Energy Security Training

Secure and resilient energy infrastructure is essential for the safety, stability, and economic vitality of every state. Modern life depends on reliable power, fuel, and interconnected systems capable of withstanding increasingly complex physical and cyber threats.

Recognizing this growing challenge, the National Governors Association (NGA), the National Association of Regulatory Utility Commissioners (NARUC), and the National Association of State Energy Officials (NASEO) convened state energy leaders, regulators, and advisors for a two-day training in Atlanta.

The event equipped participants with knowledge, partnerships, and practical tools to prepare for, respond to, and recover from disruptions to critical energy systems, enabling states to better safeguard essential services, protect communities, and strengthen resilience against evolving risks.

Day 1

NGA's Dan Lauf, NARUC's Lynn Costantini, and NASEO's Campbell Delahoyde welcomed attendees, emphasizing that critical energy infrastructure serves as the backbone for all other essential services and systems. They noted that securing these systems is becoming increasingly challenging due to their growing interconnectedness, particularly with telecommunications. Collaboration and relationship-building are vital for success, making this meeting especially important.

The program began with an overview of the physical and cyber threats facing the energy sector, focusing on nation-state actors and emerging hazards. Kimberly Denbow, Vice President of Security and Operations, American Gas Association, and Ryan Guest, Cyber Threat Intelligence Manager, Electricity Information Sharing and Analysis Center, North American Electric Reliability Corporation, encouraged attendees to monitor external threats, practice rigorous cyber hygiene, and develop comprehensive incident response playbooks for both cyber and physical threats. State-level preparedness is essential, and the best defense relies on education, trusted intelligence-sharing networks, and vigilant human oversight, especially as AI-driven attacks become more prevalent.

Campbell Delahoyde invited Sunny Wescott, Chief Meteorologist - Federal Emergency Response Official, U.S. Department of Homeland Security; Joe Hagerman, Director, Mississippi Development Authority, Energy and Natural Resources Division; and Paul Holloway, Senior Energy Security and Resilience Lead, Massachusetts Department of Energy Resources to discuss tools and approaches for forecasting and assessing risks to critical energy infrastructure. The energy security landscape is transforming as severe weather events become more frequent and impactful. States are moving beyond theoretical plans to actionable resilience strategies, such as Mississippi's county-level resilience reports and Massachusetts's integration of resilience planning into state hazard mitigation and utility grid modernization plans. These efforts ensure that assessments translate into action rather than remaining as shelf reports.

Mike Robinson, VP, Grid Transformation, Georgia Power Company, delivered a keynote address highlighting the Eastern Interconnection, "the world's largest machine," and the deep interconnections among water, gas, energy, and transportation systems. Disruptions in one sector can cascade across others. Robinson advocated for a comprehensive "Three P's Framework:"

• Partnerships with federal, state, and local agencies
• Preparedness through risk prediction and cyber-informed engineering
• Protection via infrastructure hardening

This approach has proven effective in securing major events such as the Super Bowl and the upcoming World Cup. Robinson emphasized that utilities must be recognized as embedded emergency response partners, essential for maintaining societal stability.

From physical threats to sophisticated cyber-attacks, threats to the nation's critical energy infrastructure are growing in both scale and complexity. To discuss these issues, Dan Lauf led a panel discussion with Mike Geraghty, Chief Information Security Officer, New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), and Ryan Guest, Cyber Threat Intelligence Manager, E-ISAC. The panel stressed that effective cybersecurity information sharing begins with establishing trust through legal protections, encouraging open communication about security incidents. Proactive notification and large-scale monitoring help identify vulnerabilities before incidents occur. Organizations should monitor threat actors directly, share anonymized lessons learned, and provide actionable intelligence, including remediation guidance and indicators of compromise. Success requires breaking down organizational silos and focusing resources on actively exploited vulnerabilities in critical sectors.

As mentioned in the Keynote address, energy and other infrastructure systems are deeply interconnected. A power outage can quickly impair communications while loss of communications can hinder grid operations, emergency response, and coordination. Water is needed to cool power plants, and power is needed to operate water and wastewater systems. To explore these critical interdependencies and the importance of coordinated planning for effective response, NGA's Phil Nichols moderated a session with:

• Ollie Gagnon, Chief Homeland Security Advisor, Executive Director, Idaho National Laboratory Resilience Optimization Center
• Susan Mora, Senior Director, Federal Policy and Stakeholder Relations, Exelon
• Chris Boyer, VP Global Public Policy, AT&T
• Jon Sparkman, Engineering Director, Tennessee American Water

The panel emphasized that effective energy security requires prioritizing consequence over threat and building resilience rather than merely preventing attacks. Mapping dependencies is complex, but establishing cross-sector relationships is the most practical strategy. The panel discussed the water-energy nexus, infrastructure theft, and the expanding attack surface from wireless and fiber systems.

Just as individuals and communities depend on state and local energy systems, so does defense critical energy infrastructure (DCEI) which plays a vital role in ensuring the readiness and resilience of national defense operations.

NGA's Jessica Davenport invited the following panelists to provide an overview of DCEI.

