Cybersecurity & The Energy Sector: Managing Escalating Risks

(198 Ratings)

Produced on: June 07, 2018

Course Format On Demand Audio

Taught by


Course Description

Time 60 minutes
Difficulty Advanced

We have continued to see a rise in attempted attacks on energy infrastructure using malicious software and other cyber weapons. Recent examples include the May 2017 Wannacry cyberattack that affected companies and governments worldwide, which was followed closely in June 2017 by Petya (which hobbled online controls and critical systems at Chernobyl), and significant havoc caused by “NotPetya” in January 2018. Adding fuel to the fire, the proliferation of ransomware has further incentivized would-be cybercriminals by introducing the potential for financial gains.

As the energy sector grapples with how to protect itself against evolving threats, what do companies need to know about their legal obligations and potential liability? The increasing probability that an attack will result in devastating consequences has raised the profile of cyberinsurance as a necessary component of security risk management, but what else should businesses be doing? In this presentation, BakerHostetler Partner Melinda McLellan and Associate Sara Goldstein will provide information, analysis, and insights to help energy sector entities understand and navigate the risks and legal responsibilities associated with identifying and protecting against cyber threats.  

Learning Objectives:

  1. Examine the latest cyberattacks on facilities and systems around the world and contrast these with previous incidents in terms of scope and complexity
  2. Review the evolving threat landscape, including new lines of attack, the role of ransomware, and vulnerabilities in aging infrastructure
  3. Analyze Trump’s May 2017 Executive Order on strengthening cybersecurity protections for critical infrastructure, and review proposed federal legislation on these issues
  4. Assess the costs of cyber attack fallout, from physical damage to assets and intellectual property losses to legal fees and remediation expenses
  5. Identify the steps organizations in the energy industry can take to better manage these cybersecurity risks and mitigate the impact of a cyberattack


Melinda L. McLellan


Melinda McLellan works with clients to navigate complex privacy, cybersecurity, and data management issues in a rapidly evolving regulatory environment. She counsels companies of all sizes across multiple industry sectors, helping them to identify, evaluate, and manage the myriad compliance obligations associated with corporate privacy and information security practices. Melinda regularly advises on the creation, development, and implementation of global privacy and security policies, standards, procedures, and guidelines, as well as company codes of conduct and employee privacy training programs. Attentive to her clients' business needs, Melinda's proactive approach favors pragmatic, forward-thinking compliance strategies that emphasize prevention and mitigation of privacy and data security risks.

Select Experience:

  • Advises clients on the development and implementation of enterprise-wide privacy and information security programs, including by creating employee privacy training modules and drafting company codes of conduct, policies, standards, procedures and guidelines related to the protection of personal data.
  • Develops compliance strategies for the execution of multi-marketer and multimedia digital and mobile marketing campaigns, regularly advising on online behavioral advertising issues, CAN-SPAM Act requirements, regulations imposed by the Telephone Consumer Protection Act, the FTC's Telemarketing Sales Rule and National Do-Not-Call Registry, and the FCC's regulations applicable to telemarketing calls and text messages.
  • Counsels clients on the legal implications of various data collection and analytics technologies, including facial recognition software, in-store WiFi tracking and web-based tools used for behavioral marketing and geotargeting purposes.

Sara Goldstein


Sara Goldstein focuses her practice on legal issues related to privacy and data protection. As the former vice president and general counsel of a large provider of release of information and disclosure management services, Sara was responsible for overseeing all of the company’s legal and compliance-related matters. This experience gives her a depth of knowledge regarding her clients’ needs, bringing a business-oriented perspective to her practice and allowing her to provide legal guidance that is realistic and practical for her clients. 

Sara has authored a variety of industry-related articles in publications such as the Journal of the American Health Information Management Association(AHIMA), The Group Practice JournalCompliance Today and She has been invited to speak to organizations across the country about release of information, compliance with federal and state medical privacy laws, and breach prevention. She is also an adjunct professor of law at Drexel University, where she teaches a course on HIPAA and patient privacy.


Joshua W.

Informative and interesting presentation.

Carl F.

Excellent follow up to previous presentation

Paul S.

Excellent presentation.

Marian W.

This program was excellent. Very interesting examples and suggestions.

Frank K.

Alarming topic

Stacey H.

Really well done!

Katie H.

A plus.

Load More


$ 59 Oil, Gas, & Energy Law and Privacy & Cybersecurity In Stock


Get Unlimited Access to Lawline Courses

Unlimited CLE Subscription gives you access to take almost any course from our catalog and earn as much CLE credit as you need.