Cybersecurity Resources
The Department of Energy (DOE), Office of Cybersecurity, Energy Security, and Emergency Response (CESER)—along with Pacific Northwest National Laboratory (PNNL), the National Association of State Energy Officials (NASEO), the National Association of Regulatory Utility Commissioners (NARUC), and the National Governors Association (NGA)—have curated an extensive collection of resources and practical materials from trusted partners to assist state energy officials in protecting their state’s energy assets. This collection of cybersecurity resources will be updated regularly with new materials as they become available.
Resources are organized by entity and year; click below to view each collection.
- DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER)
- National Governors Association (NGA)
- National Association of State Energy Officials (NASEO)
- National Association of Regulatory Utility Commissioners (NARUC)
- Additional Resources
These resources are authored and published by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security, and other intelligence agencies.

DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER)
Cybersecurity for Energy Resilience Summit
May 2025
The Cybersecurity for Energy Resilience Summit (CyFERS) was hosted by CESER in Salt Lake City, UT, on May 20–22, 2025, with the aim of equipping state officials with cybersecurity knowledge and resources. With the critical partnership of PNNL, and support from NASEO, NARUC, and NGA, the summit helped advance energy security planning, cyber risk assessment, and protections against cyberattacks targeting critical energy infrastructure. Over 100 state officials, cybersecurity experts, and industry leaders across 35 states participated in interactive sessions, practical exercises, and peer sharing to strengthen our nation’s energy infrastructure.
Cyber and Physical Working Group
To bolster state energy security planning, CESER is sponsoring a working group for states to address cyber and physical threats to critical energy infrastructure. Recognizing the increasing interconnectedness of cyber and physical vulnerabilities and cascading consequences, the working group of State Energy Offices (facilitated by PNNL), in partnership with NASEO, NGA, and NARUC, will enable state energy offices to collaborate on risk identification and mitigation strategies. The working group will explore specific threats and challenges to promote best practices, standards, and frameworks.
SLTT Resource Library
CESER’s library provides resources to advance and inform energy security planning, risk awareness, policy and investment decisions, mitigation strategies, and emergency response efforts for state, local, tribal, and territorial (SLTT) governments. CESER partners with SLTT organizations and DOE national laboratories to develop a suite of tools, analysis software, training materials, and guides.
National Cyber-Informed Engineering Strategy
June 2022
The National Cyber-Informed Engineering Strategy was developed to enable the energy sector to lead the nation in incorporating cyber-informed engineering into the design and operation of infrastructure systems that rely on digital monitoring or controls. The National Cyber-Informed Engineering Strategy offers an opportunity to “engineer out” some cyber risk across the entire device or system life cycle, starting from the earliest possible phase of design—the most optimal time to introduce both low cost and effective cybersecurity approaches.
State Energy Security Plan Optional Drop-In: IT/OT and Cyber Threat Overview
May 2022
This resource assesses the integration of information technology (IT) and operational technology (OT) within energy systems and the cybersecurity challenges that arise from internet-connected technologies, improving efficiency and flexibility but increasing vulnerability. It highlights threats from malicious actors, such as criminal and nation-state groups, underscoring the potential physical and data consequences of cyber incidents in OT systems.
Recommendations to State Energy Officials for Cyber-Focused Energy Security Planning
This resource is intended to inform state energy officials’ cyber-focused energy security planning efforts by identifying key stakeholders to contact, questions to ask, actions to take during an incident, resources to look for, and other planning considerations.

National Governors Association (NGA)
Public Communications Playbook for Energy Emergencies: For Governors and State Energy Offices
This playbook outlines essential strategies for state leaders to manage public communications during and after an energy emergency. This guidance equips governors and senior state officials with a simple framework to navigate the unique challenges of energy emergencies and deliver unified, actionable, and timely public communications.

National Association of State Energy Officials (NASEO)
Enhancing Energy Sector Cybersecurity: Pathways for State and Territory Energy Offices
2020
Cyberattacks threaten the energy sector by exploiting IT systems and disrupting OT functionalities, necessitating robust cybersecurity measures and response plans from all stakeholders, including state and territory energy officials. This guidance outlines cybersecurity efforts, communication strategies, and potential roles for state energy offices, emphasizing adaptable approaches to evolving threats and sharing best practices to strengthen energy infrastructure security.

