Skip to main content

PNNL

  • About
  • News & Media
  • Careers
  • Events
  • Research
    • Scientific Discovery
      • Biology
        • Chemical Biology
        • Computational Biology
        • Ecosystem Science
        • Human Health
          • Cancer Biology
          • Exposure Science & Pathogen Biology
        • Integrative Omics
          • Advanced Metabolomics
          • Chemical Biology
          • Mass Spectrometry-Based Measurement Technologies
          • Spatial and Single-Cell Proteomics
          • Structural Biology
        • Microbiome Science
          • Biofuels & Bioproducts
          • Human Microbiome
          • Soil Microbiome
          • Synthetic Biology
        • Predictive Phenomics
      • Chemistry
        • Computational Chemistry
        • Chemical Separations
        • Chemical Physics
        • Catalysis
      • Earth & Coastal Sciences
        • Global Change
        • Atmospheric Science
          • Atmospheric Aerosols
          • Human-Earth System Interactions
          • Modeling Earth Systems
        • Coastal Science
        • Ecosystem Science
        • Subsurface Science
        • Terrestrial Aquatics
      • Materials Sciences
        • Materials in Extreme Environments
        • Precision Materials by Design
        • Science of Interfaces
        • Solid Phase Processing
          • Cold Spray
          • Friction Stir Welding & Processing
          • ShAPE
      • Nuclear & Particle Physics
        • Dark Matter
        • Fusion Energy Science
        • Neutrino Physics
      • Quantum Information Sciences
    • Energy Resiliency
      • Electric Grid Modernization
        • Emergency Response
        • Grid Analytics
          • AGM Program
          • Tools and Capabilities
        • Grid Architecture
        • Grid Cybersecurity
        • Grid Energy Storage
        • Transmission
        • Distribution
      • Energy Efficiency
        • Appliance and Equipment Standards
        • Building Energy Codes
        • Building Technologies
          • Advanced Building Controls
          • Advanced Lighting
          • Building-Grid Integration
        • Building and Grid Modeling
        • Commercial Buildings
        • Federal Buildings
          • Federal Performance Optimization
          • Resilience and Security
        • Residential Buildings
          • Building America Solution Center
          • Energy Efficient Technology Integration
          • Home Energy Score
        • Energy Efficient Technology Integration
      • Energy Storage
        • Electrochemical Energy Storage
        • Flexible Loads and Generation
        • Grid Integration, Controls, and Architecture
        • Regulation, Policy, and Valuation
        • Science Supporting Energy Storage
        • Chemical Energy Storage
      • Environmental Management
        • Waste Processing
        • Radiation Measurement
        • Environmental Remediation
      • Fossil Energy
        • Subsurface Energy Systems
        • Carbon Management
          • Carbon Capture
          • Carbon Storage
          • Carbon Utilization
        • Advanced Hydrocarbon Conversion
      • Nuclear Energy
        • Fuel Cycle Research
        • Advanced Reactors
        • Reactor Operations
        • Reactor Licensing
      • Renewable Energy
        • Solar Energy
        • Wind Energy
          • Wind Resource Characterization
          • Wildlife and Wind
          • Community Values and Ocean Co-Use
          • Wind Systems Integration
          • Wind Data Management
          • Distributed Wind
        • Marine Energy
          • Environmental Monitoring for Marine Energy
          • Marine Biofouling and Corrosion
          • Marine Energy Resource Characterization
          • Testing for Marine Energy
          • The Blue Economy
        • Hydropower
          • Environmental Performance of Hydropower
          • Hydropower Cybersecurity and Digitalization
          • Hydropower and the Electric Grid
          • Materials Science for Hydropower
          • Pumped Storage Hydropower
          • Water + Hydropower Planning
        • Grid Integration of Renewable Energy
        • Geothermal Energy
      • Transportation
        • Bioenergy Technologies
          • Algal Biofuels
          • Aviation Biofuels
          • Waste-to-Energy and Products
        • Hydrogen & Fuel Cells
        • Vehicle Technologies
          • Emission Control
          • Energy-Efficient Mobility Systems
          • Lightweight Materials
          • Vehicle Electrification
          • Vehicle Grid Integration
    • National Security
      • Chemical & Biothreat Signatures
        • Contraband Detection
        • Pathogen Science & Detection
        • Explosives Detection
        • Threat-Agnostic Biodefense
      • Cybersecurity
        • Discovery and Insight
        • Proactive Defense
        • Trusted Systems
      • Nuclear Material Science
      • Nuclear Nonproliferation
        • Radiological & Nuclear Detection
        • Nuclear Forensics
        • Ultra-Sensitive Nuclear Measurements
        • Nuclear Explosion Monitoring
        • Global Nuclear & Radiological Security
      • Stakeholder Engagement
        • Disaster Recovery
        • Global Collaborations
        • Legislative and Regulatory Analysis
        • Technical Training
      • Systems Integration & Deployment
        • Additive Manufacturing
        • Deployed Technologies
        • Rapid Prototyping
        • Systems Engineering
      • Threat Analysis
        • Advanced Wireless Security
          • 5G Security
          • RF Signal Detection & Exploitation
        • Internet of Things
        • Maritime Security
        • Millimeter Wave
        • Mission Risk and Resilience
    • Data Science & Computing
      • Artificial Intelligence
      • Graph and Data Analytics
      • Software Engineering
      • Computational Mathematics & Statistics
      • Future Computing Technologies
        • Adaptive Autonomous Systems
    • Publications & Reports
    • Featured Research
  • People
    • Inventors
    • Lab Leadership
    • Lab Fellows
    • Staff Accomplishments
  • Partner with PNNL
    • Education
      • Undergraduate Students
      • Graduate Students
      • Post-graduate Students
      • University Faculty
      • University Partnerships
      • K-12 Educators and Students
      • STEM Education
        • STEM Workforce Development
        • STEM Outreach
        • Meet the Team
      • Internships
    • Community
      • Regional Impact
      • Philanthropy
      • Volunteering
    • Industry
      • Available Technologies
      • Industry
      • Industry Partnerships
      • Licensing & Technology Transfer
      • Entrepreneurial Leave
      • Visual Intellectual Property Search (VIPS)
  • Facilities & Centers
    • All Facilities
      • Atmospheric Radiation Measurement User Facility
      • Electricity Infrastructure Operations Center
      • Energy Sciences Center
      • Environmental Molecular Sciences Laboratory
      • Grid Storage Launchpad
      • Institute for Integrated Catalysis
      • Interdiction Technology and Integration Laboratory
      • PNNL Portland Research Center
      • PNNL Seattle Research Center
      • PNNL-Sequim (Marine and Coastal Research)
      • Radiochemical Processing Laboratory
      • Shallow Underground Laboratory

