Key Takeaways | Keeping the Lights On: Cyber Threat, Vulnerability and Oversight Considerations for the Energy Sector

Scott Ferber, Carl Fleming
McDermott Will & Emery
Contact
LinkedIn
Facebook
X
Send
Embed

McDermott Will & Emery

During the latest webinar in our Energy Transition series, Partners Carl Fleming and Scott Ferber hosted PWC Principals Brad Bauch, US Power and Utilities Cybersecurity & Privacy Leader, and Mark Ray, Cybersecurity & Privacy, to discuss the cyber threat landscape that the energy sector currently faces, the US government’s oversight of cybersecurity and key considerations for building a robust compliance program.

Below are key takeaways from the webinar:

1. The Cyber Threat Landscape. Threat actors are continually evolving in the tactics, techniques and procedures they are deploying against their targets, making it a daunting threat landscape. Where nation state threat actors are involved, the risk of compromise is heightened. Ransomware continues to be, by far, the most prevalent issue organizations are contending with across all sectors and geographies—followed by supply chain attacks and zero-day exploits. Amid Russia’s invasion of Ukraine and the punishing sanctions being imposed, along with Russia’s demonstrated willingness to use malign cyber means against an array of targets, the energy sector should be on high alert for cyberattacks.

2. US Government Engagement. The US government is using a carrot-and-stick approach with the private sector to encourage and, in some instances, require robust cybersecurity, as well as information sharing. Bottom line, the government is expecting more of the private sector (particularly the energy sector) when it comes to dealing with cybersecurity.

3. Building a Robust Compliance Program. There are unique considerations when building a robust compliance program that encompasses both Information Technology (IT) and Operations Technology (OT) systems. As a starting point, companies should consider:

  • Benchmarking against cybersecurity compliance programs at peer companies and similar industries
  • Creating processes that are enterprise-wide, with a control standards-based approach
  • Avoiding program siloing
  • Ensuring active monitoring and controlled access of IT and OT systems
  • Developing strong protections for legacy OT software that is operationally essential.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McDermott Will & Emery | Attorney Advertising

Written by:

McDermott Will & Emery
McDermott Will & Emery
Contact
more
less

McDermott Will & Emery on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide