April 22, 2018

April 20, 2018

Subscribe to Latest Legal News and Analysis

New Report Highlights Cyber Threat to US Electric Industry

As evidence that cyberattacks continue to threaten electric infrastructure in the United States, a report issued on December 14 by cybersecurity firm FireEye indicates that critical infrastructure industrial control systems (ICS) could be susceptible to a new type of malware. FireEye reported that the malware—dubbed “TRITON”—triggered the emergency shutdown capability of an industrial process within a critical infrastructure ICS. This is not the first time that hackers have successfully targeted ICS. In 2013, hackers believed to be operating on behalf of a state-actor managed to take partial control of the Bowman Avenue Dam near Rye Brook, New York. More recently, reports emerged this past summer that hackers gained access to the operational grid controls of US-based energy firms. Because of the destructive potential of these types of breaches, critical electric and other utility infrastructure will remain highly-prized targets for future cyberattacks.

As the pace of reported cyber attacks on ICS continues to pick up, scrutiny of electric utilities’ compliance with the Critical Infrastructure Protection (CIP) reliability standards by the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) is likely to increase. It is highly likely that electric utilities will receive data requests or informal outreach from FERC or NERC in the near future to determine whether those utilities have similar equipment that could be exploited, and if so, what steps they have taken to mitigate the threat. Even in the absence of such requests, these events provide a good opportunity for electric utilities to test the sufficiency of their CIP compliance programs in identifying and remediating such threats.

Copyright © 2018 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

TRENDING LEGAL ANALYSIS


About this Author

J. Daniel Skees, Electric Utilities Attorney, Morgan Lewis, Law Firm
Associate

J. Daniel Skees represents electric utilities before the Federal Energy Regulatory Commission (FERC) and other agencies on rate, regulatory, and transaction matters. He handles rate and tariff proceedings, electric utility and holding company transactions, reliability standards development and compliance, and FERC rulemaking proceedings. The mandatory electric reliability standards under Section 215 of the Federal Power Act are a major focus of Dan’s practice. He advises clients regarding compliance with reliability standards, and helps them participate in the development of new standards...

202-739-5834
Arjun Prasad Ramadevanahalli, Morgan Lewis Law firm, Environmental Attorney
Associate

Arjun Prasad Ramadevanahalli is an associate in Morgan Lewis's Energy Practice. Mr. Ramadevanahalli represents electric, natural gas, and other participants in the energy industry. 

202-739-5913