Inside the Energy Sector Cyber War: AI, Adversaries, and the Pentagon’s Plan to Stay Ahead

Original broadcast: 9/21/25

In this episode of Fed Gov Today with Francis Rose, the focus is on the growing cyber threats to America’s energy sector, the need for realistic modernization, and the Pentagon’s evolving cyber warfare strategy.

Alex Fitzsimmons, Director of the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), explains that the energy sector is “the critical sector” enabling every other part of the economy — which is why foreign adversaries increasingly target it. Fitzsimmons stresses that utilities and pipelines serving military installations are especially at risk in future conflicts. He highlights CESER’s mission of providing timely, actionable threat information to the energy sector, investing in cyber and physical security technologies, and building strong public-private partnerships.

Vikram Thakur of Broadcom emphasizes that agencies must address baseline security for legacy systems before focusing on ambitious long-term modernization. He points to the need for thousands more skilled professionals to implement and manage secure, interoperable systems.

Finally, John Garstka from the Department of Defense describes the Pentagon’s cyber survivability efforts, comparing them to “torpedo nets” that protect critical systems. He stresses designing resilient platforms, segmenting networks, and planning to operate through compromise to ensure mission success even under attack.

Inside America’s Cyber Frontlines: How DOE and Industry Are Fighting to Keep the Lights On

Francis Rose speaks with Alex Fitzsimmons, Director of DOE’s CESER office, about the rising threats to the energy sector. Fitzsimmons calls the energy sector “the critical sector,” noting that foreign adversaries are actively targeting utilities, pipelines, and fuel delivery companies — especially those serving military installations. CESER’s mission is to strengthen the sector’s security and resilience by sharing actionable information, funding R&D for world-class security technologies, and partnering closely with private industry. Fitzsimmons highlights the Energy Threat Analysis Center in Denver, which brings cleared industry and government experts together to analyze vulnerabilities and share solutions quickly. He stresses that information sharing must be bi-directional so industry and government know what the other knows. Looking ahead, Fitzsimmons says AI will be a critical tool in cyber defense, as adversaries are already investing in AI-enabled attacks. DOE is launching the “AI Forts” program to accelerate the delivery of AI-powered defensive tools to the private sector. He emphasizes that energy companies must assume adversaries are already inside their systems and focus on planning, segmenting networks, and hardening infrastructure to ensure they can operate through compromise.

Key Takeaways:

1. Energy is the “critical sector.” Without it, every other part of the economy grinds to a halt — making it a prime target for nation-state cyberattacks.
2. Public-private partnership is essential. CESER’s mission centers on bi-directional information sharing and collaboration with industry to quickly address vulnerabilities.
3. AI is the future of cyber defense. DOE’s new “AI Forts” initiative aims to deploy AI-powered tools that can automate the cyber kill chain and respond to threats faster.

Stop Chasing Shiny Tech: Why Agencies Must Fix Security First Before Going All-In on AI

Vikram Thakur, Technical Director at Broadcom, joins Francis Rose to discuss modernization in government IT. He cautions that agencies should not leap ahead with futuristic plans before addressing their current security gaps. Many agencies still rely on sprawling, disconnected legacy systems that must be secured first. Thakur stresses the importance of establishing baseline security across government before chasing the next generation of technology. He encourages agencies to adopt solutions that are partly “out-of-the-box” but still adaptable to each organization’s environment. AI, automation, and machine learning should be used to detect abnormal activity and learn what is “normal” in different departments, such as finance, HR, or frontline offices. Thakur notes that the biggest hurdle is not technology but talent: the federal government needs thousands more skilled professionals to design, implement, and secure systems. Government and industry must work together to attract, incentivize, and train this workforce. With the right people and technology in place, agencies can achieve secure, interoperable systems and build toward long-term modernization goals while still solving today’s urgent problems.

Key Takeaways: 

1. Secure first, modernize second. Agencies must establish baseline cybersecurity across legacy systems before pursuing ambitious modernization projects.
2. AI should learn “normal” behavior. Machine learning can flag anomalies unique to each department, helping administrators act before problems escalate.
3. Talent is the bottleneck. Government needs thousands more skilled IT and cybersecurity professionals — a challenge that requires industry-government collaboration.

The Pentagon’s Cyber Torpedo Nets: How DoD Plans to Survive the Next Digital Pearl Harbor

John Garstka, Director for Cyber Warfare in the Office of the Deputy Assistant Secretary of Defense, explains how the Pentagon is working with industry to improve cyber resilience for critical infrastructure and weapons systems. He says DOD is focused on both “proactive activities,” like cyber hardening, and collaboration with commercial partners to protect key cyber terrain. Garstka compares cyber survivability to stealth design in aviation — building systems from the ground up to take a punch and keep operating. For legacy systems, the Pentagon pursues “block upgrades” to secure components, align cyber defenders, and deploy sensing and monitoring technologies that protect operational technology environments. Recent experiments at Edwards Air Force Base have proven these approaches work, collecting critical data for both cybersecurity and predictive maintenance. Garstka warns that adversaries are already inside U.S. networks and that the challenge is to “operate through compromise” and recover quickly when attacks happen. He uses the analogy of deploying torpedo nets before Pearl Harbor to underscore the importance of anticipating attacks before they happen. His message is clear: the Pentagon is committed to preparing for a highly contested cyber environment and protecting mission-critical systems.

Key Takeaways:

1. Cyber survivability is mission-critical. DoD is designing new systems — and upgrading old ones — to withstand cyberattacks and keep operating.
2. Operate through compromise. The Pentagon assumes adversaries are already inside networks and focuses on responding and recovering quickly.
3. Lessons from history matter. Gorska’s “torpedo nets” analogy underscores the need to anticipate threats before they cause catastrophic damage.