Assisting State Security in Energy Together (ASSET)

  • Cybersecurity Resources

Breadcrumb

  1. Home
  2. Projects
  3. Assisting State Security in Energy Together (ASSET)

Cybersecurity Resources

The Department of Energy (DOE), Office of Cybersecurity, Energy Security, and Emergency Response (CESER)—along with Pacific Northwest National Laboratory (PNNL), the National Association of State Energy Officials (NASEO), the National Association of Regulatory Utility Commissioners (NARUC), and the National Governors Association (NGA)—have curated an extensive collection of resources and practical materials from trusted partners to assist state energy officials in protecting their state’s energy assets. This collection of cybersecurity resources will be updated regularly with new materials as they become available.

Resources are organized by entity and year; click below to view each collection.

  • DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER)
  • National Governors Association (NGA)
  • National Association of State Energy Officials (NASEO)
  • National Association of Regulatory Utility Commissioners (NARUC)
  • Additional Resources 
    These resources are authored and published by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security, and other intelligence agencies.

US DOE

DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER)

Cybersecurity for Energy Resilience Summit

May 2025

The Cybersecurity for Energy Resilience Summit (CyFERS) was hosted by CESER in Salt Lake City, UT, on May 20–22, 2025, with the aim of equipping state officials with cybersecurity knowledge and resources. With the critical partnership of PNNL, and support from NASEO, NARUC, and NGA, the summit helped advance energy security planning, cyber risk assessment, and protections against cyberattacks targeting critical energy infrastructure. Over 100 state officials, cybersecurity experts, and industry leaders across 35 states participated in interactive sessions, practical exercises, and peer sharing to strengthen our nation’s energy infrastructure.

