The energy sector reported the most cybersecurity incidents out of any critical infrastructure sectors with about a third of the reported cyber incidents. The energy sector falls under the jurisdiction of 5 different federal agencies all making their own guidelines. While other agencies make and enforce their own guidelines, the agency ultimately responsible for the cybersecurity portion of the energy sector is the TSA who understaffs this sector with a maximum of 14 full time employees and only uses voluntary guidelines with no enforcement or plan to enforce in the future. Voluntary guidelines provide no reason to follow them, and in the past companies have shown that mandatory standards often result in companies accumulating a large amount of fines. One of the possible solutions this article proposes is an incentive system to improve cybersecurity. It also suggests that individual sectors such as electricity and natural gas shouldn’t necessarily have the same approach to cybersecurity and recommends fitting standards to each industry.