Energex - Appendix 1.1 Confidentiality template
advertisement
Confidentiality template Confidentiality Template Title, page and paragraph number of the document containing the confidential information Appendix 4.3.1 Reactive Asset Replacement Program -Sect 2 Paragraph 3 Description of the confidential information Information such as manufacturer and model numbers, and other product or specific system issues. Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Capex Other Provide a brief explanation of why the confidential information falls into the selected category Releasing this information may cause commercial damage to suppliers of Energex and may impact Energex’s commercial position. -Sect 2.2 Table Lines 3, 10 and 11 Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) Specify reasons supporting how and why detriment would be caused from disclosing the confidential information Details of specific issues encountered with supplier’s products can provide commercial advantage to their competitors and may cause damage to their brand / commercial reputation. The detailed information has been included in the business cases so that Energex can demonstrate appropriate, independently verifiable analysis has been applied to the preparation of the programs/projects proposed. Public release of the specific details however provides no public benefit to consumers, and would actively work against the fair treatment of suppliers which the public expects from Energex. -Sect 2.2.3 Title and Paragraph 1 -Section 2.2.5 Paragraph 1 -Section 2.2.7 -2- Confidentiality template Title, page and paragraph number of the document containing the confidential information Description of the confidential information Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Provide a brief explanation of why the confidential information falls into the selected category Specify reasons supporting how and why detriment would be caused from disclosing the confidential information Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) Details of specific issues encountered with supplier’s products can provide commercial advantage to their competitors and may The detailed information has been included in the business cases so that Energex can demonstrate appropriate, independently verifiable Paragraph 1 -Sect 2.2.8 Title and Paragraph 1 -Sect 2.2.9 Title, Paragraph 1 and 2 -Sect 2.2.10 Paragraph 1 -Sect 2.2.11 Title and Paragraph 1 -Appendix A Appendix 4.3.5 Instrument Transformer Replacement Program Information such as manufacturer and model numbers, and other product or specific system Capex Other Releasing this information may cause commercial damage to suppliers of Energex and may impact Energex’s commercial -3- Confidentiality template Title, page and paragraph number of the document containing the confidential information Description of the confidential information -Executive Summary issues. Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Provide a brief explanation of why the confidential information falls into the selected category position. -Appendix 2 Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) Specify reasons supporting how and why detriment would be caused from disclosing the confidential information cause damage to their brand / commercial reputation. analysis has been applied to the preparation of the programs/projects proposed. Public release of the specific details however provides no public benefit to consumers, and would actively work against the fair treatment of suppliers which the public expects from Energex. Appendix 4.3.7 Air Break Switch Replacement Program -Executive Summary -Sect 1 Information such as manufacturer and model numbers, and other product or specific system issues. Capex Other Releasing this information may cause commercial damage to suppliers of Energex and may impact Energex’s commercial position. -4- Details of specific issues encountered with supplier’s products can provide commercial advantage to their competitors and may cause damage to their brand / commercial The detailed information has been included in the business cases so that Energex can demonstrate appropriate, independently verifiable analysis has been applied to the preparation Confidentiality template Title, page and paragraph number of the document containing the confidential information Description of the confidential information Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Provide a brief explanation of why the confidential information falls into the selected category Paragraph 2 Specify reasons supporting how and why detriment would be caused from disclosing the confidential information reputation. -Sect 3 -Sect 5.2.1 Paragraph 1 -Appendix 1 Commercial SCADA RTU Program: -Sect 3.2.2 -Sect 3.2.2 Paragraph 3, 4 and Figure 2 -Sect 3.2.3 Table 2 of the programs/projects proposed. Public release of the specific details however provides no public benefit to consumers, and would actively work against the fair treatment of suppliers which the public expects from Energex. Paragraph 4 and Table 1 title Appendix 4.3.8 Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) Details which provide useful reconnaissance information for potential cyber security attackers. Capex Information affecting the security of the network Any information which gives those with malicious or mischievous intent details which reveals either computer system, telecommunications or operational technology equipment