OT Cybersecurity Policy for Utilities

The Intersection of Infrastructure, Technology, and Regulation

January 20 - 21, 2026 Online :: Central Time

Cybersecurity is an integral component of operational integrity, regulatory compliance, and national resilience. As the electric utility sector undergoes a rapid digital transformation, the security of operational technology (OT) systems has emerged as both a strategic imperative and a boardroom concern.

In an environment characterized by the increasing interconnectedness of sensors, distributed energy resources, aging infrastructure, and AI-enhancements, the policies governing these systems must evolve at a pace that mirrors their technological advancements.

This course equips utility executives and operational leaders with the requisite insights to effectively manage risk at the nexus of infrastructure, technology, and regulation. Through interactive case studies, executive-level scenarios, and real-world examples specifically designed for electric utility professionals, we will explore the unique characteristics and inherent risks in OT environments within utilities, emphasizing the significance of aligning cybersecurity strategies with operational and regulatory expectations for long-term resilience.

Key areas of focus include:

Understanding the characteristics and risks associated with OT environments within utilities
The role of OT cybersecurity policy
Cybersecurity frameworks and controls
Strategies for building a cyber-resilient organizational culture
Engaging regulators on topics of cybersecurity and ensuring financial investments in security are risk-based and appropriate
Connecting cybersecurity policy to organizational goals and customer interests

Equip yourself with the leadership, strategic thinking, and technical skills needed to manage OT cybersecurity policy effectively.

Learning Outcomes

Review the elements of OT systems in electric utilities
Evaluate and apply cybersecurity frameworks and policy approaches for critical infrastructure alongside regulatory expectations
Prepare for cyber incidents through scenario-based role play and guided exercises, strengthening executive decision-making and incident response readiness
Governance, policy, and risk mitigation strategies for integrating AI responsibility and securely
Design and champion enterprise-wide cybersecurity awareness initiatives that are purposeful, engaging and regulatory compliant for heightened resilience

Register

Please Note: This event is being conducted entirely online. All attendees will connect and attend from their computer, one connection per purchase. For details please see our FAQ

If you are unable to attend at the scheduled date and time, we make recordings available to all attendees for 7 days after the event

REGISTER NOW FOR THIS EVENT:

This event has passed and cannot be registered for. If you would like to see if this event will be offered again please reach out to [email protected]

Your registration may be transferred to a member of your organization up to 24 hours in advance of the event. Cancellations must be received on or before December 19, 2025 in order to be refunded and will be subject to a US $195.00 processing fee per registrant. No refunds will be made after this date. Cancellations received after this date will create a credit of the tuition (less processing fee) good toward any other EUCI event. This credit will be good for six months from the cancellation date. In the event of non-attendance, all registration fees will be forfeited. In case of conference cancellation, EUCIs liability is limited to refund of the event registration fee only. For more information regarding administrative policies, such as complaints and refunds, please contact our offices at 303-770-8800

Day one

Tuesday, January 20, 2026

Day two

Wednesday, January 21, 2026

Agenda

Tuesday, January 20, 2026
Central Time

Online

Log In & Welcome

8:45 AM

Lunch Break

12:00 - 12:30 PM

Adjourn for the day

4:00 PM

8:45 AM - 9:00 AM

Log In & Welcome

12:00 - 12:30 PM

Lunch Break

9:00 AM - 4:00 PM

Course Timing

Introduction and Expectations for Participants

Instructor: Introductions, course objectives, and setting expectations for a practical, interactive learning experience

Participant Introductions

OT Role Play
Hands-on exercise

Understanding the OT Landscape and Cyber Risk

The Unique Nature of OT:

Defining Operational Technology (OT) vs. Information Technology (IT) in utilities
Key characteristics of OT systems
Resilience, Reliability, and Safety

The Evolving Risk Landscape:

Common cyber threats targeting OT
Real-world examples of OT cyber incidents in critical infrastructure
Understanding the motivations of adversaries
The active role of regulatory, compliance, and policy leaders

Interactive Activity:
Bridging the Gap: Why utility operational knowledge is crucial for effective cybersecurity, and why security experts need to understand utility regulatory processes and financial considerations.

Interactive Discussion:
What are your biggest concerns about cyber risk to your current operational area that you feel comfortable discussing publicly?

Cybersecurity Frameworks for Utility Professionals

Demystifying Frameworks:

Overview of foundational cybersecurity frameworks applicable to OT with a focus on practical application
How these frameworks provide a structured approach to managing cybersecurity risk
Translating framework concepts into actionable steps for utility leaders

Key Security Controls:

Identity, Access, and Authentication - A Case Study Review
Quantum and Cryptography

The Foundation of Strong Security:

Developing effective OT cybersecurity policies: scope, objectives, and key components
Aligning internal policies with industry best practices and emerging regulations

Regulatory Compliance Beyond NERC CIP:

Understanding the role of state public utility commissions (PUCs) and other relevant regulatory bodies
Key compliance areas and requirements for OT cybersecurity

Annual Filings and Briefings to Regulators:
Strategies for clear, concise, and impactful reporting on cybersecurity posture and initiatives

Incident Response:
Emergency Preparation, Business Continuity, and Stakeholder Engagement

Management of Documentation:
The importance of comprehensive and up-to-date cybersecurity documentation

Chain of custody
Accessibility and relevance

Interactive Roundtable Exercise: Incident Response Scenario

Scenario Introduction:
Cyber incident impacting utility OT

Guided Discussion:
Each group discusses their initial response, policy implications, communication strategy (internal and external), and immediate actions.

