Entities in the energy industry are subject to a vast amount of reporting regulations. Earlier this year, the Securities and Exchange Commission (SEC) finalized rules regarding the disclosure of cybersecurity attacks, adding...more
The energy industry faces unique challenges when it comes to cybersecurity and working with vendors on digital transformation projects. Energy is one of the “critical infrastructure sectors” identified in Presidential Policy...more
Protecting critical infrastructure has become a national security priority. On March 2, 2023, the Biden administration released the National Cybersecurity Strategy, a far-reaching document that sets forth its vision for the...more
In May 2023, the Automotive & Mobility Industry Group at Morgan Lewis was invited to the State of Michigan by leaders of the Office of Future Mobility and Electrification for a series of meetings that provided unparalleled...more
On March 2, the White House issued the National Cybersecurity Strategy (the Strategy), a broad vision to reinvigorate the federal government’s approach to cybersecurity and address a wide spectrum of long-term challenges. The...more
As cyberattack threats rise around the globe, malicious actors are increasingly setting their sights on exploiting critical infrastructure. The Transportation Security Administration (TSA), tasked with safeguarding land-based...more
The Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information (RFI) on the new cyber incident reporting requirements for critical infrastructure owners as required by the Cyber Incident...more
Cybersecurity threats to critical infrastructure systems are nothing new. But events over the last few years have been notable due to the seemingly increased frequency of successful attacks and the way those attacks have been...more
Virginia became the second state in the United States, after California, to pass a comprehensive data privacy law when the Virginia Consumer Data Protection Act (CDPA) passed both houses of the state legislature in February...more
6/15/2021
/ CDPA ,
Compliance Management Systems ,
Consumer Privacy Rights ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Management ,
Data Privacy ,
Data Protection ,
Electricity ,
New Legislation ,
Opt-Outs ,
Personal Data ,
Virginia
As has been reported, a recent ransomware attack has caused an interstate pipeline and fuel supplier to much of the eastern United States to shut down its operations. Although the attack did not compromise operational...more
5/13/2021
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
National Security ,
Oil & Gas ,
Pipelines ,
Popular ,
Ransomware ,
Supply Chain
At its December open meeting, FERC proposed to establish rules for incentive-based rate treatments for voluntary cybersecurity investments by a public utility. If approved, the regulations would provide incentives for...more
Following significant pushback from the regulated community, FERC and NERC Staff jointly announced in a new white paper that filings and other submissions to FERC describing violations of cybersecurity reliability standards...more
At its June 18 open meeting, FERC issued a notice of inquiry seeking public input on cybersecurity-related enhancements to the Critical Infrastructure Protection (CIP) reliability standards. In light of the constantly...more
In an order issued on April 17, the Federal Energy Regulatory Commission (FERC) agreed to defer implementation of certain cybersecurity and operational reliability standards administered by the North American Electric...more
A cyberattack on a single gas compression facility resulted in the shutdown of a natural gas pipeline for two days, according to a recent alert from the US Department of Homeland Security’s Cybersecurity and Infrastructure...more
2/26/2020
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Department of Homeland Security (DHS) ,
Emergency Response ,
Hackers ,
Information Technology ,
National Security ,
Natural Gas ,
Oil & Gas ,
Pipelines ,
Popular ,
Ransomware ,
Risk Management ,
Supply Chain ,
Threat Management
Autonomous cars, sports betting, and CBD products have burst onto the scene, setting the stage for major developments in how companies do business and how regulators monitor new innovations....more
2/10/2020
/ Affordable Care Act ,
Appropriations Bill ,
Automotive Industry ,
Big Data ,
Bioengineering ,
Cannabidiol (CBD) oil ,
Cannabis Products ,
CFIUS ,
Covered Transactions ,
Critical Infrastructure Sectors ,
Cross-Border Transactions ,
Cyber Attacks ,
Cybersecurity ,
Decriminalization of Marijuana ,
Final Rules ,
FIRRMA ,
Food and Drug Administration (FDA) ,
Food Labeling ,
Food Safety ,
Food Supply ,
Foreign Investment ,
Health Insurance ,
Healthcare Reform ,
Intellectual Property Protection ,
Legislative Agendas ,
Marijuana ,
Medicaid ,
Medical Foods ,
National Security ,
Oil & Gas ,
Pipelines ,
Plant Based Products ,
Recreational Use ,
Retail Market ,
Sports Betting ,
Sports Gambling ,
Standard Essential Patents ,
Taxation ,
USDA
At its open meeting on November 21, FERC announced organizational changes to enhance the agency’s focus on cybersecurity threats and challenges to electric infrastructure. Commission staff unveiled five “focus areas” related...more
FERC Staff issued an October 4 report on Commission-led critical infrastructure protection (CIP) reliability audits completed during fiscal year 2019. The report provides lessons learned and identifies voluntary practices...more
FERC recently approved proposed Reliability Standard CIP-008-6, which expands the mandatory reporting requirements for Cyber Security Incidents that attempt to compromise the operation of the bulk power system. Under the new...more
The supply chain risks facing electric utilities have long been a concern for industry stakeholders and regulators alike. Reflecting those concerns, NERC submitted a report on May 28 to FERC recommending the expansion of...more
The proposal would adopt NERC standards on accelerated deadlines and expand the scope of covered assets subject to supply chain risk management. If adopted, these standards could significantly alter the electric utility...more
Amendments to Federal Power Act grant the DOE authority to order emergency protective actions by utilities, provide greater protections for Critical Energy Infrastructure Information, and exempt utilities from environmental...more