types, operating system, software application, software Information such as Site Id, manufacturers -5- Information which gives potential cybersecurity attackers details on the electronic equipment in use, its software, computer communications protocols or the way in which the devices are interconnected is of The detailed information has been included in the business cases so that Energex can demonstrate appropriate, independently verifiable analysis has been applied to the preparation of the programs/projects proposed. Confidentiality template Title, page and paragraph number of the document containing the confidential information -Sect 3.2.4 Paragraph 2 and Table 3 -Sect 3.2.5 Paragraph 3 -Sect 3.3 Paragraph 4 -Sect 3.6 Description of the confidential information Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Provide a brief explanation of why the confidential information falls into the selected category and model numbers, communication protocols and information on various software bugs and other product or specific system issues. Specify reasons supporting how and why detriment would be caused from disclosing the confidential information Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) middleware or other relevant to the cybersecurity exploits which may be successful when used against the system should not be made public. significant benefit to planning and executing a successful cyber intrusion. Public release of the specific details however provides no public benefit to consumers, and would actively work against the public interest, increasing the probability of successful cyber intrusion. Any information which gives those with malicious or mischievous intent details which reveals either computer system, telecommunications or operational technology equipment types, operating system, software Information which gives potential cybersecurity attackers details on the electronic equipment in use, its software, computer communications protocols or the way in which the devices are The detailed information has been included in the business cases so that Energex can demonstrate appropriate, independently verifiable analysis has been applied to the preparation of the programs/projects Paragraph 2 Appendix 4.3.9 -Sect 1 Details which provide useful reconnaissance information for potential cyber security attackers. Paragraph 6 Information such SCADA Feature Implementation Program -Executive Summary Capex Information affecting the security of the network -6- Confidentiality template Title, page and paragraph number of the document containing the confidential information -Sect 2 Paragraph 1 -Sect 2.2.1 Table 1, Table 2: Sub ID, Substation Name -Sect 2.2.5 (all) -Sect 2.2.6 Paragraph 2, 4, 5, 10 and 12 Description of the confidential information Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Provide a brief explanation of why the confidential information falls into the selected category as manufacturers and model numbers, communication protocols and information on various software bugs and other product or specific system issues. application, software middleware or other relevant to the cybersecurity exploits which may be successful when used against the system should not be made public. Specify reasons supporting how and why detriment would be caused from disclosing the confidential information interconnected is of significant benefit to planning and executing a successful cyber intrusion. Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) proposed. Public release of the specific details however provides no public benefit to consumers, and would actively work against the public interest, increasing the probability of successful cyber intrusion. -Sect 2.3 Table 3 -Sect 2.4.1 Figure 2 -Sect 2.4.2 Paragraph 1 and 2 -Sect 2.4.2 Figure 3 -Appendix 1 Table 7 -Appendix 2 Table 8 -7- Confidentiality template Title, page and paragraph number of the document containing the confidential information Description of the confidential information Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Provide a brief explanation of why the confidential information falls into the selected category Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) Specify reasons supporting how and why detriment would be caused from disclosing the confidential information (all), Table 9 (all) -Appendix 3 table 10 Sub Appendix 4.3.9 SCADA Feature Implementation Program -Sect 2.4.1 Figure 2 -Sect 2.4.2 Paragraph 1, 2 Details describing issues encountered with specific commercial vendor’s equipment Capex Other Releasing this information may cause commercial damage to suppliers to Energex, and may impact Energex’s competitive position, (protecting the fair treatment of suppliers) Product faults / issues. -Sect 2.4.2 Figure 3 Details of specific issues encountered with supplier’s products can provide commercial advantage to their competitors and may cause damage to their brand / commercial reputation. The detailed information has been included in the business cases so that Energex can demonstrate appropriate, independently verifiable analysis has been applied to the preparation of the programs/projects proposed. Public release of the specific details however provides no public benefit to consumers, and would actively work against the -Appendix 1 Table 7 -8- Confidentiality template Title, page and paragraph number of the document containing the confidential information Description of the confidential information Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Provide a brief explanation of why the confidential information falls into the selected category Specify reasons supporting how and why detriment would be caused from disclosing the confidential information Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) fair treatment of suppliers which the public expects from Energex. Appendix 4.3.10 SCADA Software Continuous Improvement Program -Sect 3.2.2 Table 1, Function, Identification -Sect 3.2.3 Table 2 -Sect 3.3.1 Paragraph 4, 7 and 8 -Sect 3.3.2 Paragraph 1 Details which provide useful reconnaissance information for potential cyber security attackers. Capex Information affecting the security of the network Any information which gives those with malicious or mischievous intent details which reveals either computer system, telecommunications or operational technology equipment types, operating system, software application, software middleware or other relevant to the cybersecurity exploits which may be successful when used against the system should not be made Information such as manufacturers and model numbers, Operating systems, communication protocols and -9- Information which gives potential cybersecurity attackers details on the electronic equipment in use, its software, computer communications protocols or the way in which the devices are interconnected is of significant benefit to planning and executing a successful cyber intrusion. The detailed information has been included in the business cases so that Energex can demonstrate appropriate, independently verifiable analysis has been applied to the preparation of the programs/projects proposed. Public release of the specific details however provides no public benefit to consumers, and would actively work against the public interest, increasing Confidentiality template Title, page and paragraph number of the document containing the confidential information -Appendix 1 Table , Platform Classification -Appendix 2 Table -Appendix 3 Table Appendix 4.3.11 OT Environment Establishment and Migrations Program -Executive Summary -Contents -Sect 1 Paragraph 6 -Sect 2 Paragraph 1, 2 and 3 -Sect 3.1 (all) Description of the confidential information Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Provide a brief explanation of why the confidential information falls into the selected category information on various software bugs and other product or specific system issues. Details which provide useful reconnaissance information for potential cyber security attackers. Specify reasons supporting how and why detriment would be caused from disclosing the confidential information public. Capex Information affecting the security of the network Information such as Sites, initiative details, manufacturers and model numbers, and other product or -10- Any information which gives those with malicious or mischievous intent details which reveals either computer system, telecommunications or operational technology equipment types, operating system, software application, software middleware or other relevant to the cybersecurity exploits which may be successful Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) the probability of successful cyber intrusion. Information which gives potential cybersecurity attackers details on the electronic equipment in use, its software, computer communications protocols or the way in which the devices are interconnected is of significant benefit to planning and executing a successful cyber intrusion. The detailed information has been included in the business cases so that Energex can demonstrate appropriate, independently verifiable analysis has been applied to the preparation of the programs/projects proposed. Public release of the specific details however provides no public benefit to consumers, and would Confidentiality template Title, page and paragraph number of the document containing the confidential information -Sect 3.2 Paragraph 2, 6 Description of the confidential information Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Provide a brief explanation of why the confidential information falls into the selected category specific system issues. when used against the system should not be made public. -Sect 3.3 -Sect 3.4 (all) Specify reasons supporting how and why detriment would be caused from disclosing the confidential information Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) actively work against the public interest, increasing the probability of successful cyber intrusion. -Sect 3.5 -Sect 3.5.1 (all) -Sect 3.5.2 (all) -Sect 3.5.3 (all) -Sect 3.5.4 (all) -Sect 4.1 Paragraph 1 -Sect 4.1 Table 1 Risk Scenario -Sect 4.2.1 Paragraph 2 -Sect 4.2.2 Table 2 -11- Confidentiality template Title, page and paragraph number of the document containing the confidential information Description of the confidential information Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Provide a brief explanation of why the confidential information falls into the selected category Specify reasons supporting how and why detriment would be caused from disclosing the confidential information Any information which gives those with malicious or mischievous intent details which reveals either computer system, telecommunications or operational technology equipment types, operating system, software application, software middleware or other relevant to the cybersecurity exploits Information which gives potential cybersecurity