Login

Promote Your Company       |     Contact

Independent Cyber News.

Australia’s Power Grid Faces a New Threat. Cyber Leaders say other Critical Sectors are Falling Behind
Continuous Business | Critical Infrastructure | Security Operations
Posted: Monday, May 04
  • KBI.Media
  • $
  • Australia’s Power Grid Faces a New Threat. Cyber Leaders say other Critical Sectors are Falling Behind
Karissa Breen, more commonly known as KB, is crowned a LinkedIn ‘Top Voice in Technology’, and widely recognised across the global cybersecurity industry. A serial entrepreneur, she is the co-founder of the TMFE Group, a portfolio of cybersecurity-focused businesses spanning an industry-leading media platform, a specialist marketing agency, a content production studio, and the executive headhunting firm, MercSec. Now based in the United States, KB oversees US editorial operations and leads the expansion of the group’s media footprint across North America, while maintaining a strong presence in Australia, and the broader global market. She is the former Producer and Host of the streaming show 2Fa.tv, and currently sits at the helm of journalism for the group’s flagship arm, KBI.Media, the independent cybersecurity media company. As a cybersecurity investigative journalist, KB hosts her globally-renowned podcast, KBKast, where she interviews leading cybersecurity practitioners, CISOs, government officials including heads-of-state, and industry pioneers from around the world. The podcast has been downloaded in over 65 countries with more than 400,000 global downloads, influencing billions of dollars in cybersecurity budgets. KB is known for asking the hard questions and extracting real, commercially relevant insights. Her approach provides an uncoloured, strategic lens on the evolving cybersecurity landscape, demystifying complex security issues and translating them into practical intelligence for executives navigating risk, regulation, and rapid technological change.

i 3 Table of Contents

Australia’s Power Grid Faces a New Threat. Cyber Leaders say other Critical Sectors are Falling Behind
From Karissa Breen

​Australia’s energy sector may be further ahead than most industries when it comes to cybersecurity preparedness, but experts say the rest of the nation’s critical infrastructure sectors still have a long way to go before they’re ready for a major cyber crisis.

Tom Huth, Specialist Energy Market Cyber Incident Coordination, at Australian Energy Market Operator (AEMO) and Ryan McLaren, Co-Founder and Chief Operating Officer at Retrospect Labs outlined why the energy industry has become one of the most coordinated sectors in the country and why regular Australians may not fully understand how disruptive a cyber attack on electricity systems could actually become.

“There’s kind of a real understanding of each of our roles in the supply chain and how a cyber incident could impact one organisation, but cause impacts to others,” Huth said.

Unlike many industries where outages may go unnoticed for hours or days, electricity failures are felt immediately.

“When things stop working, people realise,” Huth explained.

That reality of not turning your light on has forced energy providers to adopt a more collaborative posture than many other sectors.

From phones losing battery power to air conditioning systems shutting down during extreme heat, the experts said modern society’s dependence on electricity means even short disruptions can instantly trigger panic and frustration.

“The consumers and businesses will immediately feel the impacts of electricity outages in particular,” Huth said.

As governments worldwide are of course concerned about cyber attacks targeting energy systems, utilities, telecommunications networks and transportation infrastructure.

But while many organisations conduct cybersecurity tabletop exercises, discussion based simulations designed to test incident response McLaren argued that many businesses still fail to prepare for the chaos of a real world attack.

“When you run a tabletop discussion based exercise, that’s a really great way to start testing your incident response plan,” McLaren said. “But when you think about that functional type of exercise, it’s much more hands on where you’re responding to the exercise or the simulation as though it were a real incident.”

According to McLaren, the difference between ‘theoretical planning’ and operational readiness often becomes painfully obvious once a real crisis start to unfold.

“We really want it to be thought of as a really controlled, really coordinated way of responding to these complex, difficult and very chaotic incidents,” he said.

Many companies are still treating cyber investment as a one time purchase instead of an ongoing operational requirement.

“One of the biggest capability gaps that I see at a really, really big level is that organisations don’t continue to invest in capability,” McLaren said.

Companies often spend heavily on cybersecurity programs initially, only to later reduce budgets, lose experienced personnel, or fail to continue maturing their defences and processes over time.

“It’s not enough to put something in place and say, ‘we’ve achieved this,’” McLaren said. “It’s only good for a certain time and it will decrease in its effectiveness over time.”

For the energy sector specifically, Huth said one of the biggest emerging concerns is the possibility that communication systems themselves become compromised during a big scale cyber incident.

“We assume that during a significant cyber incident, our environments will become untrusted and we’ll no longer be able to rely on our enterprise tools to communicate with one another,” Huth said.

That in turn creates an entirely new challenge of how do organisations verify who they are speaking to when email systems, phone systems, or internal networks may no longer be trustworthy?

“How do I actually work out that the person who’s calling me is who they say they are?” Huth asked.

The experts also pointed to another growing issue which was around the conundrum towards public communication during a cyber crisis.

In recent years, major cyber incidents involving healthcare providers, telecommunications companies and financial institutions have provoked widespread criticism over how organisations communicated with customers and the public.

But Huth added that a cyber attack causing a prolonged outage of essential services would likely create a completely different communications challenge.

“What we haven’t yet had a lot of is significant outages of critical services,” he said. “When something really critical to everyday life in Australia has an outage as a result of a cyber incident, those comms will necessarily need to be slightly different.”

McLaren said the locked in public attention surrounding cyber incidents is already changing how businesses and governments respond.

“More cyber incidents are being reported by the general mainstream media and the general public’s becoming more and more aware of it,” he said.

He also noted that Australia’s regulatory environment is becoming more aggressive, with enterprises facing legal scrutiny over whether they implemented adequate cybersecurity protections before suffering breaches or outages.

“We are seeing that advent of the more aggressive kind of legal domain where organisations are being pursued through legal channels for perceived failings in their cyber security posture,” McLaren said.

​“It’s much, much better than working in a silo,” Huth said.

Still, one Australia’s biggest advantages is about the cooperation between government agencies, energy operators, and private sector companies.

Watch the full interview here: https://kbi.media/interview/tom-huth-ryan-mclaren/

More From This Contributor

No results found.
All Press Releases

Other Recent Articles

No results found.
Article Archives
Share This