Overview

Protecting the nation’s energy grid and ensuring a reliable supply of energy are top priorities for America's electric companies. The energy grid is a complex, interconnected network of generation, transmission, distribution, control, and communication technologies, which can be damaged by natural events—such as severe storms—and by malicious events, such as cyber and physical attacks.

Today, the electric power industry is forging ahead with a series of initiatives to safeguard the energy grid from threats and is partnering with federal agencies to improve sector-wide resilience to cyber and physical threats. The industry also collaborates with the National Institute of Standards and Technology, the North American Electric Reliability Corporation, and federal intelligence and law enforcement agencies to strengthen its capabilities.

As threats to the grid grow and become more sophisticated, the industry remains committed to continuing to strengthen its defenses.

Key Facts

Electricity Subsector Coordinating Council (ESCC)

The Electricity Subsector Coordinating Council (ESCC) serves as the principal liaison between leadership in the federal government and in the electric power sector, with the mission of coordinating efforts to prepare for national-level incidents or threats to critical infrastructure.

Protecting the energy grid from threats that could impact national security and public safety is a responsibility shared by both the government and the electric power sector. The ESCC facilitates and supports policy- and public affairs-related activities and initiatives designed to enhance the reliability and resilience of the energy grid. These activities include all hazards, steady-state preparation, and emergency preparedness, response, and recovery for the nation’s electricity sector.

ESCC Web site(Open external link)(Open external link)(Open external link)

ESCC Brochure(Open external link)(Open external link)(Open external link)

ESCC Ransomware Preparedness(Open external link)(Open external link)(Open external link)

Cyber Mutual Assistance Program

Protecting the Energy Grid Against EMPs and GMDs

Protecting the nation’s energy grid and ensuring a reliable and affordable supply of energy are top priorities for America’s electric companies. The energy grid’s complex, interconnected technologies may be impacted by bursts of electromagnetic energy, such as naturally occurring geomagnetic disturbances (GMDs) or malicious, man-made electromagnetic pulses (EMPs). To address these potential hazards, the electric power industry is working hard to enhance the resilience of the energy grid, to mitigate the potential impact of an EMP, and to accelerate recovery from potential incidents.

In response to the low-likelihood, high-consequence threat of a high-altitude EMP (HEMP) to the energy grid, the electric power industry is working with the Electric Power Research Institute (EPRI) and with our government partners to better understand the impacts of a HEMP. This research helps us to make scientifically informed investment decisions for mitigation measures and to identify ways to leverage existing response and recovery programs and capabilities.

Model Procurement Contract Language Addressing Cybersecurity Supply Chain Risk

To facilitate managing cybersecurity supply chain risks, a committee of representatives of EEI member companies developed this model to align cybersecurity requirements and to encourage adoption by the vendor community. Recognizing the importance of procurement in managing supply chain risk, the member companies who developed the model focused on the processes required by the NERC supply chain risk management reliability standard—CIP-013-1—and they also included language that goes beyond this requirement with the goal of improving cybersecurity. The model is a starting point for negotiations with vendors and service providers—it should not be considered a best practice or requirement, and it can be adopted/adjusted as appropriate. Version 3.0 released in October 2022 reflects evolving industry best practices, including refinement of industry standards, it adjusts notification timeframes and other time-specified requirements, and it modifies language where appropriate.

Members-Only Resources

EEI Issue Communities

The EEI Security Issue Community provides members with an online forum to facilitate policy development, information exchange and networking. Members can communicate and share ideas, participate in discussion forums, send email blasts, create file libraries, organize conference calls, and keep track of important dates and upcoming events.