Incentivizing public utilities to enhance cybersecurity: FERC’s proposed regulation

Data Protection Report

Because technology changes faster than regulatory standards, in 2020, FERC staff “reasoned that an incentive-based framework would allow a public utility to tailor its request for incentives to the potential challenges it faces and take responsive action.

FERC, NERC joint report on cyber incident response at electric utilities

Security Affairs

The US FERC and NERC published a study on cyber incident response at electric utilities that also includes recovery best practices. electric utilities. A cyber attack could have a severe impact on the operations of the utilities and consequent economical losses.


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cybersecurity in utilities: Critical questions for securing distributed energy resources (DERs)


Cybersecurity in utilities: Critical questions for securing distributed energy resources (DERs). The energy transition is driving a shift toward the increasing use of distributed energy resources (DERs). DERs are smaller power-generation resources, usually located on the consumer side, that provide energy where it is needed. From a cybersecurity perspective, DERs pose new and unique challenges for utilities.

TSA Issues Directive to Enhance Pipeline Cybersecurity

Data Matters

Department of Homeland Security’s Transportation Security Administration (“TSA”) issued a Security Directive , “Enhancing Pipeline Cybersecurity” on May 28, laying out new cybersecurity requirements for operators of liquids and natural gas pipelines and LNG facilities designated as critical infrastructure. Coordinators are also responsible for working with law enforcement and emergency response agencies and organizing facilities’ internal cybersecurity practices. The U.S.

NERC $10,000,000 Fine of Public Utility Highlights the Need for Cybersecurity Preparedness and CIP Compliance Programs

Data Matters

On January 25, 2019, the North American Electric Reliability Corporation (“NERC”) asked the Federal Energy Regulatory Commission (“FERC”) to approve a settlement issuing a record $10 million fine against an unidentified utility resulting from violations of critical infrastructure protection standards (“CIP”) occurring mostly between 2015 and 2018 (referred to hereafter as the “Settlement Agreement”). Cybersecurity Energy Enforcement Information Security National Security

Data Encryption Shields the Energy Sector Against Emerging Threats

Thales Cloud Protection & Licensing

Data Encryption Shields the Energy Sector Against Emerging Threats. The energy sector is part of the critical national infrastructure (CNI), and delivers services that are essential for modern life. Energy services companies are a lucrative target for adversaries.

The State of Blockchain Applications in Cybersecurity

eSecurity Planet

We’ll look at what blockchain technology is, how its development relates to cybersecurity, and the state of blockchain-based security solutions. For advantages, private blockchains are more scalable and energy-efficient with suggested use cases of banking and supply chain management.

Lessons for In-House Counsel from Cybersecurity’s Front Lines

HL Chronicle of Data Protection

Recent developments reinforce the urgent need for general counsel and legal departments to deepen their focus on cybersecurity. Lessons for In-House Counsel from Cybersecurity’s Front Lines was written by members of the Hogan Lovells Privacy and Cybersecurity practice Peter M. In today’s environment, any organization can be the target of a cyberattack, regardless of industry, size, or geographic footprint.

Cybersecurity Risks of 5G – And How to Control Them

eSecurity Planet

Table of Contents What Are the Cybersecurity Risks of 5G? What Are the Cybersecurity Risks of 5G? In a year where cybersecurity’s gotten its share of major media attention, the U.S. 5G is on the cusp of widespread adoption.

'Cyber blindspot' threatens energy companies spending too little

Information Management Resources

Amid rising threats, utilities are now spending less than 0.2 percent of their revenue on cybersecurity, at least a third less than financial institutions. Cyber security Data security Cyber attacks

Department of Energy Announces New Efforts in Energy Sector Cybersecurity

Hunton Privacy

On May 14, 2018, the Department of Energy (“DOE”) Office of Electricity Delivery & Energy Reliability released its Multiyear Plan for Energy Sector Cybersecurity (the “Plan”). The Plan is significantly guided by DOE’s 2006 Roadmap to Secure Control Systems in the Energy Sector and 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity. Multiyear Plan for Energy Sector Cybersecurity. energy sector.