Cyber and Physical Working Group

To bolster state energy security planning, CESER is sponsoring a working group for states to address cyber and physical threats to critical energy infrastructure. Recognizing the increasing interconnectedness of cyber and physical vulnerabilities and cascading consequences, the working group of State Energy Offices (facilitated by PNNL), in partnership with NASEO, NGA, and NARUC, will enable state energy offices to collaborate on risk identification and mitigation strategies. The working group will explore specific threats and challenges to promote best practices, standards, and frameworks.

SLTT Resource Library

CESER’s library provides resources to advance and inform energy security planning, risk awareness, policy and investment decisions, mitigation strategies, and emergency response efforts for state, local, tribal, and territorial (SLTT) governments. CESER partners with SLTT organizations and DOE national laboratories to develop a suite of tools, analysis software, training materials, and guides.

National Cyber-Informed Engineering Strategy

June 2022

The National Cyber-Informed Engineering Strategy was developed to enable the energy sector to lead the nation in incorporating cyber-informed engineering into the design and operation of infrastructure systems that rely on digital monitoring or controls. The National Cyber-Informed Engineering Strategy offers an opportunity to “engineer out” some cyber risk across the entire device or system life cycle, starting from the earliest possible phase of design—the most optimal time to introduce both low cost and effective cybersecurity approaches.

State Energy Security Plan Optional Drop-In: IT/OT and Cyber Threat Overview

May 2022

This resource assesses the integration of information technology (IT) and operational technology (OT) within energy systems and the cybersecurity challenges that arise from internet-connected technologies, improving efficiency and flexibility but increasing vulnerability. It highlights threats from malicious actors, such as criminal and nation-state groups, underscoring the potential physical and data consequences of cyber incidents in OT systems.

Recommendations to State Energy Officials for Cyber-Focused Energy Security Planning

May 2022

This resource is intended to inform state energy officials’ cyber-focused energy security planning efforts by identifying key stakeholders to contact, questions to ask, actions to take during an incident, resources to look for, and other planning considerations.

Back to top


National Governors Association

National Governors Association (NGA)

Public Communications Playbook for Energy Emergencies: For Governors and State Energy Offices

February 2025

This playbook outlines essential strategies for state leaders to manage public communications during and after an energy emergency. This guidance equips governors and senior state officials with a simple framework to navigate the unique challenges of energy emergencies and deliver unified, actionable, and timely public communications.

Back to top


Naseo

National Association of State Energy Officials (NASEO)

Enhancing Energy Sector Cybersecurity: Pathways for State and Territory Energy Offices

2020

Cyberattacks threaten the energy sector by exploiting IT systems and disrupting OT functionalities, necessitating robust cybersecurity measures and response plans from all stakeholders, including state and territory energy officials. This guidance outlines cybersecurity efforts, communication strategies, and potential roles for state energy offices, emphasizing adaptable approaches to evolving threats and sharing best practices to strengthen energy infrastructure security.

Back to top


 

NARUC

National Association of Regulatory Utility Commissioners (NARUC)

Tech Talk for Regulators Podcast, Episode 1: The Intersection of Artificial Intelligence and Cyber Security

2024

The first episode, hosted by Jody Raines, NARUC cybersecurity specialist, and featuring cybersecurity industry experts Mikhail Falkovich, Raiford Smith, and Ron Fabela, explores the impact of artificial intelligence on cybersecurity for utilities. The discussion covers the need for potential regulations, key questions for public utility commissions (PUCs), the importance of informed regulators for utility security, and the concept of “trust circles” with sharing best practices. The episode also examines trends in artificial intelligence and cybersecurity, offering insights into how utility sectors can prepare for future challenges.

Cybersecurity Baselines for Electric Distribution Systems and DER

February 2024

The Cybersecurity Baselines are a vetted set of recommendations for electric distribution systems and the distributed energy resources (DER) that connect to them. These baselines define the minimum set of cybersecurity controls that should be considered, without defining any specific procedures or technologies to guide how any particular baselines might be met. These baselines may be used by regulatory bodies, electric distribution utilities, and DER aggregators as a potential framework for developing their own cybersecurity requirements in conjunction with Phase 2 implementation strategies.

