Core Sector: Critical Infrastructure and Cybersecurity

Critical Infrastructure and Cybersecurity

The Nation's critical energy infrastructure is diverse and complex, providing essential services that underpin American society. CPI supports state commissions’ efforts to assess risks to the reliability and resilience of critical infrastructure and drive effective action across the planning, preparedness, response, and recovery lifecycle. NARUC’s Critical Infrastructure Committee provides strategic leadership in these efforts. Through this Committee, NARUC provides State regulators with a forum to analyze solutions to utility infrastructure security and delivery concerns, share best practices, and build enduring collaboration with federal and private sector counterparts.

The Critical Infrastructure Committee coordinates activities with the Committees on Electricity, Gas and Water and the Staff Subcommittee on Electricity and Resilience.

NARUC staff who support these activities include Lynn P. Costantini.

Critical Infrastructure

  • Risk Management in Critical Infrastructure Protection: An Introduction for State Utility Regulators (September 2016)
    This white paper explores foundational risk management concepts and their application in regulatory decision making that involves critical infrastructure protection.
  • Regional Mutual Assistance Groups (RMAGs): A Primer (November 2015)
    Electric utilities across the country have been providing mutual aid to each other during emergencies for years. One strategy for communicating and coordinating information as well as tangible resources needed on a wider scale is to use regional mutual assistance groups (RMAGs). This paper explains what an RMAG is, identifies some of the reasons why they are a central mechanism for assuring electric grid reliability and resilience of the power system, and offers suggestions for how a great idea can become stronger.
  • Resilience for Black Sky Days (February 2014)
    This paper examines resilience as a regulatory term of art and the tools to assess resilience initiatives.
  • Resilience in Regulated Utilities (November 2013)
    This paper lays the foundation for establishing common definitions and developing a methodology for utility commissioners and others to consider when exploring the regulatory issues surrounding investments in utility resilience.

Energy Emergency Management


Learn more

  • Cybersecurity Baselines Steering Group for Phase 2: Implementation Guidance
    NARUC and DOE are launching phase 2 of the Cybersecurity Baselines Initiative: developing implementation strategies and guidelines for stakeholders interested in applying the new baselines. This resource will include recommendations for assessing cybersecurity risks, prioritizing the assets to which the cybersecurity baselines might apply, and prioritizing the order in which the baselines might be implemented, based on cyber risk assessments. Complete this form to nominate yourself to join the Phase 2 steering group.

  • Advanced Cybersecurity Training for Commission Staff
    NARUC, with funding from the Department of Energy, Office of Cybersecurity, Energy Security, and Emergency Response, is offering a limited number of scholarships for advanced cybersecurity training. Training will be provided by the renowned SANS Institute and focus on cybersecurity of operational technologies.

    Please note that the application window for this training opportunity has closed. 

  • Regional Cybersecurity Training for Regulators, April 16-18, 2024, New Orleans, LA
    NARUC conducts in-person training events that focus on cybersecurity topics through the lens of a public utility regulator. Subject matter experts, recruited from around the country, make presentations, lead discussions, and offer topical and timely “boots on the ground” perspectives.

    Please visit the registration page to learn more and register.

  • PUC Participation in EarthEx 2020: An Energy Security Exercise EarthEx 2020, June 25, 2020
    EarthEx 2020 is a "come as you are" exercise opportunity to test policies and procedures for responding to a long duration power outage, including in-depth discussion on states' roles and responsibilities. Goals of this exercise include increasing understanding and response options in the event of an electromagnetic pulse, cyberattack, and/or global health pandemic.

    Presenter: John Heltzel, EIS Council
    View presentation
    View recording

  • Black Sky Exercise, July 2019
    Extreme, multi-regional “Black Sky” hazards—from severe weather to rapidly escalating cyber attacks—have the potential to disrupt essential lifeline services that put our Nation’s citizens in peril. This exercise introduced participants to the scale and scope of coordination and collaboration required across federal, state, and local governments, relief agencies, and private sector organizations to plan for and recover from such large-scale, multi-sector, disruptions. The focus was on the role of state public utility commissions before, during, and after a Black Sky event.

NARUC is grateful to the U.S. Department of Energy, Office of Cybersecurity, Energy Security, and Emergency Response for funding that enables the resources and activities described herein.

NARUC also acknowledges key partnerships with the Federal Energy Regulatory Commission (FERC), the Department of Homeland Security (DHS), the National Institute of Science and Technology (NIST), and others who contribute time and expertise in support of the Critical Infrastructure Committee and its goals.

Committee on Critical Infrastructure

Andrew Giles Fay

Andrew Giles Fay
Public Utilities Commission of Florida

Learn More