NIST Updates Cybersecurity Framework

Data Matters

On April 17, the National Institute for Standards and Technology (NIST) released an updated version of its standard-setting Cybersecurity Framework. Commerce Secretary Wilbur Ross announced the new release with a statement saying the “Cybersecurity Framework should be every company’s first line of defense” and “adopting version 1.1 For example, the revised introduction notes that “similar to financial and reputational risks, cybersecurity risk affects a company’s bottom line.

Breach Reveal: PG&E Exposed 30,000 Sensitive Records

Data Breach Today

Previously Unnamed Utility Reached Record $2.7 energy company that agreed to a record $2.7 million settlement after it left 30,000 records about its information security assets exposed online for 70 days in violation of energy sector cybersecurity regulations has been named as California utility PG&E Million Settlement Agreement A previously unnamed U.S.

Tiao Discusses Utilities’ Concerns in Sharing Information with the Government

Hunton Privacy

Tiao was featured on Platts Energy Week discussing the importance of the homeland security partnership between electric utility companies and the U.S. Utilities Wary of Sharing Grid Risks,” Tiao talked about the recent leak to The Wall Street Journal of a sensitive internal memo at the Federal Energy Regulatory Commission that revealed potential vulnerabilities in the electricity grid. View the Platts Energy Week feature with Paul Tiao.

FBI confirmed that Darkside ransomware gang hit Colonial Pipeline

Security Affairs

Colonial Pipeline is not the first organization in the oil and energy industry targeted by the Darkside ransomware gang, in February the group the Brazilian state-owned electric utility company Copel. The U.S.

Security Affairs newsletter Round 344

Security Affairs

Breaking News Cybersecurity cybersecurity news Hacking hacking news information security news Pierluigi Paganini Security Affairs Security NewsA new round of the weekly Security Affairs newsletter arrived!

NHTSA Releases New Automobile Cybersecurity Best Practices

Hunton Privacy

The National Highway Safety Administration (“NHTSA”) recently issued non-binding guidance that outlines best practices for automobile manufacturers to address automobile cybersecurity. The guidance, entitled Cybersecurity Best Practices for Modern Vehicles (the “Cybersecurity Guidance”), was recently previewed in correspondence with the House of Representatives’ Committee on Energy and Commerce (“Energy and Commerce Committee”).

Webinar on the SAFETY Act and Cybersecurity: Protecting Your Reputation and Reducing Liability Risk

Hunton Privacy

In 2002, Congress enacted the Supporting Anti-Terrorism by Fostering Effective Technologies Act (“the SAFETY Act”) to limit the liabilities that energy, financial, manufacturing and other critical infrastructure companies face in the event of a serious cyber or physical security attack. Hunton Andrews Kurth LLP recently represented an electric utility in obtaining a first-of-its-kind enterprise-wide SAFETY Act Certification for its cybersecurity risk management program.

NHTSA Set to Release New Automobile Cybersecurity Best Practices

Hunton Privacy

On October 14, 2016, the National Highway Transportation Administration (“NHTSA”) indicated in a letter to Congress that it intends to issue new best practices on vehicle cybersecurity. This letter came in response to an earlier request from the House Committee on Energy and Commerce (“Energy and Commerce Committee”) that NHTSA convene an industry-wide effort to develop a plan to address vulnerabilities posed to vehicles by On-Board Diagnostics (“OBD-II”) ports.

China’s Cybersecurity Law Undergoes Third Reading

Hunton Privacy

On October 31, 2016, the Standing Committee of the National People’s Congress of China held a third reading of the draft Cybersecurity Law (the “third draft”). As we previously reported , the second draft of the Cybersecurity Law was published for comment in June. The National People’s Congress has not yet published the full text of the third draft of the Cybersecurity Law.

