What happened
The DoE published a 5-year energy security plan for fiscal years 2026 to 2030 through the Office of Cybersecurity, Energy Security, and Emergency Response. The plan sets three goals: develop “world-class” security technologies, harden U.S. energy infrastructure, and strengthen emergency preparedness for response and recovery from incidents. It is intended to align with the administration’s National Energy Dominance Council established in February 2025. Under the first goal, CESER said it will issue an RD&D roadmap, complete two new solutions for private-sector adoption each year over the next five years, and improve return on investment through a formal requirement process. The plan also highlights AI-FORTS and Project Armor, with the latter described as a five-year initiative to harden critical U.S. energy infrastructure and strengthen energy systems to prevent and recover from wildfires and other hazards.
Who is affected
The plan applies directly to the U.S. energy sector and to critical energy infrastructure targeted for hardening under CESER’s objectives. It also reaches organizations involved in energy security technologies, emergency preparedness, and infrastructure resilience tied to response and recovery from natural disasters, physical attacks, or cyberattacks.
Why CISOs should care
The plan matters because it sets a five-year federal framework for energy security work spanning technology development, infrastructure hardening, and incident response preparedness. For CISOs in energy and adjacent sectors, it signals where federal priorities, resilience efforts, and security investment activity are expected to focus through 2030.
3 practical actions:
- Map against the federal goals: Review current security programs against the three goals in the CESER plan to identify where technology development, infrastructure hardening, or emergency preparedness efforts already align or may need adjustment.
- Track named initiatives closely: Monitor how AI-FORTS and Project Armor develop, since both are explicitly identified as vehicles for protecting energy systems and hardening critical infrastructure.
- Prepare for operational follow-through: Treat the annual training, exercise, and emergency process objectives in the plan as indicators of where execution expectations may tighten across the energy security ecosystem over the next five years.
For more coverage of policy, strategy, and industry-wide developments, explore our reporting under the Cybersecurity tag.