Paul Sutton

Paul Sutton is a member of Ofgem's Cyber Regulation Directorate working in collaboration with other Government departments to shape energy policy and guide operators and licensees towards improved security outcomes.

Ofgem work to achieve the aims of HMG to address the need to develop cyber resilience across our shared energy systems. Ofgem are jointly named as the competent authority for cyber security within the downstream gas and electricity sector, alongside the Department for Energy and Net Zero.

Before joining Ofgem in 2021, Paul was Group Head of Control Systems within RWE providing support and guidance to its operational assets as subject matter expert on control systems design, having gained over 20 years operational experience within Power Generation, designing, developing and managing control systems used to support safe and reliable operation of generation assets.

More About Paul
Headshot of Paul Sutton


Pauls work includes notable asset establishment projects; Staythorpe and Pembroke Power Station development, Offshore Wind Development, Biomass conversion and major life extension projects to migrate and upgrade control systems across multiple generating assets. Prior to joining the energy industry Paul held roles with both ICI and AstraZeneca where he graduated as a C&I Engineer (C.Eng) with qualifications in electrical and electronic engineering.

Pauls experience has allowed him to lead in the transition and development of control system design towards digitisation and he understand the security challenges faced by operators first hand. Paul now uses this experience within his role in Government as a Principal Security Advisor, specialising in Operational technology (OT) and Industrial Control Systems (ICS).