Modern life runs on energy. Defense, manufacturing, healthcare, and communications all depend on affordable and reliable supply. Yet our energy system faces growing risks—from natural disasters and cyberattacks to geopolitical shocks and aging infrastructure. The Energy FIRST Initiative brings together experts from industry, government, academia, and civil society to ensure American and allied energy systems can continue to deliver through conflict and crisis. The initiative complements federal frameworks such as the National Infrastructure Protection Plan by turning strategy into field-tested practice that operators can use across five interconnected elements of energy security:

Fuel and supply chains

Keeping energy available by surfacing shared dependencies and aligning partners on continuity goals.

America’s energy system is strong at home but influenced by global forces. Fuels, key components, and enabling technologies cross borders at every stage, from extraction and refining to manufacturing and final assembly. U.S. energy commodity exports can stabilize allies and advance global security, but these same links can carry overseas shocks into domestic prices and fuel availability. The concentration of electrical component manufacturing and critical minerals processing abroad increases U.S. exposure to geopolitically motivated disruptions. Also, concurrent hazards like severe weather, sabotage, and cyber-physical incidents can trigger simultaneous replacement needs for long-lead time equipment (e.g., large power transformers), potentially leaving utilities challenged to deliver reliable power for months or even years.

Meeting this reality means treating fuels, materials, and components as a single end-to-end supply chain. The United States needs clear continuity targets for what must stay powered; transparency beyond just the top-tier suppliers; qualified substitutions for critical parts and materials; and diversified options for sourcing, transport, and repair. Spares strategies, refurbishment pathways, and mutual-aid arrangements should be sized to address concurrent hazards rather than single events, and recovery time objectives should reflect actual manufacturing and shipping constraints and risks.

When organizations can see their critical dependencies and chokepoints, supply chain security improves. In mature programs, that awareness is paired with living parts lists and supplier maps for critical equipment, along with pre-agreed substitutes vetted by manufacturers and regulators. Advanced supply chain security also benefits from commercial scaffolding—such as standing arrangements for fuel swaps, expedited logistics, and customs clearances—and peer participation in shared spares pools and regional repair options for long-lead time equipment. Mature programs also benefit from neutral testing for backup parts and procedures, ensuring that they can be trusted when under pressure. Finally, supply chain security improves when progress is tracked with a few easy-to-grasp metrics that incentivize actions to shorten eventual outages.

Infrastructure Modernization

Supporting investment decisions that meet rising demand but remain grounded in real-world constraints and community needs.

America’s electric power grid was built for one-way flows and predictable demand; today it must handle rapid load growth, variable generation, and more frequent extreme conditions, all without sacrificing affordability. The challenge isn’t just adding new generation capacity; it’s also about delivery. That means treating investment and policy decisions across transmission, distribution, storage, and flexible load as an integrated package, otherwise inviting increased congestion costs and less reliable service.

To meet this reality, utility planning and operations have to evolve. Demand forecasts should be probabilistic and scenario-driven, not straight-line. Devices and control platforms must be interoperable, and protection and operating practices must accommodate two-way power flows. Local networks need better data visibility and modern protection to ensure that safety margins hold under abnormal conditions. And operators and regulators need credible ways to value all resources so capital flows to the solutions that actually improve adequacy and stability.

Delivering that shift takes disciplined action: optimize wires, storage, and flexible load; publish standard models and settings to shorten interconnection timelines; invest in telemetry, data standards, and sharing so operators see the entirety of the system they are tasked to manage; prioritize unlocking “capacity from what we have” (e.g., advanced conductors, dynamic line ratings, topology optimization) while building long-lead time assets, like transformers; and align regulation and siting requirements so projects move from concept to operation faster. The result is a power system that quickly connects new capacity, maximizes existing assets, and stays reliable, even in the worst of conditions.

Resilience

Building common stakeholder expectations for preparedness, continuity, and recovery so outages are shorter and impacts smaller.

