The Relationship Between Regulators and Power Utilities: Evaluating the Prudency of Cybersecurity Investments

This is the thirteenth in the series of USAID webinars on Digitalization and Cybersecurity in the Energy Sector hosted by E3.

While the implementation of cybersecurity measures is typically the responsibility of power system operators, regulators have an obligation to ensure that investments made in the name of cybersecurity are reasonable, prudent, and effective. USAID jointly with its implementing partner NARUC developed a first-of-its-kind guidelines on Evaluating the Prudency of Cybersecurity Investments. These guidelines are intended to assist regulators in defining tariffs by establishing a regulatory approach to enhance the cybersecurity stance of their power systems, and are based on literature and current practices. They attempt to answer the following questions:

  • How should the regulators and the companies interact in establishing a global cybersecurity strategy for the country?
  • Who should identify, benchmark, measure, and evaluate the countermeasures in different regulatory frameworks?
  • How can regulators identify and benchmark cybersecurity costs?
  • Is it possible to evaluate the effectiveness of cybersecurity investments?

This webinar will be recorded and posted on the USEA website. If you have any questions, please email Jake Swanson at [email protected].



Elena Ragazzi


Michael Colao

Manager of Data Protection and Assurance
Arizona Public Service (APS)