The cyber threat landscape facing America’s energy sector is intensifying — and both government and industry leaders are racing to stay ahead. In this segment of Fed Gov Today, Francis Rose speaks with Alex Fitzsimmons, Director of the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), about how his office is working to safeguard what he calls “the critical sector” of the U.S. economy.
Fitzsimmons opens with a striking reminder: “The energy sector is not just a critical sector of the economy. It is the critical sector of the economy that makes every other sector possible.” Reliable energy powers transportation systems, hospitals, manufacturing plants, and government operations. That central role, he says, makes energy an attractive target for nation-state adversaries who want to disrupt daily life or gain a strategic advantage. “Foreign adversaries know who they are targeting, and they are under particular threat if you’re looking at potential future conflict scenarios,” he warns, pointing to utilities, pipelines, and fuel delivery companies that serve military installations as especially vulnerable.
CESER’s mission, Fitzsimmons explains, is to strengthen both the security and resilience of the entire energy sector, from large utilities to smaller operators. His office provides timely, actionable threat intelligence to private-sector partners, invests in the research and development of new cybersecurity and physical security technologies, and works to build robust public-private partnerships. He points to the Energy Threat Analysis Center in Denver as a model of collaboration. “We have actually cleared industry participants that can sit down with us and review actionable threat information and figure out: is this vulnerability something that’s widespread? Is this something that we really need to care about? And then, if so, how can we tackle this as a government and as an industry?”
For Fitzsimmons, information sharing is a cornerstone of CESER’s work, and it must flow in both directions. He notes that energy companies sometimes hold data they don’t realize is crucial to the bigger picture. “One of the challenges is that the energy sector had information that they didn’t know was really valuable to somebody else,” he recalls. “Our job is to make sure they have access to the same information that we have, so they know what the vulnerabilities are and can mitigate them.”
Looking ahead, Fitzsimmons sees artificial intelligence playing a major role in securing energy systems. “One of the most important use cases for AI in the future is going to be to secure our energy systems with AI,” he says. DOE’s new “AI Forts” program, included in the FY26 budget, is designed to speed the development and deployment of AI-powered defensive tools. “We need to be at the cutting edge of technological development. We need to be investing in cyber defense,” Fitzsimmons stresses, adding that these tools could help automate key steps in the cyber kill chain and dramatically reduce the time it takes to respond to attacks.
Perhaps his most urgent message is about a shift in mindset. The goal is no longer to prevent every intrusion — that is unrealistic in today’s environment. Instead, energy operators must prepare to “operate through compromise.” Fitzsimmons explains that the sector must assume adversaries are already inside some systems and plan accordingly. That means segmenting IT and OT networks so intruders cannot easily move laterally, hardening the most critical control systems to make them more resistant to attack, and creating detailed response and recovery plans to restore operations quickly when incidents occur. “It’s what you do on a bad day that matters,” he says. “We have to have an operational plan in place to respond and recover as rapidly as possible.”
In a sector where reliability is expected 100 percent of the time and failures can have life-or-death consequences, Fitzsimmons’ message is unmistakable: resilience is not optional. By improving information sharing, investing in cutting-edge AI defenses, and preparing to operate even when compromised, CESER and its partners are laying the groundwork for an energy sector that can withstand the most sophisticated cyber threats and keep the lights on for the nation.