Core Sector: Critical Infrastructure and Cybersecurity

Critical Infrastructure and Cybersecurity

The Nation's critical energy infrastructure is diverse and complex, providing essential services that underpin American society. NARUC supports state commissions’ efforts to assess risks to the reliability and resilience of critical infrastructure and drive effective action across the planning, preparedness, response, and recovery lifecycle. NARUC’s Critical Infrastructure Committee provides strategic leadership in these efforts. Through this Committee, NARUC provides State regulators with a forum to analyze solutions to utility infrastructure security and delivery concerns, share best practices, and build enduring collaboration with federal and private sector counterparts. The Critical Infrastructure Committee coordinates activities with the Committees on ElectricityGas and Water and the Staff Subcommittee on Electricity and Resilience.

NARUC also supports energy regulators around the world. Through its International Programs, NARUC provides resources and training necessary to help strengthen the resilience of their respective energy sectors. From developing strategies and engaging with utility companies, to setting performance benchmarks, auditing, and approving prudent investments, NARUC helps partnering regulators outside of the U.S take a leading role in overseeing the security and reliability of their critical energy infrastructures and advance best practices that can be shared globally.

NARUC staff experts who support these activities include Lynn P. Costantini, Deputy Director - CPI; Jody Raines, Senior Cybersecurity Policy Specialist - CPI; and Erin B. Hammel, Senior Director - International Programs.

Tech Talk for Regulators Podcast Series

The Tech Talk for Regulators podcast series provides play-on-demand audio for listeners to learn about modern utility topics with a focus on critical infrastructure security, cybersecurity, and emergency response. Episode one is currently available for listeners. Stay tuned for more future episodes.

  • Episode Two: Protecting Substations (November 2024)
    During Tech Talk for Regulators Episode Two, experts from EPRI, E-ISAC and WECC discuss innovations to protect substations and critical infrastructure. This episode features Kristen Bove, E-ISAC, Brady Phelps, WECC, and Erika Willis of EPRI, interviewed by Jody Raines of NARUC's Center for Partnerships & Innovation.

 

Critical Infrastructure

  • Defense Energy Resilience Engagement Framework for Utility Regulators (September 2024)
    This document provides public utility commissions with a Defense Energy Resilience Engagement Framework to engage with military stakeholders and evaluate defense-related utility applications.
  • Risk Management in Critical Infrastructure Protection: An Introduction for State Utility Regulators (September 2016)
    This white paper explores foundational risk management concepts and their application in regulatory decision making that involves critical infrastructure protection.
  • Regional Mutual Assistance Groups (RMAGs): A Primer (November 2015)
    Electric utilities across the country have been providing mutual aid to each other during emergencies for years. One strategy for communicating and coordinating information as well as tangible resources needed on a wider scale is to use regional mutual assistance groups (RMAGs). This paper explains what an RMAG is, identifies some of the reasons why they are a central mechanism for assuring electric grid reliability and resilience of the power system, and offers suggestions for how a great idea can become stronger.
  • Resilience for Black Sky Days (February 2014)
    This paper examines resilience as a regulatory term of art and the tools to assess resilience initiatives.
  • Resilience in Regulated Utilities (November 2013)
    This paper lays the foundation for establishing common definitions and developing a methodology for utility commissioners and others to consider when exploring the regulatory issues surrounding investments in utility resilience.

Energy Emergency Management

Exercises

Learn more

  • Cybersecurity Baselines Steering Group for Phase 2: Implementation Guidance
    NARUC and DOE are launching phase 2 of the Cybersecurity Baselines Initiative: developing implementation strategies and guidelines for stakeholders interested in applying the new baselines. This resource will include recommendations for assessing cybersecurity risks, prioritizing the assets to which the cybersecurity baselines might apply, and prioritizing the order in which the baselines might be implemented, based on cyber risk assessments.

  • Advanced Cybersecurity Training for Commission Staff
    NARUC, with funding from the Department of Energy, Office of Cybersecurity, Energy Security, and Emergency Response, is offering a limited number of scholarships for advanced cybersecurity training. Training will be provided by the renowned SANS Institute and focus on cybersecurity of operational technologies. Please note that the application window for this training opportunity has closed. 

  • PUC Participation in EarthEx 2020: An Energy Security Exercise EarthEx 2020, June 25, 2020
    EarthEx 2020 is a "come as you are" exercise opportunity to test policies and procedures for responding to a long duration power outage, including in-depth discussion on states' roles and responsibilities. Goals of this exercise include increasing understanding and response options in the event of an electromagnetic pulse, cyberattack, and/or global health pandemic.

    Presenter: John Heltzel, EIS Council
    View presentation
    View recording

  • Black Sky Exercise, July 2019
    Extreme, multi-regional “Black Sky” hazards—from severe weather to rapidly escalating cyber attacks—have the potential to disrupt essential lifeline services that put our Nation’s citizens in peril. This exercise introduced participants to the scale and scope of coordination and collaboration required across federal, state, and local governments, relief agencies, and private sector organizations to plan for and recover from such large-scale, multi-sector, disruptions. The focus was on the role of state public utility commissions before, during, and after a Black Sky event.

NARUC is grateful to the U.S. Department of Energy, Office of Cybersecurity, Energy Security, and Emergency Response for funding that enables the resources and activities for U.S. State regulators described herein. Additionally, NARUC receives support from the United States Agency for International Development for reports and trainings related to critical infrastructure, cybersecurity, and emergency preparedness under its International Programs.

NARUC also acknowledges key partnerships with the Federal Energy Regulatory Commission (FERC), the Department of Homeland Security (DHS), the National Institute of Science and Technology (NIST), and others who contribute time and expertise in support of the Critical Infrastructure Committee and its goals.

Committee on Critical Infrastructure

Andrew Giles Fay

Andrew Giles Fay
Chair
Public Utilities Commission of Florida

Learn More