Reliability keeps the grid steady in routine conditions, but resilience keeps essential services running when conditions are abnormal, prolonged, or compounding. Modern hazards tend to cluster—heat plus wildfire smoke, ice plus wind, a storm followed by flooding—and the impacts cascade across power, water, telecom, healthcare, and transportation. The aim of resilience is not “zero outages,” but continuity of the most important functions and a predictable path to restoration when the system is stressed.

Achieving resilience requires being able to operate through disturbances, not just recover afterwards. Operators need options to reconfigure networks, temporarily island critical areas, and prioritize community lifeline services. Protection and controls must adapt to abnormal conditions without creating new failure modes, while situational awareness, impact forecasting, and clear restoration playbooks help leaders sequence actions despite uncertainty. Equally important are the people and processes involved: incident command that integrates utilities with emergency managers; interoperable communications so crews and partners can coordinate effectively; and public messaging that sets realistic expectations and supports vulnerable customers.

Resilience improves when it is measured and practiced. The most effective programs set explicit continuity targets (i.e., what must stay on, at what level, for how long) and restoration time objectives. They also run exercises that test those targets under stress, assign owners to the findings, and track closure to completion. When a crisis occurs, these programs capture lessons and update plans quickly. In short, resilience is a disciplined, all-hazards program—centered on continuity, adaptable operations, and rapid learning—so communities can absorb shocks and more rapidly resume normal service.

Security (Cyber–Physical)

Bridging intelligence, operations, and governance to reduce digital and physical risks to critical infrastructure systems.

Energy systems face adversaries who probe both the virtual and physical fence lines for vulnerabilities. At the same time, the attack surface keeps expanding with remote access for contractors, legacy protocols with limited authentication, complex vendor ecosystems, and widely deployed programmable devices. Modern attacks can range from network intrusion to hands-on sabotage, producing consequences that are hard to reverse.

Effective defense starts with consequence-first thinking: identify the functions whose loss would matter most, trace the pathways an attacker could use, and break those paths with layered controls. To test those controls, exercises should rehearse blended scenarios (e.g., malware during a storm, sabotage during a heat wave), with clear roles for all stakeholders from utilities to law enforcement to regulatory agencies. Finally, effective defense tracks a targeted set of security metrics, including coverage of critical assets, mean time to detect and contain, and closure rates for recurring issues, so investment flows to the highest-impact risk reductions rather than checkbox compliance.

Technology & Adaptation

Creating confidence to adopt new tools and technologies by clarifying benefits, limits, and safeguards.

The energy system is becoming a software-defined, data-driven enterprise. Advanced analytics, AI-assisted operations, digital twins, and edge controls promise faster situational awareness, better dispatch, and safer work. But these same tools change the risk profile: data quality and provenance determine outcome quality, opaque models can fail in rare conditions, and tightly coupled automation can amplify small mistakes. Effective adoption starts with clear use-cases (what decision is improved, by whom, and with what evidence), explicit guardrails, and the ability to roll back when reality diverges from the model.

Dependable deployment requires disciplined validation and lifecycle management. Algorithms and control applications need repeatable testbeds, scenario libraries, and acceptance criteria that reflect abnormal as well as nominal conditions. Stakeholders should treat model changes, firmware releases, and third-party patches as they would physical equipment: tracking versions, keeping change logs, and using only approved, signed releases. Human factors also matter as much as code: tools need to include plain-language explanations, fail-safe modes, and training for operators on when to trust the tool—and when to override it.

Technology choices should preserve freedom for operators to maneuver. Interoperable interfaces, exportable data, and modular architectures reduce vendor lock-in and allow organizations to mix best-of-breed components as needs evolve. Procurement should weigh not just features, but maintainability, support horizons, and total cost of ownership, including the cost of decommissioning or migrating later. Done well, adaptation is not a race to the newest gadget—it is a governed pathway from prototype to production that delivers measurable improvements without trading resilience for novelty.