A discussion with Tom Huth (AEMO) and Ryan McLaren (Retrospect Labs) explore why the energy sector is viewed as ahead in cybersecurity; electricity and gas outages are immediately felt by consumers, the supply chain is tightly interdependent, and networks are more collaborative due to geographic operating roles.
McLaren contrasts tabletop exercises with functional simulations, arguing hands-on testing exposes deeper issues and builds “muscle memory” so teams can respond calmly under pressure, while acknowledging every incident is unique and plans must guide, not prescribe, actions.
Both highlight gaps including inconsistent ongoing investment, preparing for sophisticated or unfamiliar threat actor tradecraft, establishing trusted cross-sector communications when environments become untrusted, and coordinating crisis communications across many stakeholders amid legal and public scrutiny.
They emphasize shared resilience, regular exercising, and improving industry–government collaboration alongside evolving regulation.