attackers details on the electronic equipment in use, its software, computer communications protocols or the way in which the devices are interconnected is of significant benefit to planning and executing a successful cyber Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) Risk Scenario -Sect 4.3.1 Paragraph 1 -Sect 5 Table 5 -Appendix 1 Appendix 4.3.12 OT Environment – Refurbishment Program -Sect 3 Table 1 Equipment details -Sect 5 Table Equipment details Details which provide useful reconnaissance information for potential cyber security attackers. Capex Information affecting the security of the network Information such as manufacturers and model numbers, and other product or -12- The detailed information has been included in the business cases so that Energex can demonstrate appropriate, independently verifiable analysis has been applied to the preparation of the programs/projects proposed. Public release of the specific details however Confidentiality template Title, page and paragraph number of the document containing the confidential information Description of the confidential information Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Provide a brief explanation of why the confidential information falls into the selected category specific system issues. Appendix 4.4.2 Core IP/MPLS Telecommunications Network (Matrix): -Sect 3.1.2 Paragraph 4 -Sect 3.1.4 Paragraph 1 -Sect 4.1 Paragraph 1 and 3 Details which provide useful reconnaissance information for potential cyber security attackers. Capex Information affecting the security of the network Information such as Site Id, manufacturers and model numbers, communication -13- Specify reasons supporting how and why detriment would be caused from disclosing the confidential information Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) which may be successful when used against the system should not be made public. intrusion. provides no public benefit to consumers, and would actively work against the public interest, increasing the probability of successful cyber intrusion. Any information which gives those with malicious or mischievous intent details which reveals either computer system, telecommunications or operational technology equipment types, operating system, software application, software middleware or other relevant to the cybersecurity exploits which may be successful Information which gives potential cybersecurity attackers details on the electronic equipment in use, its software, computer communications protocols or the way in which the devices are interconnected is of significant benefit to planning and executing a successful cyber The detailed information has been included in the business cases so that Energex can demonstrate appropriate, independently verifiable analysis has been applied to the preparation of the programs/projects proposed. Public release of the specific details however provides no public benefit Confidentiality template Title, page and paragraph number of the document containing the confidential information -Sect 4.2.2 Bullet point 3 -Appendix 1 -Paragraph 1 and Tables Appendix 4.4.6 RTU Replacement Program: -Sect 3.1 Paragraph 2, Table 1 and Table 2 -Sect 3.4 Paragraph 1 Description of the confidential information Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Provide a brief explanation of why the confidential information falls into the selected category protocols and information on various software bugs and other product or specific system issues. Details which provide useful reconnaissance information for potential cyber security attackers. Capex Information affecting the security of the network Information such as Site Id, manufacturers and model numbers, communication -14- Specify reasons supporting how and why detriment would be caused from disclosing the confidential information Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) when used against the system should not be made public. intrusion. to consumers, and would actively work against the public interest, increasing the probability of successful cyber intrusion. Any information which gives those with malicious or mischievous intent details which reveals either computer system, telecommunications or operational technology equipment types, operating system, software application, software middleware or other relevant to the cybersecurity exploits Information which gives potential cybersecurity attackers details on the electronic equipment in use, its software, computer communications protocols or the way in which the devices are interconnected is of significant benefit to planning and executing a successful cyber The detailed information has been included in the business cases so that Energex can demonstrate appropriate, independently verifiable analysis has been applied to the preparation of the programs/projects proposed. Public release of the specific details however provides no public benefit Confidentiality template Title, page and paragraph number of the document containing the confidential information Description of the confidential information Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Provide a brief explanation of why the confidential information falls into the selected category protocols and information on various software bugs and other product or specific system issues. Appendix 4.4.7 Obsolete SCADA Equipment: -Sect 3.1.1 Paragraph 2 Details which provide useful reconnaissance information