Cybersecurity & The Energy Sector: Managing Escalating Risks

We have continued to see a rise in attempted attacks on energy infrastructure using malicious software and other cyber weapons. Recent examples include the May 2017 Wannacry cyberattack that affected companies and governments worldwide, which was followed closely in June 2017 by Petya (which hobbled online controls and critical systems at Chernobyl), and significant havoc caused by "NotPetya" in January 2018. Adding fuel to the fire, the proliferation of ransomware has further incentivized would-be cybercriminals by introducing the potential for financial gains.

As the energy sector grapples with how to protect itself against evolving threats, what do companies need to know about their legal obligations and potential liability? The increasing probability that an attack will result in devastating consequences has raised the profile of cyberinsurance as a necessary component of security risk management, but what else should businesses be doing? In this presentation, BakerHostetler Partner Melinda McLellan and Associate Sara Goldstein will provide information, analysis, and insights to help energy sector entities understand and navigate the risks and legal responsibilities associated with identifying and protecting against cyber threats.  

Learning Objectives:

1. Examine the latest cyberattacks on facilities and systems around the world and contrast these with previous incidents in terms of scope and complexity
2. Review the evolving threat landscape, including new lines of attack, the role of ransomware, and vulnerabilities in aging infrastructure
3. Analyze Trump's May 2017 Executive Order on strengthening cybersecurity protections for critical infrastructure, and review proposed federal legislation on these issues
4. Assess the costs of cyber attack fallout, from physical damage to assets and intellectual property losses to legal fees and remediation expenses
5. Identify the steps organizations in the energy industry can take to better manage these cybersecurity risks and mitigate the impact of a cyberattack