Key Takeaways | Keeping the Lights On: Cyber Threat, Vulnerability and Oversight Considerations for the Energy Sector

By and on April 11, 2022

During the latest webinar in our Energy Transition series, Partners Carl Fleming and Scott Ferber hosted PWC Principals Brad Bauch, US Power and Utilities Cybersecurity & Privacy Leader, and Mark Ray, Cybersecurity & Privacy, to discuss the cyber threat landscape that the energy sector currently faces, the US government’s oversight of cybersecurity and key considerations for building a robust compliance program.

Below are key takeaways from the webinar:

1. The Cyber Threat Landscape. Threat actors are continually evolving in the tactics, techniques and procedures they are deploying against their targets, making it a daunting threat landscape. Where nation state threat actors are involved, the risk of compromise is heightened. Ransomware continues to be, by far, the most prevalent issue organizations are contending with across all sectors and geographies—followed by supply chain attacks and zero-day exploits. Amid Russia’s invasion of Ukraine and the punishing sanctions being imposed, along with Russia’s demonstrated willingness to use malign cyber means against an array of targets, the energy sector should be on high alert for cyberattacks.

2. US Government Engagement. The US government is using a carrot-and-stick approach with the private sector to encourage and, in some instances, require robust cybersecurity, as well as information sharing. Bottom line, the government is expecting more of the private sector (particularly the energy sector) when it comes to dealing with cybersecurity.

3. Building a Robust Compliance Program. There are unique considerations when building a robust compliance program that encompasses both Information Technology (IT) and Operations Technology (OT) systems. As a starting point, companies should consider:

  • Benchmarking against cybersecurity compliance programs at peer companies and similar industries
  • Creating processes that are enterprise-wide, with a control standards-based approach
  • Avoiding program siloing
  • Ensuring active monitoring and controlled access of IT and OT systems
  • Developing strong protections for legacy OT software that is operationally essential.

To access past webinars in the Energy Transition series and to begin receiving Energy updates, including invitations to the webinar series, please click here.

Carl J. Fleming
Carl J. Fleming is a transactional lawyer whose principle areas of practice are renewable energy and private equity. He leads transactions throughout the US and worldwide for a number of the renewable industry’s leading developers, global private equity funds and Fortune 500 companies. He provides legal, commercial and strategic advice on the development, purchase and sale and financing of renewable energy projects in wind, solar, energy storage, electric vehicles and other low carbon solutions. A partner in our Washington, DC office, he also advises on a number of energy and climate change policy issues. Read Carl Fleming's full bio.


Scott Ferber
Scott leverages his extensive experience as a former federal cybercrime prosecutor and in senior leadership at the US Department of Justice (DOJ) to advise clients across industries on the full range of privacy and security issues created by global data collection and usage. This includes responding to cyber incidents and managing complex privacy and cyber risk assessments. Scott often defends clients in regulatory investigations from the Federal Trade Commission (FTC), State Attorneys General and other federal, state and local regulators and criminal authorities. Read Scott Ferber's full bio.

STAY CONNECTED

TOPICS

ARCHIVES