DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER)
Cybersecurity for Energy Resilience Summit
May 2025
The Cybersecurity for Energy Resilience Summit (CyFERS) was hosted by CESER in Salt Lake City, UT, on May 20–22, 2025, with the aim of equipping state officials with cybersecurity knowledge and resources. With the critical partnership of PNNL, and support from NASEO, NARUC, and NGA, the summit helped advance energy security planning, cyber risk assessment, and protections against cyberattacks targeting critical energy infrastructure. Over 100 state officials, cybersecurity experts, and industry leaders across 35 states participated in interactive sessions, practical exercises, and peer sharing to strengthen our nation’s energy infrastructure.
Cyber and Physical Working Group
To bolster state energy security planning, CESER is sponsoring a working group for states to address cyber and physical threats to critical energy infrastructure. Recognizing the increasing interconnectedness of cyber and physical vulnerabilities and cascading consequences, the working group of State Energy Offices (facilitated by PNNL), in partnership with NASEO, NGA, and NARUC, will enable state energy offices to collaborate on risk identification and mitigation strategies. The working group will explore specific threats and challenges to promote best practices, standards, and frameworks.
SLTT Resource Library
CESER’s library provides resources to advance and inform energy security planning, risk awareness, policy and investment decisions, mitigation strategies, and emergency response efforts for state, local, tribal, and territorial (SLTT) governments. CESER partners with SLTT organizations and DOE national laboratories to develop a suite of tools, analysis software, training materials, and guides.
National Cyber-Informed Engineering Strategy
June 2022
The National Cyber-Informed Engineering Strategy was developed to enable the energy sector to lead the nation in incorporating cyber-informed engineering into the design and operation of infrastructure systems that rely on digital monitoring or controls. The National Cyber-Informed Engineering Strategy offers an opportunity to “engineer out” some cyber risk across the entire device or system life cycle, starting from the earliest possible phase of design—the most optimal time to introduce both low cost and effective cybersecurity approaches.
State Energy Security Plan Optional Drop-In: IT/OT and Cyber Threat Overview
May 2022
This resource assesses the integration of information technology (IT) and operational technology (OT) within energy systems and the cybersecurity challenges that arise from internet-connected technologies, improving efficiency and flexibility but increasing vulnerability. It highlights threats from malicious actors, such as criminal and nation-state groups, underscoring the potential physical and data consequences of cyber incidents in OT systems.
Recommendations to State Energy Officials for Cyber-Focused Energy Security Planning
This resource is intended to inform state energy officials’ cyber-focused energy security planning efforts by identifying key stakeholders to contact, questions to ask, actions to take during an incident, resources to look for, and other planning considerations.
National Governors Association (NGA)
Public Communications Playbook for Energy Emergencies: For Governors and State Energy Offices
This playbook outlines essential strategies for state leaders to manage public communications during and after an energy emergency. This guidance equips governors and senior state officials with a simple framework to navigate the unique challenges of energy emergencies and deliver unified, actionable, and timely public communications.
National Association of State Energy Officials (NASEO)
Enhancing Energy Sector Cybersecurity: Pathways for State and Territory Energy Offices
2020
Cyberattacks threaten the energy sector by exploiting IT systems and disrupting OT functionalities, necessitating robust cybersecurity measures and response plans from all stakeholders, including state and territory energy officials. This guidance outlines cybersecurity efforts, communication strategies, and potential roles for state energy offices, emphasizing adaptable approaches to evolving threats and sharing best practices to strengthen energy infrastructure security.
National Association of Regulatory Utility Commissioners (NARUC)
Tech Talk for Regulators Podcast, Episode 1: The Intersection of Artificial Intelligence and Cyber Security
2024
The first episode, hosted by Jody Raines, NARUC cybersecurity specialist, and featuring cybersecurity industry experts Mikhail Falkovich, Raiford Smith, and Ron Fabela, explores the impact of artificial intelligence on cybersecurity for utilities. The discussion covers the need for potential regulations, key questions for public utility commissions (PUCs), the importance of informed regulators for utility security, and the concept of “trust circles” with sharing best practices. The episode also examines trends in artificial intelligence and cybersecurity, offering insights into how utility sectors can prepare for future challenges.
Cybersecurity Baselines for Electric Distribution Systems and DER
February 2024
The Cybersecurity Baselines are a vetted set of recommendations for electric distribution systems and the distributed energy resources (DER) that connect to them. These baselines define the minimum set of cybersecurity controls that should be considered, without defining any specific procedures or technologies to guide how any particular baselines might be met. These baselines may be used by regulatory bodies, electric distribution utilities, and DER aggregators as a potential framework for developing their own cybersecurity requirements in conjunction with Phase 2 implementation strategies.
Cybersecurity Preparedness Evaluation Tool
June 2019
In collaboration with utilities and state PUCs, NARUC developed a tailored manual and the Cybersecurity Preparedness Evaluation Tool (CPET) to help PUCs assess utilities’ cybersecurity readiness. These efforts aim to equip PUCs with the necessary knowledge and resources to ensure that utilities maintain robust cybersecurity measures, safeguarding critical services and systems through improved understanding and application of industry best practices and standards. This guide also has a corresponding on-demand online training video (showing how to implement CPET). Access online training.
Understanding Cybersecurity Preparedness: Questions for Utilities
June 2019
This resource advances NARUC’s efforts by providing commissions with a tool to facilitate deeper discussions with utilities about cybersecurity risk management practices, building on the foundational knowledge established by previous cybersecurity primers. This tool is part of NARUC’s Cybersecurity Manual, supporting commissions in assessing utilities’ cybersecurity maturity and evaluating the effectiveness of security-focused investments, complemented by other resources like CPET for comprehensive evaluation and planning.
Cybersecurity Manual
NARUC has developed a comprehensive suite of resources, collectively referred to as the Cybersecurity Manual, to help PUCs gather and evaluate information from utilities about their cybersecurity risk management practices. These evaluations facilitate well-informed PUC decision-making regarding the effectiveness of utilities’ cybersecurity preparedness efforts and the prudence of related expenditures.