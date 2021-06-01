Companies in the energy industry today are confronted with unprecedented physical and cyber security challenges. In the physical realm, energy companies must protect critical infrastructure facilities against accidents, natural disasters and acts of sabotage or terror. In the cyber realm, they must safeguard their mission-critical information assets against criminal hackers, hacktivists, nation-states and terrorists who use sophisticated means to steal personal and financial information for monetary gain, engage in economic espionage, disrupt online services or conduct destructive attacks on cyber and physical infrastructure.

Hunton’s energy sector security team stands ready to assist companies in protecting the security and resilience of their critical infrastructure facilities in the face of these physical and cyber threats. We help clients address challenging legal issues while implementing a comprehensive approach to preparing for and responding to today’s security challenges. Energy companies must navigate through an increasingly complex legal and policy environment that is being shaped by new developments and evolving security standards in regulatory compliance, reporting, enforcement, government investigations, litigation, insurance, employment, legislation and other areas. Since the 9/11 terrorist attacks, the matrix of laws, regulations and executive orders at federal and state levels has grown increasingly complex as governments at all levels take action to prepare for hostile attacks and natural disasters. Federal, state and foreign laws that might otherwise provide a predictable legal framework for effective strategic planning in physical and cybersecurity are in a state of rapid, often unpredictable change due to shifting and sometimes conflicting public policies.

This endemic uncertainty complicates the planning for, preparation for and response to the varied physical and cyber crises that every energy company will inevitably face. Some threats, like those posed by severe weather events, are familiar to the industry. Other threats, such as those posed by sophisticated cyber attacks and physical sabotage, are evolving at an alarming pace. What is new is the increasingly unpredictable and often severe nature of governments’ response when a crisis occurs.

Superstorm Sandy triggered immediate and harsh political attacks on utilities across the Northeast, and sweeping regulatory action in its aftermath. Regulators initiated the expected proceedings to critique the storm preparedness and response of utilities. But they often went much further. For example, regulators and policymakers in New York initiated open-ended proceedings to explore ways to alter the fundamental business model and structure of utilities, purportedly to make them better able to withstand such storms and related threats.

An act of sabotage involving small firearms at a West Coast electricity substation in 2013 drew little attention, until a series of newspaper articles eight months later brought it national attention. This led to public pressure for reform, congressional hearings, proposed legislation, and the development of new physical security regulations by the Federal Energy Regulatory Commission (FERC).

The daily drumbeat of news about data breaches, theft of proprietary information, online service disruptions, and destructive malware in the cybersecurity arena has led to new notification and reporting requirements, increasingly aggressive enforcement action by federal and state regulators, widespread class action litigation and criminal investigations, regulatory reforms, evolving insurance requirements, new government policies and programs, proposed legislation and congressional hearings.

Energy sector companies cannot rely on traditional programs and procedures for risk management and crisis response. They must engage in a comprehensive and coordinated form of planning, preparation and response that covers the life cycle of an incident, and addresses the associated legal, regulatory, policy and political issues.

Our Team

Combining talented lawyers from a number of practices, our team works with companies in the electric utility, oil, natural gas, pipeline, coal, nuclear, renewable energy and clean power, and related sectors to minimize the risks or consequences of a serious security incident. Our involvement in the energy industry dates back more than 100 years, and we have established a multidisciplinary team tailored to meet the security challenges in the energy sector.

Many of the practice groups our team is composed of have received top tier rankings or were otherwise highly ranked by Chambers & Partners Guide to the World’s Best Lawyers. Chambers has consistently rated our energy, project finance and regulatory partners in its top tier. For the past several years, it has rated our firm as the top privacy and cybersecurity practice in its Chambers Global, Chambers USA and Chambers UK guides. The Legal 500 United States also has placed the firm in the top tier for cyber crime, and privacy and data security.

Our lawyers work seamlessly together to help clients with legal and regulatory compliance, physical and cybersecurity risk minimization, strategic engagement with key government agencies, response to physical or cyber events, insurance coverage and dispute resolution arising from law enforcement investigations, government enforcement actions and private litigation.