GPA
Cybersecurity:
Protecting
Guam's Energy
Future

GPA Cybersecurity: Protecting Guam’s Energy Future

Guam Power Authority (GPA) has been at the forefront of cybersecurity, ensuring the security and resilience of Guam’s energy infrastructure. Since implementing its DOE-approved cybersecurity plan in 2015, GPA has remained proactive in adapting to increasingly sophisticated threats in cooperation with federal authorities. Cybersecurity is a critical component of GPA’s mission to provide efficient, reliable, and secure power to Guam’s residents and partners.

GPA’s cybersecurity program aligns with national standards, adopting the NIST Cybersecurity Framework, NIST Special Publication (SP) 800 series guidelines, applicable NERC CIP standards, and more. It encompasses both information technology (IT) and operational technology (OT) systems, with core cybersecurity personnel holding specialized certifications such as Global Industrial Cyber Security Professional (GICSP).

Ongoing real-time monitoring and partnerships with cybersecurity entities reinforce GPA’s readiness and resilience. In addition to its cybersecurity investments, GPA has developed an independent fiber-optic network to reduce vulnerabilities and enhance control over critical systems. The Authority continues to integrate advanced networking solutions to strengthen its operational capabilities and safeguard critical infrastructure against evolving cyber threats.

GPA Cybersecurity Efforts Frequently Asked Questions (FAQ)

1. What is the current state of GPA's cybersecurity readiness, and how does it compare to other similar agencies or power companies?

GPA is at the forefront of cybersecurity readiness, protecting the island’s energy infrastructure through a robust Cybersecurity Plan (CSP) aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework and applicable North American Electric Reliability Corporation (NERC) CIPs. First approved by the U.S. Department of Energy (DOE) in 2015 under the Smart Grid Initiative Grant, this plan has been continuously enhanced to address emerging threats.

Since 2019, regular audits by cybersecurity special entities and other federal agencies have ensured compliance with national standards. GPA’s multi-layered approach integrates advanced technology, ongoing staff training, and stringent vendor requirements, including compliance with Trade Agreements Act provisions.

Cybersecurity is a core element of GPA’s mission to provide reliable power. Collaborations with national laboratories, such as NREL, PNNL, and INL, further strengthen its efforts. Through proactive planning and partnerships, GPA remains a leader in securing Guam’s energy infrastructure, ensuring a safe and sustainable future for the island.

2. What role do federal agencies play in GPA's cybersecurity strategy, and how has their involvement shaped GPA’s approach to protecting critical infrastructure?

GPA has developed key federal partnerships to assist with its cyber and physical security readiness and resilience. Cybersecurity special entities and other federal agencies provide audits, training, real-time monitoring, and access to advanced tools and resources.

Collaborative initiatives, including CyberStrike exercises and quarterly meetings with NAVFAC IT, enhance GPA’s situational awareness and strategic readiness. These partnerships ensure GPA meets national standards, stays ahead of emerging threats, and delivers reliable, secure energy to the people of Guam.

3. What specific measures has GPA implemented recently to enhance both cyber and physical security, and how are these efforts aligned with national security standards?

GPA has implemented significant measures to strengthen both cyber and physical security. Key upgrades include enhanced access control measures at critical facilities and investing in advanced cybersecurity tools such as multi-factor authentication and threat detection systems.

GPA’s IT staff hold highly valued GICSP, CISA, CCNA, CCNP and CompTIA Security+ certifications. Regular federal audits by cybersecurity special entities and other federal agencies ensure that potential vulnerabilities are identified for GPA to address, while smart grid security protocols, in place since 2015, enhance overall resilience. GPA also enforces strict cybersecurity requirements for its suppliers, ensuring new projects meet high security standards.

4. How does GPA balance transparency with the need to protect sensitive information when discussing cybersecurity issues with the public?

GPA carefully balances the need for transparency with the responsibility to protect sensitive information about its cybersecurity efforts. By sharing general updates, such as participation in initiatives like CyberStrike training, GPA reassures the public of its proactive measures while avoiding disclosures that could compromise security.

Collaboration with federal agencies ensures that all public messaging aligns with national security protocols, maintaining consistency and compliance. Through visible actions and adherence to recognized cybersecurity standards, GPA fosters public trust while safeguarding the integrity of Guam’s energy infrastructure.

5. Does GPA have enough resources to address cyber threats?

GPA effectively addresses cyber threats through resourcefulness and strategic partnerships with federal agencies. These collaborations provide access to tools, expertise, and additional support to strengthen GPA’s defenses.

GPA’s cybersecurity team comprises highly skilled, certified professionals who remain adaptable to evolving threats. Investments in critical infrastructure, such as GPA’s independent fiber-optic network, enhance reliability and reduce vulnerabilities.

GPA’s proactive cybersecurity program has been in place since 2015, long before recent high-profile threats, demonstrating years of commitment and strategic planning. With several million dollars in cybersecurity grants currently managed, GPA continues to reinforce its ability to protect Guam’s energy systems through targeted investments and innovative measures.

6. Why did GPA choose to build its own fiber-optic network instead of working with existing telecommunications companies?

GPA opted to build its own fiber-optic network as part of its commitment to resourcefulness and long-term system security. By reducing reliance on third-party telecommunications providers, GPA minimizes exposure to external vulnerabilities and ensures full control over its critical communications infrastructure.

This decision significantly enhances cybersecurity and operational reliability, providing secure and consistent data integrity across all substations. The independent network aligns with GPA’s broader mission to protect critical systems and deliver dependable energy services to the residents of Guam.

7. How does GPA ensure reliable energy for Guam’s residents and the Navy as a strategic partner?

GPA plays a critical role in supporting both the island’s residents and its strategic partners, including the U.S. Navy, which consumes approximately 20% of Guam’s energy. GPA ensures uninterrupted power delivery to meet the operational needs of the Navy while maintaining reliable service for families and businesses across the island.

The Authority’s infrastructure and cybersecurity measures are designed to balance the diverse energy demands of its customers. Collaborative efforts with federal agencies help GPA adhere to strict national standards, ensuring a resilient grid capable of supporting both military and civilian use.

Ongoing investments in infrastructure, advanced cybersecurity systems, and overall system resilience allow GPA to consistently deliver secure and reliable energy for all its customers, reinforcing its commitment to Guam’s community and strategic importance.