Final Cybersecurity Law Enacted in China

Hunton Privacy

On November 7, 2016, the Standing Committee of the National People’s Congress of China enacted the final Cybersecurity Law after it held its third reading of the draft Cybersecurity Law on October 31, 2016. The first draft of the Cybersecurity Law was published for comment more than a year ago, followed by the second draft in July this year. The final Cybersecurity Law will apply from June 1, 2017.

Updates on Federal Cybersecurity Legislation

Hunton Privacy

The United States Congress is currently considering several bills addressing cybersecurity issues. This bill would amend the Federal Power Act to grant the Federal Energy Regulatory Commission (“FERC”) authority to issue emergency orders requiring critical infrastructure facility operators to take actions necessary to protect the bulk power system. The GRID Act is being considered by the Senate Committee on Energy and Natural Resources at this time.

Why Russian APT Fancy Bear hacked the Ukrainian energy firm Burisma?

Security Affairs

Russia-linked cyber-espionage group hacked the Ukrainian energy company Burisma at the center of the impeachment trial of US President Donald Trump. The attack was detailed by California-based cybersecurity firm Area 1 Security in a report.

Recent Federal Government Activity on Cybersecurity

Hunton Privacy

The absence of congressional action on cybersecurity legislation has spurred efforts by various entities to exert influence over cybersecurity policy. Cybersecurity has been one of the highest-profile topics in Washington this year. Yet, despite considering multiple cybersecurity bills, Congress left Washington for the upcoming elections without passing legislation. Cybersecurity already presents difficult legal and compliance issues. Cybersecurity U.S.

Draft Cybersecurity Law Published for Comment in China

Hunton Privacy

On July 6, 2015, the Standing Committee of the National People’s Congress of the People’s Republic of China published a draft of the country’s proposed Network Security Law (the “Draft Cybersecurity Law”). A public comment period on the Draft Cybersecurity Law is now open until August 5, 2015. At this point, the Draft Cybersecurity Law has not yet been finalized. The Draft Cybersecurity Law also includes a provision that pushes China towards a policy of data localization.

Hackers Target Oil Producers During COVID-19 Slump

Security Affairs

Data from Barracuda cybersecurity researchers identified a 667% increase in spear-phishing attacks between the end of February and the following month. Real-Life Examples of Spear-Phishing Attacks in the Energy Production Sector. The Energy Industry Must Remain Vigilant.

FERC Proposes to Accept Updated CIP Standards and Calls for New Cybersecurity Controls

Hunton Privacy

On July 16, 2015, the Federal Energy Regulatory Commission (“FERC”) issued a new Notice of Proposed Rulemaking (“NOPR”) addressing the critical infrastructure protection (“CIP”) reliability standards. The NOPR proposes to accept with limited modifications seven updated CIP cybersecurity standards. Utilities that violate them are potentially subject to substantial financial penalties. Cybersecurity Enforcement FERC National Institute of Standards and Technology

DHS and FBI – Hackers Are Targeting US Nuclear, Energy, and Manufacturing Facilities

Privacy and Cybersecurity Law

According to a new joint report issued by the US Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), hackers have been penetrating the computer networks of companies that operate nuclear power stations, energy facilities, and manufacturing plants in the US since May 2017. On May 11, as the attacks were ongoing, President Trump signed an executive order to strengthen the cybersecurity of federal networks and critical infrastructure.

UK NIS Regulations impose new cybersecurity obligations (and a new penalties regime) on operators of essential services and digital service providers in the UK

Data Protection Report

However, the NIS Regulations represent a significant change in the legal environment relating to cybersecurity in the UK. Under the NIS Regulations, entities meeting certain threshold conditions in the energy, transport, healthcare, utilities and digital infrastructure sectors will be considered to be operators of essential services. Compliance and risk management Regulatory response cyber cybersecurity data protection NIS Security UK

FERC Adopts Supply Chain Risk Management Reliability Standards

Hunton Privacy

At its October monthly meeting, the Federal Energy Regulatory Commission (the “Commission”) adopted new reliability standards addressing cybersecurity risks associated with the global supply chain for Bulk Electric System (“BES”) Cyber Systems. The new standards expand the scope of the mandatory and enforceable cybersecurity standards applicable to the electric utility sector. Cybersecurity Adequacy Compliance FERC

FERC Approves NERC’s Supply Chain Risk Management Reliability Standards and Directs NERC to Expand Their Scope

Data Matters

A string of Governmental announcements have increasingly sounded the alarm about the growing cybersecurity threat facing the energy sector. Among other things, these reports have announced that state-sponsored cyber actors have successfully gained access to the control rooms of utilities. Against this backdrop, it is unsurprising that energy regulators have increasingly focused their attention on cybersecurity issues.