National Association of Regulatory Utility Commissioners (NARUC)
Tech Talk for Regulators Podcast, Episode 1: The Intersection of Artificial Intelligence and Cyber Security
2024
The first episode, hosted by Jody Raines, NARUC cybersecurity specialist, and featuring cybersecurity industry experts Mikhail Falkovich, Raiford Smith, and Ron Fabela, explores the impact of artificial intelligence on cybersecurity for utilities. The discussion covers the need for potential regulations, key questions for public utility commissions (PUCs), the importance of informed regulators for utility security, and the concept of “trust circles” with sharing best practices. The episode also examines trends in artificial intelligence and cybersecurity, offering insights into how utility sectors can prepare for future challenges.
Cybersecurity Baselines for Electric Distribution Systems and DER
February 2024
The Cybersecurity Baselines are a vetted set of recommendations for electric distribution systems and the distributed energy resources (DER) that connect to them. These baselines define the minimum set of cybersecurity controls that should be considered, without defining any specific procedures or technologies to guide how any particular baselines might be met. These baselines may be used by regulatory bodies, electric distribution utilities, and DER aggregators as a potential framework for developing their own cybersecurity requirements in conjunction with Phase 2 implementation strategies.
Cybersecurity Preparedness Evaluation Tool
June 2019
In collaboration with utilities and state PUCs, NARUC developed a tailored manual and the Cybersecurity Preparedness Evaluation Tool (CPET) to help PUCs assess utilities’ cybersecurity readiness. These efforts aim to equip PUCs with the necessary knowledge and resources to ensure that utilities maintain robust cybersecurity measures, safeguarding critical services and systems through improved understanding and application of industry best practices and standards. This guide also has a corresponding on-demand online training video (showing how to implement CPET). Access online training.
Understanding Cybersecurity Preparedness: Questions for Utilities
June 2019
This resource advances NARUC’s efforts by providing commissions with a tool to facilitate deeper discussions with utilities about cybersecurity risk management practices, building on the foundational knowledge established by previous cybersecurity primers. This tool is part of NARUC’s Cybersecurity Manual, supporting commissions in assessing utilities’ cybersecurity maturity and evaluating the effectiveness of security-focused investments, complemented by other resources like CPET for comprehensive evaluation and planning.
Cybersecurity Manual
NARUC has developed a comprehensive suite of resources, collectively referred to as the Cybersecurity Manual, to help PUCs gather and evaluate information from utilities about their cybersecurity risk management practices. These evaluations facilitate well-informed PUC decision-making regarding the effectiveness of utilities’ cybersecurity preparedness efforts and the prudence of related expenditures.
Additional Resources
Primary Mitigations to Reduce Cyber Threats to OT
Cybersecurity and Infrastructure Security Agency (CISA)
May 2025
CISA, the Federal Bureau of Investigation (FBI), the U.S. Environmental Protection Agency (EPA), and DOE provide actionable guidance for critical infrastructure entities in the United States to proactively review and enhance their cybersecurity measures. This factsheet is focused on protecting internet-connected OT systems and industrial control systems (ICS) systems against threats.
Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products
Joint Cyber Defense Collaborative
January 2025
This guide aims to help owners and operators procure OT products, particularly industrial automation and control system products, with priority secure-by-design elements in mind. This guide was authored by CISA along with partner contributions. Download fact sheet.
Annual Threat Assessment of the U.S. Intellectual Community
Office of the Director of National Intelligence
March 2025
The Annual Threat Assessment is the intelligence community’s comprehensive evaluation of threats to U.S. citizens, the homeland, and national interests, highlighting dangers from diverse foreign actors targeting U.S. infrastructure, government, and economic power. A product of collaboration of the National Intelligence Council with various government and foreign entities, the 2025 Annual Threat Assessment offers critical insights for strategic planning and safeguarding U.S. interests, emphasizing the complexity and interconnected nature of modern global threats.
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
Cybersecurity and Infrastructure Security Agency (CISA)
February 2024
CISA, the National Security Agency (NSA), and the FBI have determined that People’s Republic of China state-sponsored cyber-actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States. CISA, NSA, and the FBI and their partners are releasing this advisory to warn critical infrastructure organizations about this assessment.
Cyberattacks and the Energy System
NCSL Podcasts, OAS Episode 195
September 2023
Two cybersecurity experts join the podcast to discuss ways to safeguard energy systems from attacks as well as the role state legislatures play through their oversight of PUCs.
Global Oil and Natural Gas Cyber Threat Perspective
Dragos
March 2022
Dragos offers a perspective on the increasing targeting of oil and natural gas and energy industries by malware operators, who aim to advance political, economic, and national security objectives, posing threats to the availability and safety of industrial technologies. By understanding the full scope of threats and recognizing suspicious behavior, industrial asset owners and operators can defend against these threat groups.