for potential cyber security attackers. Capex Information affecting the security of the network -Sect 3.1.1 Table 1 -Sect 3.1.2 Table 2 -Sect 3.2.1 Table 4 -Sect 3.2.2 Table 5, Table 6 and Table 7 Information such as Site Id, manufacturers and model numbers, communication -15- Specify reasons supporting how and why detriment would be caused from disclosing the confidential information Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) which may be successful when used against the system should not be made public. intrusion. to consumers, and would actively work against the public interest, increasing the probability of successful cyber intrusion. Any information which gives those with malicious or mischievous intent details which reveals either computer system, telecommunications or operational technology equipment types, operating system, software application, software middleware or other relevant to the cybersecurity exploits which may be successful Information which gives potential cybersecurity attackers details on the electronic equipment in use, its software, computer communications protocols or the way in which the devices are interconnected is of significant benefit to planning and executing a successful cyber The detailed information has been included in the business cases so that Energex can demonstrate appropriate, independently verifiable analysis has been applied to the preparation of the programs/projects proposed. Public release of the specific details however provides no public benefit Confidentiality template Title, page and paragraph number of the document containing the confidential information -Sect 3.2.3 Title and Table 8 -Sect 3.2.5 Title -Sect 3.3 Table 9 -Sect 4.1 Table 10 Description of the confidential information Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Provide a brief explanation of why the confidential information falls into the selected category protocols and information on various software bugs and other product or specific system issues. Specify reasons supporting how and why detriment would be caused from disclosing the confidential information Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) when used against the system should not be made public. intrusion. to consumers, and would actively work against the public interest, increasing the probability of successful cyber intrusion. The disclosure of effective rates could be misused by ICT panel participants. The disclosure of rates will undermine the competitive tension between service providers on the ICT panel It is in the long term interest of the public to pay an economically efficient rate for electricity usage. By allowing ICT service providers access to information on ICT competitors may result in -Sect 4.2 Table -Sect 5 Bullet point 3 -Appendix 2 KPMG (2015) – Report to the Board of Sparq Solutions on ICT Expenditure Forecasts for the Period: 2015-2020 Page 8 Page 27 The report contains daily rates achieved through the competitive ICT service provider panel established in SPARQ. ICT daily labour rates Market sensitive cost inputs -16- Confidentiality template Title, page and paragraph number of the document containing the confidential information Page 30 Description of the confidential information Topic the confidential information relates to (e.g. capex, opex, the rate of return) Identify the recognised confidentiality category that the confidential information falls within Provide a brief explanation of why the confidential information falls into the selected category Specify reasons supporting how and why detriment would be caused from disclosing the confidential information Seeking to redact the actual daily rates. KPMG (2015) – Report to the Board of Sparq Solutions on ICT Expenditure Forecasts for the Period: 2015-2020 The report contains financial information of cost of outsourced ICT functions. Pages 47-55 Seeking to redact the financial data only Column titled $AUD Outsourced. Provide any reasons supporting why the identified detriment is not outweighed by the public benefit (especially public benefits such as the effect on the long term interests of consumers) an economically inefficient price being offered to Ergon Energy, and hence passed through to consumers. Cost of outsourced ICT service Market sensitive cost inputs -17- The disclosure could be misused by ICT service providers. The disclosure will undermine the competitive tension between ICT service providers. It is in the long term interest of the public to pay an economically efficient rate for electricity usage. By allowing ICT service providers access to information on ICT competitors may result in an economically inefficient price being offered to Ergon Energy, and hence passed through to consumers. Confidentiality template Proportion of confidential material Submission title Revised regulatory proposal Revised regulatory proposal appendices Number of pages of submission that includes information subject to a claim of confidentiality Number of pages of submission that do not include information subject to a claim of confidentiality Total number of pages of submission Percentage of pages of submission that include information subject to a claim of confidentiality Percentage of pages of submission that do not include information subject to a claim of confidentiality 0 159 159 0% 100% 104 1306 1410 7.4% 92.6% (excluding appendices 7.9 and 7.10 as these are spreadsheets) -18- Confidentiality template
