Grid Defense: Centralized Strategy, Local Autonomy

Grid Defense: Centralized Strategy, Local Autonomy

RUSI documented that in 2024, a targeted attack on identical solar panel controllers disrupted energy generation on a relevant scale across numerous facilities.

Identical Systems Create Virtual Critical Infrastructure

RUSI argues that deploying identical systems across numerous facilities can transform decentralized grids into a "single 'virtual critical infrastructure'." Threats, for instance, spread via cloud-connected Supervisory Control and Data Acquisition (SCADA) systems, vendor-managed protection relays, and historian platforms that maintain real-time data feeds to third parties, Power Magazine detailed. These vulnerabilities propagate through the convergence of Operational Technology (OT) and Information Technology (IT) networks, a phenomenon detailed in a NIST Special Publication and by Falcon Feeds. Artificial intelligence further accelerates this transmission, Power Magazine further noted, by enabling systematic scanning for exposed OT interfaces and the rapid operationalization of newly disclosed vulnerabilities across these shared environments. A peer-reviewed study and NAESB warn that once a key node or line fails due to an attack, the complex interdependencies of the power grid can initiate a cascade effect, causing other units to fail and potentially collapsing the entire power system.

CISA CI Fortify Mandates Isolation and Manual Fallbacks

Power Magazine explains that the CISA CI Fortify initiative directs utilities to plan for safe operations during geopolitical crises, operating on the core assumption that threat actors will likely already have access to OT networks. Centralized military-grade defense architectures also effectively isolate vulnerabilities before they propagate by mandating rigorous isolation and recovery protocols. To prevent cascading failures, Power Magazine emphasizes that this framework requires utilities to map OT connectivity and dependencies, build and exercise isolation procedures, prioritize patching on externally accessible systems, and develop out-of-band communications capabilities. A Department of Energy report stresses the vitality of maintaining manual operation capabilities for defense-critical electric infrastructure, ensuring operators can retain basic switching expertise and sustain essential services even when digital systems are compromised. This approach aims to contain cyber intrusions to isolated segments of the infrastructure, thereby mitigating cascading systemic risks, Power Magazine asserts.

DoE 2025 Proposal Expands FERC Jurisdiction

Utility Dive documented a late 2025 Department of Energy proposal that directed FERC to extend jurisdiction over large load interconnections, shifting authority from state oversight to federal control. The historical track record of cyber incidents in North American and European power grids reveals a continuous balancing act between centralized oversight and operational resilience. Incidents like Russia's Sandworm attack on European grid infrastructure in December 2025, documented by Eurelectric and Power Magazine, underscore the need for centralized strategic planning and an integrated civilian-military cyber ecosystem to counter advanced persistent threats, RUSI and the Belfer Center contend. The Department of Energy confirmed in a report that it has identified a dedicated, centralized point of contact to coordinate with responsible utilities on defense-critical electric infrastructure. These incidents also demonstrate that operational resilience during a crisis requires decentralized decision-making and autonomous execution, the Belfer Center and Power Magazine observed. A University of Cincinnati law scholarship paper and Eurelectric detailed the July 2024 Northern Virginia data center disconnections, which prompted federal directives.

DoD Zero Trust and NIST 1500-202 Frameworks

Major North American and European power plants are deploying advanced cyber defense architectures, including the Department of Defense's Zero Trust model and the National Institute of Standards and Technology (NIST) Special Publication 1500-202 framework for Cyber-Physical Systems (CPS). Power Magazine explains that the CISA CI Fortify initiative further mandates isolation and recovery planning for operational technology networks. A Department of Energy report highlights that funding for Defense Critical Electric Infrastructure (DCEI) resilience improvements is a contentious issue, with ongoing debates over whether federal agencies or ratepayers should bear the financial burden.

NERC Level 3 Alert and FERC Authority Expansion

Directives like the NERC Level 3 Alert and the adoption of military-grade cyber defense architectures evidence increased federal oversight in strategic planning, intelligence sharing, and setting defense standards. The adoption of military-grade cyber defense architectures signals an ongoing transformation of energy governance, establishing a dynamic interplay between centralized strategic command and decentralized operational autonomy. This shift also necessitates significant investment and capability development at the utility level to ensure autonomous operation and localized resilience during cyber-physical attacks, a mandate of CISA's CI Fortify initiative. Future governance models will continue to evolve towards integrated civilian-military cyber ecosystems that prioritize both national strategic alignment and thorough, localized resilience.


Download the full research report (PDF)