Cybersecurity Preparedness Evaluation Tool

June 2019

In collaboration with utilities and state PUCs, NARUC developed a tailored manual and the Cybersecurity Preparedness Evaluation Tool (CPET) to help PUCs assess utilities’ cybersecurity readiness. These efforts aim to equip PUCs with the necessary knowledge and resources to ensure that utilities maintain robust cybersecurity measures, safeguarding critical services and systems through improved understanding and application of industry best practices and standards. This guide also has a corresponding on-demand online training video (showing how to implement CPET). Access online training.

Understanding Cybersecurity Preparedness: Questions for Utilities

June 2019

This resource advances NARUC’s efforts by providing commissions with a tool to facilitate deeper discussions with utilities about cybersecurity risk management practices, building on the foundational knowledge established by previous cybersecurity primers. This tool is part of NARUC’s Cybersecurity Manual, supporting commissions in assessing utilities’ cybersecurity maturity and evaluating the effectiveness of security-focused investments, complemented by other resources like CPET for comprehensive evaluation and planning.

Cybersecurity Manual

October 2018

NARUC has developed a comprehensive suite of resources, collectively referred to as the Cybersecurity Manual, to help PUCs gather and evaluate information from utilities about their cybersecurity risk management practices. These evaluations facilitate well-informed PUC decision-making regarding the effectiveness of utilities’ cybersecurity preparedness efforts and the prudence of related expenditures.

Back to top


Additional Resources

Primary Mitigations to Reduce Cyber Threats to OT

Cybersecurity and Infrastructure Security Agency (CISA)
May 2025

CISA, the Federal Bureau of Investigation (FBI), the U.S. Environmental Protection Agency (EPA), and DOE provide actionable guidance for critical infrastructure entities in the United States to proactively review and enhance their cybersecurity measures. This factsheet is focused on protecting internet-connected OT systems and industrial control systems (ICS) systems against threats.

Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products

Joint Cyber Defense Collaborative
January 2025

This guide aims to help owners and operators procure OT products, particularly industrial automation and control system products, with priority secure-by-design elements in mind. This guide was authored by CISA along with partner contributions. Download fact sheet.

Annual Threat Assessment of the U.S. Intellectual Community

Office of the Director of National Intelligence
March 2025

The Annual Threat Assessment is the intelligence community’s comprehensive evaluation of threats to U.S. citizens, the homeland, and national interests, highlighting dangers from diverse foreign actors targeting U.S. infrastructure, government, and economic power. A product of collaboration of the National Intelligence Council with various government and foreign entities, the 2025 Annual Threat Assessment offers critical insights for strategic planning and safeguarding U.S. interests, emphasizing the complexity and interconnected nature of modern global threats.

PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

Cybersecurity and Infrastructure Security Agency (CISA)
February 2024

CISA, the National Security Agency (NSA), and the FBI have determined that People’s Republic of China state-sponsored cyber-actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States. CISA, NSA, and the FBI and their partners are releasing this advisory to warn critical infrastructure organizations about this assessment.

Cyberattacks and the Energy System

NCSL Podcasts, OAS Episode 195
September 2023

Two cybersecurity experts join the podcast to discuss ways to safeguard energy systems from attacks as well as the role state legislatures play through their oversight of PUCs.

Global Oil and Natural Gas Cyber Threat Perspective

Dragos
March 2022

Dragos offers a perspective on the increasing targeting of oil and natural gas and energy industries by malware operators, who aim to advance political, economic, and national security objectives, posing threats to the availability and safety of industrial technologies. By understanding the full scope of threats and recognizing suspicious behavior, industrial asset owners and operators can defend against these threat groups.

PNNL

  • Get in Touch
    • Contact
    • Careers
    • Doing Business
    • Environmental Reports
    • Security & Privacy
    • Vulnerability Disclosure Policy
  • Research
    • Scientific Discovery
    • Energy Resiliency
    • National Security
Subscribe to PNNL News
Department of Energy Logo Battelle Logo
Pacific Northwest National Laboratory (PNNL) is managed and operated by Battelle for the Department of Energy
  • YouTube
  • Facebook
  • X (formerly Twitter)
  • Instagram
  • LinkedIn