At its October monthly meeting, the Federal Energy Regulatory Commission adopted new reliability standards addressing cybersecurity risks associated with the global supply chain for Bulk Electric System Cyber Systems. The new standards expand the scope of the mandatory and enforceable cybersecurity standards applicable to the electric utility sector.
Continue Reading FERC Adopts Supply Chain Risk Management Reliability Standards

Recent press reports indicate that a cyber attack disabled the third-party platform used by oil and gas pipeline company Energy Transfer Partners to exchange documents with other customers. This incident and others raise questions about cybersecurity across the U.S. pipeline network.
Continue Reading Attacks Targeting Oil and Gas Sector Renew Questions About Cybersecurity

The U.S. Department of Justice has unsealed an indictment accusing nine Iranian nationals of engaging in a “massive and brazen cyber assault” against at least 176 universities, 47 private companies and 7 government agencies and non-governmental organizations, including the Federal Energy Regulatory Commission.
Continue Reading DOJ Accuses Iranian Nationals of “Brazen Cyber Assault” on Universities and Government Agencies

On January 18, 2018, the Federal Energy Regulatory Commission issued a Notice of Proposed Rulemaking that proposes the adoption of new mandatory Reliability Standards designed to mitigate cybersecurity risk in the supply chain for electric grid-related cyber systems.
Continue Reading FERC Proposes to Adopt Reliability Standards Designed to Mitigate Cybersecurity Risk

On January 19, 2017, the North American Electric Reliability Corporation released a draft Reliability Standard CIP-013-1 – Cyber Security – Supply Chain Risk Management which addresses “supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations.”
Continue Reading NERC Releases Draft Standard for Cybersecurity Supply Chain Risk Management

Last month, the Federal Energy Regulatory Commission published its final Regulations Implementing FAST Act Section 61003-Critical Electric Infrastructure Security and Amending Critical Energy Infrastructure Information. The CEII Regulations are intended to implement new authority granted to FERC by the Fixing America’s Surface Transportation Act, which became law in December 2015.
Continue Reading Federal Energy Regulatory Commission Publishes Final CEII Regulations

The absence of congressional action on cybersecurity legislation has spurred efforts by various entities to exert influence over cybersecurity policy. This blog post contains a client alert that focuses on a number of those efforts, including the Federal Energy Regulatory Commission’s creation of a new cybersecurity office and the North American Electric Reliability Corporation’s action on cybersecurity Critical Infrastructure Protection standards.
Continue Reading Recent Federal Government Activity on Cybersecurity

On May 12, 2011, the Obama administration announced a comprehensive cybersecurity legislative proposal that would affect many government and private-sector owners and operators of cyber systems across multiple industries. This blog post provides analysis of the key issues outlined in the proposal.

Continue Reading White House Proposes Cybersecurity Legislation