Debrief and Learnings:
Facilitated discussion on the challenges, interdependencies, and importance of a coordinated response across the organization with an emphasis on policy adherence

Wrap Up

Overview of key concepts, lessons learned, insights, and Day 2 goals

Agenda

Wednesday, January 21, 2026
Central Time

Online

Log In

8:45 AM

Adjourn for the day

12:00 PM

8:45 AM - 9:00 AM

Log In

9:00 AM - 12:00 PM

Course Timing

Recap of Day 1 & Setting the Stage for AI

Brief review of key concepts from Day 1

Introduction to AI's growing role in critical infrastructure

AI in Utility Operations: Benefits and Risks

The Promise of AI:

AI enhancement of grid resilience, operations, predictive maintenance, and cybersecurity
Real-world and hypothetical use cases of AI in electric utility OT

The Perils of AI:

Emerging cybersecurity risks associated with AI
Ethical considerations and accountability in AI deployment

Updating Internal Policies for AI Integration:

Key policy considerations for safe and responsible AI deployment in utilities
Addressing data governance, transparency, oversight, and incident response specific to AI

Examples of AI Technologies in the Electric Utilities

Cultivating a Cyber-Resilient Culture: Education & Outreach

Beyond Technical Training:

Developing comprehensive cybersecurity education and awareness programs for all utility personnel
Tailoring content to different roles and technical proficiencies
The importance of continuous learning and reinforcement

Effective Outreach Strategies:

Communicating the "why" behind cybersecurity policies and procedures
Engaging senior leadership in championing cybersecurity
Building a culture of shared responsibility and proactive reporting
Leveraging real-world examples to illustrate concepts

Integrating Cybersecurity into the DNA of the Organization:

How leaders can drive cultural change and embed security into daily operations
Metrics for success in cybersecurity awareness and behavior

Course Wrap-up, Key Takeaways & Future Steps

Review of all course objectives and how they were met
Open Q&A and final discussion

Instructor

India James

Consultant

India James is a seasoned business executive and former Fortune 100 Director with expertise in cybersecurity, operational technology (OT), AI, and critical infrastructure. With a career grounded in national security and energy sector operations, she has led cybersecurity and technology policy efforts at one of the largest utility holding companies in the U.S., driving strategic initiatives across generation, transmission, distribution, and customer systems.

India currently serves on the board of the Women’s Council on Energy and the Environment, where she advances cross-sector dialogue on security, AI, and national defense. She has been and is a sought-after speaker on critical infrastructure protection and cybersecurity strategy at leading industry events, and served as an advisory board member for DISTRIBUTECH’s international security committee. India also holds multiple CompTIA certifications in cybersecurity, underscoring her practical, industry-recognized knowledge in security and risk governance. Known for her pragmatic and executive-level perspective, she equips utility leaders with the strategic insight needed to manage cyber risk, align policy, and strengthen resilience and reliability while maintaining an appreciation for affordability.

Continuing Education Credits

IACET

AP_Logo

EUCI is accredited by the International Accreditors for Continuing Education and Training (IACET) and offers IACET CEUs for its learning events that comply with the ANSI/IACET Continuing Education and Training Standard. IACET is recognized internationally as a standard development organization and accrediting body that promotes quality of continuing education and training.

EUCI is authorized by IACET to offer 1.0 CEUs for this event

Verify our IACET accreditation

Who recognizes IACET Credits?

Requirements for Successful Completion of Program

Participants must log in each day and be in attendance for the entirety of the course.

Instructional Methods

This program will use PowerPoint presentations, Excel demonstrations, group discussions, as well as active participation.

CPE

Upon successful completion of this event, program participants interested in receiving CPE credits will receive a certificate of completion.

Course CPE Credits: 11.0
There is no prerequisite for this Course.
Program field of study: Specialized Knowledge
Program Level: Basic
Delivery Method: Group Internet Based
Advanced Preparation: None

Cpe EUCI is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org

CLE

Only registered attendees can request CLE credits for an EUCI course/event. Please email [email protected] prior to the course start date and list the state where you are licensed and your bar# as well as the name and date of your course/event in your request, and someone will be in contact.

Who Should Attend

Utility External Affairs and Regulatory Affairs Professionals
Energy Regulatory Policy Makers
Security Governance, Risk, and Compliance Employees
Utility Security and IT