Responding to Cyber-Attacks in the Utility and Energy Sectors

Robinson+Cole Data Privacy + Security Insider

To assist utilities with assessing and responding to cyber risks, the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) recently issued a report on best practices to respond to and recover from cybersecurity incidents in the utility industry.

Like other industries, the utility industry is at high risk for cyber-attacks by bad actors or nation states. Following the cyber-attack against a pipeline earlier this year, [view related post], FERC and NERC issued the guidance based upon the National Institute of Standards and Technology (NIST) cybersecurity incident response lifecycle of preparation, detection and analysis, containment, eradication and recovery, and post-incident activity.

According to the report, an incident response plan should provide personnel responsible for incident response with well-defined roles, so they can respond quickly and effectively and include personnel with appropriate skills and support to respond, mitigate, contain and learn from a cyber incident. The guidance is helpful in outlining the elements of an Incident Response Plan and providing suggestions on how to develop and implement one, which is crucial for utilities to continue operating in the event of an attack.

In addition to attacks by bad actors and nation states, the utility and energy industries are also at risk for attacks through vendors. Therefore, in addition to developing and implementing an incident response plan, a vendor management plan can assist utilities and oil and gas companies to assess and manage the risk of a cyber-attack through vendors.

The Department of Energy’s Office of Energy Efficiency and Renewable Energy (EERE) recently announced a multi-year plan to accelerate cybersecurity research and development in the renewable energy, manufacturing, buildings and transportation sectors. According to EERE, “Cyber threats targeting EERE technologies present an immediate risk to the integrity and availability of energy infrastructure and other systems critical to the nation’s economy, security and well-being.”

These efforts are designed to assess and prevent cyber incidents against critical infrastructure and to respond and mitigate the effects of a cyber incident in these industries, which would have a serious and potentially devastating effect on the U.S. population.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.