure assets, particularly in the context of OT/IT convergence?
Qudsia: At AGL, we prioritise Cybersecurity and have identified key areas for security best practices that we recommend to other organisations looking to enhance the Cybersecurity of their infrastructure assets. These include maintaining a comprehensive asset inventory, implementing enhanced monitoring and detection capability, and executing effective incident response and risk management plans.
FP: How do you see the field of infrastructure asset Cybersecurity evolving in the next few years, and what implications do you see for organisations in this space?
Qudsia: In the global context, we have seen the threat landscape change for organisations involving critical infrastructure assets. To combat the threat, we have already seen the introduction of the SOCI Act, to ensure required Cybersecurity maturity to protect critical infrastructure. We expect government and regulatory requirements to only get stronger over time, which would continue to drive organisation’s focus on Cybersecurity.
Cybersecurity for Infrastructure Summit
Qudsia will be speaking at the Cybersecurity for Infrastructure Summit, taking place on 7 June 2023 in Sydney. It will bring together senior executives responsible for cybersecurity and data protection, technology, governance, legal and compliance leaders, to discuss big themes.