On Demand Audio

Cybersecurity & The Energy Sector: Managing Escalating Risks

(364 reviews)

Produced on June 07, 2018

$ 89 Oil, Gas, & Energy and Privacy & Cybersecurity In Stock
Get started now

$299 / year - Access to this Course and 1,500+ Lawline courses


Course Information

Time 1h
Difficulty Advanced
Topics covered in this course: Oil, Gas, & Energy Privacy & Cybersecurity

Course Description

We have continued to see a rise in attempted attacks on energy infrastructure using malicious software and other cyber weapons. Recent examples include the May 2017 Wannacry cyberattack that affected companies and governments worldwide, which was followed closely in June 2017 by Petya (which hobbled online controls and critical systems at Chernobyl), and significant havoc caused by “NotPetya” in January 2018. Adding fuel to the fire, the proliferation of ransomware has further incentivized would-be cybercriminals by introducing the potential for financial gains.

As the energy sector grapples with how to protect itself against evolving threats, what do companies need to know about their legal obligations and potential liability? The increasing probability that an attack will result in devastating consequences has raised the profile of cyberinsurance as a necessary component of security risk management, but what else should businesses be doing? In this presentation, BakerHostetler Partner Melinda McLellan and Associate Sara Goldstein will provide information, analysis, and insights to help energy sector entities understand and navigate the risks and legal responsibilities associated with identifying and protecting against cyber threats.  

Learning Objectives:

  1. Examine the latest cyberattacks on facilities and systems around the world and contrast these with previous incidents in terms of scope and complexity
  2. Review the evolving threat landscape, including new lines of attack, the role of ransomware, and vulnerabilities in aging infrastructure
  3. Analyze Trump’s May 2017 Executive Order on strengthening cybersecurity protections for critical infrastructure, and review proposed federal legislation on these issues
  4. Assess the costs of cyber attack fallout, from physical damage to assets and intellectual property losses to legal fees and remediation expenses
  5. Identify the steps organizations in the energy industry can take to better manage these cybersecurity risks and mitigate the impact of a cyberattack

Credit Information

After completing this course, Lawline will report your attendance information to {{ accredMasterState.state.name }}. Please ensure your license number is filled out in your profile to ensure timely reporting. For more information, see our {{ accredMasterState.state.name }} CLE Requirements page . After completing this course, {{ accredMasterState.state.name }} attorneys self-report their attendance and CLE compliance. For more information on how to report your CLE courses, see our {{ accredMasterState.state.name }} CLE Requirements FAQ .


Melinda L. McLellan


Melinda McLellan is a seasoned privacy and cybersecurity law advisor whose practice focuses on the regulation of emerging technologies, compliance with evolving U.S. state and federal privacy legislation, and cross-border data protection matters. As co-leader of the firm’s EU General Data Protection Regulation (GDPR) initiative, Melinda works with multinational clients to identify, evaluate, and manage the myriad of compliance obligations associated with corporate privacy and information security practices. Her broader practice includes advising on a wide variety of privacy and data security issues, including the use of biometrics, securing the Internet of Things, implementation of blockchain technologies, cybersecurity threats to the financial services and energy sectors, autonomous vehicles, genetic privacy, artificial intelligence, Big Data, information security incident response, and negotiating complex tech transactions.

Select Experience:

  • Advises on compliance with international data transfer restrictions and data localization requirements, including through the implementation of cross-border transfer mechanisms such as the EU-U.S. Privacy Shield framework, standard contractual clauses, intercompany agreements, and binding corporate rules.
  • Developed and implemented EU General Data Protection Regulation (GDPR) compliance programs for numerous U.S. and international organizations, including GDPR applicability analysis, data mapping, data transfer mechanisms, consent mechanisms, “right to be forgotten,” data security assessments, breach response programs, selection of Data Protection Officers, and employee training.
  • Advises companies on new requirements under the California Consumer Privacy Act (CCPA), including by developing broad-based compliance strategies to address other pending state and federal privacy legislation.
  • Counsels clients on regulatory compliance strategies and best practices for private-sector use of cloud computing solutions, biometric authentication, facial recognition technology, geolocation tracking systems, mobile applications, behavioral marketing tools, social media platforms, data analytics services, and other emerging technologies. 
  • Manages complex technology transactions on both the vendor side and the customer side, drafting and negotiating multiparty contracts and outsourcing agreements from the RFP through follow-up compliance assessments.
  • Counsels clients on the development and implementation of enterprise-wide privacy and information security programs, including by creating employee privacy training modules and drafting company codes of conduct, policies, standards, procedures, and guidelines related to the protection of personal data.

Sara Goldstein


Sara Goldstein focuses her practice on legal issues related to privacy and data protection. As the former vice president and general counsel of a large provider of release of information and disclosure management services, Sara was responsible for overseeing all of the company’s legal and compliance-related matters. This experience gives her a depth of knowledge regarding her clients’ needs, bringing a business-oriented perspective to her practice and allowing her to provide legal guidance that is realistic and practical for her clients. 

Sara has authored a variety of industry-related articles in publications such as the Journal of the American Health Information Management Association(AHIMA), The Group Practice JournalCompliance Today and RACMonitor.com. She has been invited to speak to organizations across the country about release of information, compliance with federal and state medical privacy laws, and breach prevention. She is also an adjunct professor of law at Drexel University, where she teaches a course on HIPAA and patient privacy.


Daniel D.

very interesting stories from the field. thank you

Patricia W.

One of the most interesting, well-presented courses I've seen.

Daniel C.

Good presentation. Good practice tips.

John A. M.

Excellent, well-organized presentation on a topic of great national importance. Highly recommend.

Glen B.

Masters of the subject matter!! Thanks so much.

Steven O.


Suzanne V.

Excellent course--one of the best offered. The information covered is highly relevant for all. The conversational interaction between the presenters created a dynamic and interesting learning environment. I highly recommend this course.

Lois S.

Excellent program.

Harrison S.

Very knowledgeable presenters!

Michele K.

thank you

Al W.

Excellent presentation

Victoria L. B.

Great presentation very interesting and informative.


Excellent and clear presentation

Joshua W.

Informative and interesting presentation.

Carl F.

Excellent follow up to previous presentation

Paul S.

Excellent presentation.

Marian W.

This program was excellent. Very interesting examples and suggestions.

Frank K.

Alarming topic

Stacey H.

Really well done!

Katie H.

A plus.

Load More