UK, US agencies warn of large-scale brute-force attacks carried out by Russian APT

Security Affairs

US and UK cybersecurity agencies said the Russia-linked APT28 group is behind a series of large-scale brute-force attacks. US and UK cybersecurity agencies published a joint alert about a series of large-scale brute-force conducted by the Russia-linked APT28 group.

What the Blockchain Taught Us about IT Security

Security Affairs

It is not just about security, but in utilizing Blockchain to secure your company and your information. But it is not just about security, but in utilizing Blockchains to secure your company and your information. Energy Efficiency. Energy efficiency tries to reduce the amount of energy needed in order to create and maintain blockchains by operating on a recycled or proof-of-work energy cycle. Securi ty Affairs – blockchain, cybersecurity).

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

This escalation of reconnaissance is being closely monitored by the global cybersecurity and intelligence communities. Here are a few key things everyone should understand about the cybersecurity ramifications spinning out of the Soleimani assassination.

Protecting America’s Critical Infrastructure

Thales Cloud Protection & Licensing

From taking a shower, to brewing your coffee, and watching the news, your morning routine is fueled by the energy sector. But the energy sector also underpins our emergency and response systems, our hospitals and healthcare, our schools, our businesses, and virtually everything we do as a society. Unfortunately, the energy sector is of great interest to cyber attackers today. It’s even possible that the attackers didn’t even know they were targeting a power utility.

DOE and DHS Assess U.S. Readiness to Manage Potential Cyber Attacks

Hunton Privacy

Department of Energy (“DOE”) and the U.S. electrical utilities has been observed, the assessment references a December 2015 cyber attack on three Ukrainian electricity distribution companies. Cybersecurity Department of Homeland Security United StatesOn May 30, 2018, the federal government released a report that identifies gaps in assets and capabilities required to manage the consequences of a cyber attack on the U.S. electric grid. The assessment is a result of the U.S.

Leak of Grid Vulnerabilities Creates National Security Risks

Hunton Privacy

The recent leak of an internal memo to the former Chair of the Federal Energy Regulatory Commission, which was widely reported by national news media, has created a national security setback for the United States. In an article published in Intelligent Utility Update , Hunton & Williams partner Paul M. Tiao discusses the effects of the leak on national security and on the relationship between the energy industry and the government.

Congratulations to Sidley’s Newest Partners!

Data Matters

Kate is a member of the firm’s Privacy and Cybersecurity, Healthcare, and Commercial Litigation groups. Congratulations to our 30 colleagues, including Kate Heinzelman and Tomoki Ishiara , for their election to the Sidley Austin partnership , effective January 1, 2020.

China Publishes Draft Regulations on Protecting the Security of Key Information Infrastructure

Hunton Privacy

The Cybersecurity Law of China establishes a new category of information infrastructure, called “key [or critical] information infrastructure,” and imposes certain cybersecurity obligations on enterprises that operate such infrastructure. They may conduct this inspection and evaluation on their own behalf, or engage third-party cybersecurity service providers. Cybersecurity Information Security International China Cross-Border Data FlowThis post has been updated. .

DHS CISA warns of Critical issues in Medtronic Medical equipment

Security Affairs

The US DHS Cybersecurity & Infrastructure Security Agency (CISA) issued a security advisory to warn of three recently patched flaws in Medtronic Valleylab products that could be exploited to install a non-root shell. Another vulnerability is related to the use of a vulnerable version of the rssh utility in these products to facilitate file uploads. and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0