July 22, 2018

July 20, 2018

Subscribe to Latest Legal News and Analysis

New Report Highlights Cyber Threat to US Electric Industry

As evidence that cyberattacks continue to threaten electric infrastructure in the United States, a report issued on December 14 by cybersecurity firm FireEye indicates that critical infrastructure industrial control systems (ICS) could be susceptible to a new type of malware. FireEye reported that the malware—dubbed “TRITON”—triggered the emergency shutdown capability of an industrial process within a critical infrastructure ICS. This is not the first time that hackers have successfully targeted ICS. In 2013, hackers believed to be operating on behalf of a state-actor managed to take partial control of the Bowman Avenue Dam near Rye Brook, New York. More recently, reports emerged this past summer that hackers gained access to the operational grid controls of US-based energy firms. Because of the destructive potential of these types of breaches, critical electric and other utility infrastructure will remain highly-prized targets for future cyberattacks.

As the pace of reported cyber attacks on ICS continues to pick up, scrutiny of electric utilities’ compliance with the Critical Infrastructure Protection (CIP) reliability standards by the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) is likely to increase. It is highly likely that electric utilities will receive data requests or informal outreach from FERC or NERC in the near future to determine whether those utilities have similar equipment that could be exploited, and if so, what steps they have taken to mitigate the threat. Even in the absence of such requests, these events provide a good opportunity for electric utilities to test the sufficiency of their CIP compliance programs in identifying and remediating such threats.

Copyright © 2018 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

TRENDING LEGAL ANALYSIS


About this Author

J. Daniel Skees, Energy attorney, Morgan Lewis
Partner

J. Daniel Skees represents electric utilities before the Federal Energy Regulatory Commission (FERC) and other agencies on rate, regulatory, and transaction matters. He handles rate and tariff proceedings, electric utility and holding company transactions, reliability standards development and compliance, and FERC rulemaking proceedings. The mandatory electric reliability standards under Section 215 of the Federal Power Act are a major focus of Dan’s practice. He advises clients regarding compliance with reliability standards, and helps them participate in the...

202-739-5834
Arjun Prasad Ramadevanahalli, Morgan Lewis, energy attorney
Associate

As the US energy business continues to evolve, Arjun Prasad Ramadevanahalli represents key industry participants in regulatory, transactional, and litigation matters, including investigations and enforcement proceedings. Arjun represents electric power, natural gas, and other energy industry participants before the Federal Energy Regulatory Commission (FERC), the US Commodity Futures Trading Commission (CFTC), and the North American Electric Reliability Corporation (NERC). When necessary, his representations extend to court appeals.

202-739-5913