In the wake of the May 2021 ransomware attack on a major US oil pipeline, the Department of Homeland Security’s Transportation Security Administration (TSA) has released a security directive (the “TSA Directive”) to better “identify, protect against, and respond to threats to critical companies in the pipeline sector.” The TSA Directive was released on May
On January 26, 2021, members of the Mayer Brown cybersecurity and data privacy practice will be joined by members of Dragos—a leading industrial security firm—to describe practical steps that members of the energy sector—and other relevant businesses—can take to mitigate cyber risks to operational technology. The webinar – Managing OT Cyber Risk: Lessons from the Front Lines – will discuss how legal teams can work with other stakeholders in their businesses to manage associated legal risk.
The energy sector faces significant and growing cyber threats. In particular, many businesses in the energy sector operate safety critical machinery that is increasingly connected—and subject to cyber attacks. Whether located on an oil rig, in the electric grid, at a refinery, or on a pipeline, these systems—often referred to as “Operational Technology” or “Industrial Control Systems”—sit at the backbone of countless critical processes in the energy sector. Cyber threats to these systems continue to grow, including from highly sophisticated nation-state actors. Potential attacks against these systems threaten to stop production, impair the integrity of safety-critical systems or even cause physical damage or personal injury. The corresponding legal risks facing the energy sector, whether from litigation or regulatory action, are equally significant and will continue to grow in the coming years.