Iowa Governor Kim Reynolds has signed Executive Order 18, a new directive that expands the duties of the Iowa Department of Homeland Security and Emergency Management (HSEM) by making it the lead agency responsible for an annual statewide risk assessment to identify vulnerabilities and help protect the state. The executive order is part of broader efforts to strengthen Iowa’s resilience against foreign-linked threats and strategic vulnerabilities.
Under the order:
- HSEM is tasked with conducting a yearly evaluation of major risks facing Iowa, including threats to cybersecurity, economic stability, public health preparedness, and critical infrastructure.
- HSEM will also lead an annual vulnerability study of the state’s critical infrastructure, including energy infrastructure, helping policymakers understand and prioritize security and resilience needs.
- The assessment’s findings must be compiled into a report and submitted each year by July 1 beginning in 2026 to the Governor, the Speaker of the Iowa House, and the President of the Iowa Senate.
Energy is an essential system that serves as a foundational component that maintains Iowa’s economic stability. The Iowa Economic Development Authority’s (IEDA) State Energy Office has long been a leader in energy security planning across the state, coordinating with state agencies, such as HSEM, industry partners, and federal officials to address critical energy infrastructure risks and interdependencies, including economic dependencies and cybersecurity vulnerabilities.
More than a decade ago, the office developed Iowa’s first State Energy Security Plan. The most recent update was completed in 2024 in collaboration with an established Energy Security Workgroup that included representatives from multiple state agencies and the private sector. The Iowa Energy Security Plan addresses the state’s diverse energy portfolio, identifies critical threats and vulnerabilities to critical energy infrastructure, and establishes priorities to mitigate the impacts of potential disruptions. The plan’s adaptive nature ensures the state stays ahead of emerging challenges in a rapidly changing energy sector and can pivot to meet new executive orders and legislative priorities.
Dating back to 2020, IEDA has leveraged State Energy Program funds to develop its own grant program dedicated to supporting cybersecurity in rural electric cooperatives. The grants have supported a range of activities, including cyber vulnerability assessments of critical electric infrastructure, cybersecurity tabletop exercises to test physical and cyber preparedness, development of incident response plans, and vendor risk management assessments.
IEDA convened the state’s first Assessment of Capabilities in Energy Security (ACES) workshop in August 2025—led by the State Energy Office and supported by the U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) and NASEO. The workshop convened partners from Iowa’s electric utilities, as well as natural gas and propane industries, to assess public-private coordination and information-sharing practices, and identify steps to enhance operations and joint cybersecurity preparedness. The workshop yielded actionable strategies for next steps, from cybersecurity outreach and education, to hazard mapping and incident response planning.
This executive order positions the state to take a more coordinated and proactive approach to risk management, strengthening critical infrastructure, protecting essential services, and enhancing resilience for communities across Iowa.
If you have any questions about ACES or this story, please reach out to Sarah Trent (strent@naseo.org).