Over the past several years, the energy sector has become a prime target for hacking and ransomware attacks, with over 40 attacks on the industry since 2017. Cyber attacks have only continued to rise, with a record high of 13 reported attacks in one year occurring in 2022.
Physical Security Threats to U.S. Energy Infrastructure
A new type of threat against the energy sector crystallized at the end of 2022: physical attacks on the grid. … More
The Federal Energy Regulatory Commission (“FERC” or “Commission”) recently issued an Order approving a request 
by the North American Electric Reliability Corporation (“NERC”) to defer the implementation of several Reliability Standards scheduled to take effect later this year. This action, along with others discussed in an earlier post here, are the latest measures approved by FERC that demonstrate the Commission’s intent to exercise discretion in easing reliability compliance burdens in light of the national emergency related to the coronavirus pandemic.… More
Security experts nationwide warn that the United States should expect serious cyberattacks from Iran in the next few months. The anticipated attacks, retaliation for United States’ killing of Major General Qasem Soleimani, are likely to include as targets oil refineries and other energy infrastructure. The specific targets, and whether the attacks will be state-sponsored and strategic or carried out by individuals or smaller groups,… More
The electric power grid is subject to escalating threats of attack by foreign adversaries and individual bad actors. While no U.S. utilities have been seriously compromised to date, in 2015, Ukraine’s electric grid was hit by a cyberattack that led to a lengthy blackout affecting approximately 250,000 people. There is growing recognition that cyberattacks have the potential to be even more malicious, disrupting increasingly digitized critical energy infrastructure. … More
On March 22, 2019, Foley Hoag hosted the New England Electricity Restructuring Roundtable, organized by Raab Associates. The roundtable featured keynote addresses by Federal Energy Regulatory Commission (“FERC”) Commissioner Cheryl LaFleur—who recently announced she will be stepping down later this year—and North American Reliability Corporation (“NERC”) CEO and President James Robb. Both took turns addressing the most pressing issues in energy.… More
Earlier this month, Federal Energy Regulatory Commission (“FERC”) Chairman Neil Chaterjee testified before the U.S. Senate Committee on Energy and Natural Resources on issues related to cybersecurity in the energy industry.
In his testimony, Chaterjee seemed to soften at least his messaging, if not his position, calling for increased mandatory oversight of cybersecurity for gas pipelines. In a joint letter written last June,… More
While 2018 has been a year of unprecedented and escalating cyber-related threats generally, such has certainly been the case with respect to attacks on the nation’s domestic energy facilities. For example, a media report from earlier this year describes hackers’ successful infiltration of the control rooms of multiple electric utilities. According to the article, and many others like it, attacks by both independent and state-sponsored hackers pose an on-going and constant threat to the security of the nation’s bulk power system. … More
On July 19, the Federal Energy Regulatory Commission (“FERC” or “Commission”), pursuant to its authority under section 215 of the Federal Power Act, issued a final rule directing the North American Electric Reliability Corporation (“NERC”) to develop modifications to NERC’s Reliability Standards as they relate to cyber security incidents. Issuance of the final rule is timely. A recent news article described hackers’ successful infiltration of the control rooms of multiple electric utilities.… More
In 2015, a sophisticated cyberattack hit six of Ukraine’s energy providers simultaneously, causing a blackout for hundreds of thousands of Ukrainians. The U.S. has thus far evaded similar attacks, but the energy sector remains of vital strategic importance. Because it has long been considered a prime target for cyber threats, from cybercriminals and foreign states alike, regulators, especially at the federal level,… More