Over the past several years, the energy sector has become a prime target for hacking and ransomware attacks, with over 40 attacks on the industry since 2017. Cyber attacks have only continued to rise, with a record high of 13 reported attacks in one year occurring in 2022.
Physical Security Threats to U.S. Energy Infrastructure
A new type of threat against the energy sector crystallized at the end of 2022: physical attacks on the grid. … More
Continued Threats of Ransomware Attacks
As we reported in our 2021 Year in Preview series, we began 2021 anticipating that ransomware would be a serious threat to critical energy infrastructure. These concerns were realized in May 2021 when the Colonial Pipeline Company’s (“Colonial”) entire 5,500-mile pipeline system carrying liquid fuels was shut down due to a ransomware attack by DarkSide, a hacking group that allegedly has loose ties to the Russian government.… More
On July 28, 2021, President Biden issued a Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. The Memo recognizes that the protection of the nation’s critical infrastructure lies not only with government, i.e., at the federal, state, local, tribal, and territorial levels, but with critical infrastructure owners and operators. In addition, the Memo states that cybersecurity threats to critical infrastructure, and the systems that control and operate it,… More
Editors’ Note: This is the first in our fifth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year.
The Growing Threat of Ransomware
According to media reports, ransomware attacks against the manufacturing industry have more than tripled compared with last year. This dramatic rise in cyberattacks poses serious concerns about the vulnerability of critical energy infrastructure serving the nation’s electric grid,… More
On March 19, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued its Memorandum on Identification of Essential Critical Infrastructure Workers During COVID-19 Response (“Memo”). The Memo identifies workers who conduct “a range of operations and services that are essential to continued critical infrastructure viability” and who support a wide-spectrum of industries such as medical and healthcare, telecommunications, information technology systems, defense, and energy.
As provided by the Homeland Security Act of 2002,… More
Security experts nationwide warn that the United States should expect serious cyberattacks from Iran in the next few months. The anticipated attacks, retaliation for United States’ killing of Major General Qasem Soleimani, are likely to include as targets oil refineries and other energy infrastructure. The specific targets, and whether the attacks will be state-sponsored and strategic or carried out by individuals or smaller groups, remain unknown.
One reason underlying the likelihood that Iran will ramp up its cyberattacks is that,… More
Editors’ Note: This is the second in our fourth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year. Our previous entry discussed the CCPA. Up next: a look at the effect of Brexit on the GDPR.
The electric power grid is subject to escalating threats of attack by foreign adversaries and individual bad actors. … More
On March 22, 2019, Foley Hoag hosted the New England Electricity Restructuring Roundtable, organized by Raab Associates. The roundtable featured keynote addresses by Federal Energy Regulatory Commission (“FERC”) Commissioner Cheryl LaFleur—who recently announced she will be stepping down later this year—and North American Reliability Corporation (“NERC”) CEO and President James Robb. Both took turns addressing the most pressing issues in energy. … More
Earlier this month, Federal Energy Regulatory Commission (“FERC”) Chairman Neil Chaterjee testified before the U.S. Senate Committee on Energy and Natural Resources on issues related to cybersecurity in the energy industry.
In his testimony, Chaterjee seemed to soften at least his messaging, if not his position, calling for increased mandatory oversight of cybersecurity for gas pipelines. In a joint letter written last June,… More
Editors’ Note: This is the first in our third annual end-of-year series examining important trends in data privacy and cybersecurity during the coming year. Up next: comparing data protection regulations aimed at children under both COPPA and the GDPR.
While 2018 has been a year of unprecedented and escalating cyber-related threats generally, such has certainly been the case with respect to attacks on the nation’s domestic energy facilities.… More