• Kevin Klein, Director, Colorado Division of Homeland Security and Emergency Management
• Kevin McElyea, Director, Office of Prevention and Security (CIAC), Colorado State Fusion Center
• Megan Levy, SLTT Project Manager, Office of Cybersecurity, Energy Security, and Emergency Response, U.S. Department of Energy.
• Mary Catherine Ott, Associate Principal for Stakeholder Engagement & Partnerships, Office of Local Defense Community Cooperation (OLDCC), Department of War

The session addressed unique risks from physical and cyber threats and highlighted state-federal coordination for security.

To conclude Day 1, Jenna Johnston of NGA spoke with Kristin Coulter, Communications Director, Tennessee Emergency Management Agency, and Dee Anne Odom, General Manager, Alabama Power. The speakers emphasized that during disasters, the public seeks clear answers to three questions: What's happening? What are officials doing? What should I do? Effective crisis communication requires actionable transparency, plain language, and empathy. Coordination among agencies and pre-event planning are essential for managing information demands and supporting communities during emergencies.

Sheri Haugen-Hoffart, Commissioner, North Dakota Public Service Commission, and Sam Hatcher, Executive Counsel, Office of Georgia Governor Brian Kemp, opened Day 2 with a discussion on executive and regulatory authorities relevant to energy security, moderated by Dan Lauf.

Key points included the crucial role of state authorities in energy emergency response. Governors lead by declaring emergencies, which trigger coordinated statewide operations and unlock critical powers, such as lifting truck weight and hours-of-service restrictions to expedite restoration efforts.
While the executive office manages high-level decision-making, federal coordination, and National Guard deployment, regulators focus on technical oversight and utility coordination. Both are united by the principle that their primary role is to support energy companies in restoring service through clear communication and by removing barriers.

Strong coordination is essential during severe events to ensure a prompt and effective response. To explore cross-sector partnerships and highlight strategies and resources for state leaders, Megan Levy sat down with:

• Russ Strickland, Secretary, Maryland Department of Emergency Management
• Kimberly Denbow, Vice President of Security and Operations, American Gas Association
• Kari Heinrich, Energy Security Lead, Wisconsin Public Service Commission

The session emphasized that effective energy security coordination depends on building relationships and establishing procedures before emergencies occur.

Success requires maintaining documented procedures and templates that persist through personnel changes, conducting comprehensive risk assessments that extend beyond internal operations to entire supply chains, and recognizing that regulatory gaps can create systemic vulnerabilities.

These challenges are even greater for remote areas and island communities, which face unique supply chain dynamics. Emerging cybersecurity threats add further complexity to energy security efforts.

To help state officials navigate intra-state and interstate coordination during energy disruptions, Jessica Davenport moderated a session with: A.J. Gary,Director, Homeland Security Advisor, Arkansas Division of Emergency Management, and Kristen Ebert,Director of Business Continuity & Crisis Response, American Electric Power (AEP).

Speakers emphasized that successful energy emergency management depends on building relationships before disasters occur, especially among state energy officials, emergency management directors, and county-level managers. They stressed that emergency requests should flow from the bottom up through proper channels, and that requestors should describe desired outcomes rather than specific resources. This approach allows emergency managers to identify the most effective and cost-efficient solutions.

When state resources are exhausted, the Emergency Management Assistance Compact (EMAC) enables states to share resources. While some regions also maintain interstate agreements for faster mutual aid without requiring federal declarations.

The energy sector faces increasingly complex cybersecurity challenges that require coordinated, flexible approaches across diverse stakeholders. To address these issues, Lynn Costantini sat down with:

• Sharla Artz, Security and Resilience Policy AVP, Xcel Energy
• John Ransom, Director of Regulatory Affairs, Grid Security, NRECA
• Matt Dale, Chief Cybersecurity Advisors, Virginia State Corporation

The panelists stressed that as an interconnected system where risk to one entity threatens all, the industry must leverage tools to filter overwhelming threat intelligence and distribute actionable mitigations.

Significant resource disparities exist, making one-size-fits-all cybersecurity requirements impractical. This necessitates risk-based, flexible approaches tailored to different utility types and architectures.

Success depends on holistic risk mitigation strategies that address cyber, physical, and environmental threats cost-effectively, as well as more frequent functional exercises to prepare for evolving threats.

In the penultimate session of the day moderator Campbell Delahoyde was joined by Jesse Sythe, E-ISAC GridEx Program Manager, North American Electric Reliability Corporation, and Ben Bolton, Assistant Director, Energy Security, Emergency Preparedness & Resilience, Tennessee Department of Environment and Conservation, for a discussion on planning and learning. Sythe shared that GridEx offers free, customizable tabletop materials that can be implemented quickly, making emergency preparedness accessible to resource-constrained entities. The distributed exercise model reveals critical insights: state-utility coordination exposed significant knowledge gaps about mutual capabilities and resource availability, while exercises consistently highlighted the need for resilient communications.

To conclude the event, state attendees split into small groups to discuss lessons learned from the training and conducted action planning exercises to identify needs for their states and actions that can be taken. For more information on this event and other upcoming NGA activities, please contact or .