Core Sector: Critical Infrastructure

Critical Infrastructure and Cybersecurity

The Nation's critical energy infrastructure is diverse and complex, providing essential services that underpin American society. CPI supports state commissions’ efforts to assess risks to the reliability and resilience of critical infrastructure and drive effective action across the planning, preparedness, response, and recovery lifecycle. NARUC’s Critical Infrastructure Committee provides strategic leadership in these efforts. Through this Committee, NARUC provides State regulators with a forum to analyze solutions to utility infrastructure security and delivery concerns, share best practices, and build enduring collaboration with federal and private sector counterparts.

The Critical Infrastructure Committee coordinates activities with the Committees on Electricity, Gas and Water and the Staff Subcommittee on Electricity and Resilience.

NARUC staff who support these activities include Lynn P. Costantini.

Critical Infrastructure

  • Risk Management in Critical Infrastructure Protection: An Introduction for State Utility Regulators (September 2016)
    This white paper explores foundational risk management concepts and their application in regulatory decision making that involves critical infrastructure protection.
  • Regional Mutual Assistance Groups (RMAGs): A Primer (November 2015)
    Electric utilities across the country have been providing mutual aid to each other during emergencies for years. One strategy for communicating and coordinating information as well as tangible resources needed on a wider scale is to use regional mutual assistance groups (RMAGs). This paper explains what an RMAG is, identifies some of the reasons why they are a central mechanism for assuring electric grid reliability and resilience of the power system, and offers suggestions for how a great idea can become stronger.
  • Resilience for Black Sky Days (February 2014)
    This paper examines resilience as a regulatory term of art and the tools to assess resilience initiatives.
  • Resilience in Regulated Utilities (November 2013)
    This paper lays the foundation for establishing common definitions and developing a methodology for utility commissioners and others to consider when exploring the regulatory issues surrounding investments in utility resilience.

Energy Emergency Management


Learn more

  • Advanced Cybersecurity Training for Commission Staff
    NARUC, with funding from the Department of Energy, Office of Cybersecurity, Energy Security, and Emergency Response, is offering a limited number of scholarships for advanced cybersecurity training. Training will be provided by the renowned SANS Institute and focus on cybersecurity of operational technologies.

    Please visit the application page to learn more and apply. If interested, please submit applications by 5 p.m. ET on March 1, 2024.

  • Regional Cybersecurity Training for Regulators, April 16-18, 2024, New Orleans, LA
    NARUC conducts in-person training events that focus on cybersecurity topics through the lens of a public utility regulator. Subject matter experts, recruited from around the country, make presentations, lead discussions, and offer topical and timely “boots on the ground” perspectives.

    Please visit the registration page to learn more and register.

  • PUC Participation in EarthEx 2020: An Energy Security Exercise EarthEx 2020, June 25, 2020
    EarthEx 2020 is a "come as you are" exercise opportunity to test policies and procedures for responding to a long duration power outage, including in-depth discussion on states' roles and responsibilities. Goals of this exercise include increasing understanding and response options in the event of an electromagnetic pulse, cyberattack, and/or global health pandemic.

    Presenter: John Heltzel, EIS Council
    View presentation
    View recording

  • Black Sky Exercise, July 2019
    Extreme, multi-regional “Black Sky” hazards—from severe weather to rapidly escalating cyber attacks—have the potential to disrupt essential lifeline services that put our Nation’s citizens in peril. This exercise introduced participants to the scale and scope of coordination and collaboration required across federal, state, and local governments, relief agencies, and private sector organizations to plan for and recover from such large-scale, multi-sector, disruptions. The focus was on the role of state public utility commissions before, during, and after a Black Sky event.

NARUC is grateful to the U.S. Department of Energy, Office of Cybersecurity, Energy Security, and Emergency Response for funding that enables the resources and activities described herein.

NARUC also acknowledges key partnerships with the Federal Energy Regulatory Commission (FERC), the Department of Homeland Security (DHS), the National Institute of Science and Technology (NIST), and others who contribute time and expertise in support of the Critical Infrastructure Committee and its goals.

Committee on Critical Infrastructure

Andrew Giles Fay

Andrew Giles Fay
Public Utilities Commission of Florida

Learn More