Category Archives: Energy

Cyberattacks on the Energy Sector Continue to Rise

Cyberattacks on the energy sector have been rapidly growing since 2017, and we saw an all-time high of cyberattack events on the sector in 2022. The energy sector is particularly vulnerable due to these types of attacks due to the outdated and unsecured networks oftentimes used in the industry, as well as the increased use of distributed energy resources (“DER”), which creates more openings to attack and requires more resources to monitor and manage.… More

Physical and Cyber-Attacks on Energy Infrastructure Expected to Continue

Over the past several years, the energy sector has become a prime target for hacking and ransomware attacks, with over 40 attacks on the industry since 2017.  Cyber attacks have only continued to rise, with a record high of 13 reported attacks in one year occurring in 2022.

Physical Security Threats to U.S. Energy Infrastructure

A new type of threat against the energy sector crystallized at the end of 2022: physical attacks on the grid. … More

Cybersecurity 2022 – The Year in Preview: Continued Threats to Nation’s Energy Supply as Regulators Race to Keep Up

Continued Threats of Ransomware Attacks

As we reported in our 2021 Year in Preview series, we began 2021 anticipating that ransomware would be a serious threat to critical energy infrastructure.  These concerns were realized in May 2021 when the Colonial Pipeline Company’s (“Colonial”) entire 5,500-mile pipeline system carrying liquid fuels was shut down due to a ransomware attack by DarkSide, a hacking group that allegedly has loose ties to the Russian government.… More

Biden Issues Memorandum Aimed at Improving Cybersecurity

On July 28, 2021, President Biden issued a Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.  The Memo recognizes that the protection of the nation’s critical infrastructure lies not only with government, i.e., at the federal, state, local, tribal, and territorial levels, but with critical infrastructure owners and operators.  In addition, the Memo states that cybersecurity threats to critical infrastructure, and the systems that control and operate it,… More

Cybersecurity 2021 – The Year in Preview: Ransomware, the Latest Threat to the Nation’s Energy Supply

Editors’ Note:  This is the first in our fifth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year.  

The Growing Threat of Ransomware

According to media reports, ransomware attacks against the manufacturing industry have more than tripled compared with last year. This dramatic rise in cyberattacks poses serious concerns about the vulnerability of critical energy infrastructure serving the nation’s electric grid,… More

Cybersecurity and Infrastructure Security Agency Identifies Essential Critical Energy Infrastructure Workers During COVID-19 Response

On March 19, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued its Memorandum on Identification of Essential Critical Infrastructure Workers During COVID-19 Response (“Memo”).  The Memo identifies workers who conduct “a range of operations and services that are essential to continued critical infrastructure viability” and who support a wide-spectrum of industries such as medical and healthcare, telecommunications, information technology systems, defense, and energy.

As provided by the Homeland Security Act of 2002,… More

Experts Anticipate Iran’s Next Move Will Include Cyberattacks on U.S. Energy Infrastructure

Security experts nationwide warn that the United States should expect serious cyberattacks from Iran in the next few months. The anticipated attacks, retaliation for United States’ killing of Major General Qasem Soleimani, are likely to include as targets oil refineries and other energy infrastructure.  The specific targets, and whether the attacks will be state-sponsored and strategic or carried out by individuals or smaller groups, remain unknown.

One reason underlying the likelihood that Iran will ramp up its cyberattacks is that,… More

FERC and NERC Talk Grid Resilience and Cybersecurity

On March 22, 2019, Foley Hoag hosted the New England Electricity Restructuring Roundtable, organized by Raab Associates. The roundtable featured keynote addresses by Federal Energy Regulatory Commission (“FERC”) Commissioner Cheryl LaFleur—who recently announced she will be stepping down later this year—and North American Reliability Corporation (“NERC”) CEO and President James Robb. Both took turns addressing the most pressing issues in energy. … More

Debate over Cybersecurity Oversight for Gas Pipeline and Bulk Power Systems Continues

Earlier this month, Federal Energy Regulatory Commission (“FERC”) Chairman Neil Chaterjee testified before the U.S. Senate Committee on Energy and Natural Resources on issues related to cybersecurity in the energy industry.

In his testimony, Chaterjee seemed to soften at least his messaging, if not his position, calling for increased mandatory oversight of cybersecurity for gas pipelines.  In a joint letter written last June,… More

Cybersecurity 2019 — The Year in Preview: Security Threats to the Energy Grid

Editors’ Note:  This is the first in our third annual end-of-year series examining important trends in data privacy and cybersecurity during the coming year.  Up next:  comparing data protection regulations aimed at children under both COPPA and the GDPR.

While 2018 has been a year of unprecedented and escalating cyber-related threats generally, such has certainly been the case with respect to attacks on the nation’s domestic energy facilities.… More