Resilience in the Energy Sector: Navigating a Complex Landscape of Threats and Assets
In a world where uncertainty looms large, the notion of resilience has emerged as the key mantra within the energy sector. Executives and security professionals alike acknowledge a stark truth: it is no longer feasible to anticipate and block every possible disruptive event. Rather, the imperative lies in cultivating an ability to withstand and adapt to an ever-evolving landscape punctuated by cyberattacks, acts of terrorism, and natural disasters. For energy companies, this means embracing resilience—not merely as a theoretical framework, but as a survival strategy that fosters not just endurance but also growth.
Yet, even with business continuity plans in place, a superficial grasp of resilience will not suffice. To thrive in this heightened state of threat, energy organizations must transcend conventional methodologies, innovating and adapting with agility. As attacks accelerate, jeopardizing national security, the call to build resilience has reached a fever pitch, demanding immediate and profound action.
Strategies for Achieving Resilience in the Energy Sector
The journey toward resilience is still unfolding. Back in 2017, the International Organization for Standardization outlined pivotal elements inherent in resilient organizations: the sharing of knowledge, navigation of complex political and social terrains, and, perhaps most critically, the capacity to anticipate change. Fundamentally, resilience begins with a profound understanding of one’s operational surroundings, which for energy companies translates to a vigilant focus on three pivotal dimensions: threats, assets, and national policy.
A robust grasp of these three realms serves as the backbone for a myriad of organizational resilience initiatives, encompassing everything from continuity strategies to crisis management and IT fortifications. Lacking this foundational knowledge, any attempt at resilience is bound to flounder.
Understanding Threats
The threats facing energy companies have escalated dramatically, originating from diverse quarters like foreign adversaries such as China and Russia, extremist factions on both ends of the political spectrum, and savvy cybercriminals. Each of these actors enters the fray with distinct, sometimes chaotic motivations—ranging from igniting civil strife to undermining Western stability. What unites them is a grim recognition: attacking the energy framework can efficiently further their agendas, positioning the energy sector as a prime target.
These malevolent forces employ an alarming variety of tactics, spanning the spectrum from physical assaults to intricate cyber infiltration. They are constantly hunting for fresh vulnerabilities. Consider the alarming possibility that China could exploit its dominant position in solar panel manufacturing to introduce vulnerabilities into the U.S. energy infrastructure, amplifying existing sabotage efforts that threaten an increasingly expansive renewable energy landscape.
In this perilous context, investing in intelligence systems has become non-negotiable. Energy firms must establish internal intelligence capabilities to decipher how these threats could encroach upon their assets and operations. This necessitates strategic financial commitments aimed at recruiting the right talent, along with integrating a diverse arsenal of technology and consulting expertise that can illuminate complex risk landscapes. Meanwhile, companies should also leverage a wealth of existing, cost-effective intelligence networks, such as the Electricity Information Sharing and Analysis Center (E-ISAC), which has set a laudable precedent by fostering intelligence exchanges that transcend industry silos.
Asset Mapping and Dependencies
The energy sector is now confronted with fresh policy mandates aimed at identifying critical infrastructure dependencies. The National Security Memorandum issued by the White House in April 2024 underscores the urgency of evaluating interconnections within and among pivotal sectors. Identifying Systemically Important Entities that, if disrupted, could trigger significant national security repercussions is crucial.
This heightened scrutiny invites energy companies to meticulously chart not just their own assets—the power plants, transmission networks, solar arrays, and storage sites they operate—but also the intricate web of dependencies tying them to other services, such as IT and telecommunications. What happens when one of these critical supports fails? What cascading impacts loom on the horizon? The energy sector, in turn, must contemplate its role in supporting other essential infrastructure—military facilities, emergency responders, and beyond. What vulnerabilities do these entities face, and how might they inadvertently become the targets for those seeking to exploit gaps in energy security?
Interfacing with National Policy
No sector bears greater significance in the national security dialogues than energy. Executives within this arena fully recognize the gravity of the situation—they are acutely aware of the public’s expectation for uninterrupted power supply despite the myriad risks. Active cooperation with national security agencies like CISA, DOE, TSA, and FBI has become a norm, as these partnerships are vital for fortifying resilience frameworks.
The truly resilient organizations go even further. They establish dedicated teams to probe the depths of national security policy, fostering the development of forward-thinking resilience programs that account for future threats, not just the ones at the doorstep. These inquisitive teams engage with lawmakers, regulators, and industry associations to glean insights into legislative priorities while contributing to the shaping of emerging security requirements.
This proactive stance is not merely a survival tactic; it reflects an understanding that effective collaboration is essential. Organizations that embrace this spirit of partnership can cultivate a regulatory landscape favorable to resilience, positioning themselves as leaders within the sector.
Building a Resilient Future
Adam Lee, vice president and chief security officer of Dominion Energy, embodies this forward-thinking ethos. With critical infrastructure responsibilities linking to high-security sites like the Pentagon and major naval facilities, he emphasizes the importance of situational awareness. “We’re the upstream target for all of that,” he reflects, highlighting the necessity of collaborating closely with clients to ascertain their unique vulnerabilities, thereby refining resilience strategies.
For those committed to crafting a resilient enterprise, the journey must begin where Dominion does: enhancing situational awareness capabilities. Resilience plans and strategies are rendered futile if they overlook the dynamic interplay of threats, interdependencies, and shifting government policies. Gaining this “information advantage” will require a willingness to invest, particularly in intelligence gathering, asset oversight, supply chain assessments, and national security evaluations.
Yet, the onus of building a resilient energy framework cannot rest squarely on the shoulders of the private sector. Energy companies have already poured immense resources into delivering critical services to Americans. It is incumbent upon government officials and legislators to assist in addressing the multifaceted challenges posed by national security threats. This is not merely an industry-specific struggle; it is an American imperative. The government must amplify its efforts to disseminate relevant insights and mitigate the financial pressures that plague private entities as they guard against these existential risks. In this relentless battle, adversaries need only be successful once, while the energy sector must sustain unyielding vigilance to keep our lights on and our nation secure.