January 21, 2021

Volume XI, Number 21

Advertisement

January 20, 2021

Subscribe to Latest Legal News and Analysis

January 19, 2021

Subscribe to Latest Legal News and Analysis

Responding to Cyber-Attacks in the Utility and Energy Sectors

To assist utilities with assessing and responding to cyber risks, the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) recently issued a report on best practices to respond to and recover from cybersecurity incidents in the utility industry.

Like other industries, the utility industry is at high risk for cyber-attacks by bad actors or nation states. Following the cyber-attack against a pipeline earlier this year, [view related post], FERC and NERC issued the guidance based upon the National Institute of Standards and Technology (NIST) cybersecurity incident response lifecycle of preparation, detection and analysis, containment, eradication and recovery, and post-incident activity.

According to the report, an incident response plan should provide personnel responsible for incident response with well-defined roles, so they can respond quickly and effectively and include personnel with appropriate skills and support to respond, mitigate, contain and learn from a cyber incident. The guidance is helpful in outlining the elements of an Incident Response Plan and providing suggestions on how to develop and implement one, which is crucial for utilities to continue operating in the event of an attack.

In addition to attacks by bad actors and nation states, the utility and energy industries are also at risk for attacks through vendors. Therefore, in addition to developing and implementing an incident response plan, a vendor management plan can assist utilities and oil and gas companies to assess and manage the risk of a cyber-attack through vendors.

The Department of Energy’s Office of Energy Efficiency and Renewable Energy (EERE) recently announced a multi-year plan to accelerate cybersecurity research and development in the renewable energy, manufacturing, buildings and transportation sectors. According to EERE, “Cyber threats targeting EERE technologies present an immediate risk to the integrity and availability of energy infrastructure and other systems critical to the nation’s economy, security and well-being.”

These efforts are designed to assess and prevent cyber incidents against critical infrastructure and to respond and mitigate the effects of a cyber incident in these industries, which would have a serious and potentially devastating effect on the U.S. population.

 

Advertisement
Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume X, Number 330
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement