15 December 2020

In 2021, the Greenhouse and Energy Minimum Standard Regulator (GEMS Regulator) will be releasing several security updates to the Energy Rating Product Registration System (the Registration System).

These updates aim to:

  • Increase the security of the passwords in the Registration System;
  • Further protect the Registration System against denial-of-service attacks;
  • Restrict access to the Registration System to current users;
  • Outline acceptable use of the Registration System.

These changes involve you as the end user and your access to the Registration System. The GEMS Regulator will provide further details on these changes in coming months.

Applications such as the Registration System are facing an increased risk of attack from malicious individuals or organisations. These individuals or organisations seek to disrupt or compromise systems and infrastructure, using sophisticated software and hacking tools. They take advantage of vulnerabilities in user login details to penetrate systems and avoid detection. The intent is often to steal or compromise data, or make a system unavailable.

The consequences of a cyber-attack are severe and can include:

  • Disruption to daily business;
  • Significant financial loss;
  • Loss of intellectual property; and
  • Reputational damage.

The GEMS Regulator is taking steps to protect the Registration System against cyber-threats. This is occurring in consultation with the Energy Efficiency Conservation Authority (EECA) in New Zealand (the New Zealand Regulator).

These steps include:

  • applying regular security updates to the system infrastructure;
  • implementing the strategies from the Australian Cyber Security Centre’s (ACSC) Essential Eight; and
  • implementing the security controls from the Australian and New Zealand information security manuals.

We have incorporated cyber security into our day-to-day business and remain alert to potential threats. We look for new opportunities to increase the Registration System’s overall defence against cyber-attacks.

The security of the Registration System and its data is a high priority for both Regulators. We commit to ensuring the confidentiality, integrity and availability of the Registration System. 

We also know that keeping our system secure is a shared responsibility.  As a user of the Registration System, you also have a role to play. This includes:

  • Keeping your username and password confidential;
  • Using passwords that are difficult to guess and contain numbers, letters and special characters;
  • Logging out of the Registration System when you are no longer using it;
  • Refraining from using group or shared accounts;
  • Reporting suspicious activity to energyrating@industry.gov.au;
  • Refraining from attempting to circumvent or disrupt the security mechanisms that protect the Registration System.

If we all play our part, we can keep the Registration System safe from cyber-threats.

Please contact energyrating@industry.gov.au for further information.