Energy - Cybersecurity

Cybersecurity, proprietary data, and information protection have long existed within the risk management portfolio of government, private and public organizations, especially in the energy and environmental space.  There is increasing recognition that threats exist not only to traditional information technology (IT) but operational technology (OT) as well. As the number of incidents increase and the vulnerability of critical infrastructure becomes more apparent, these risks have rapidly risen to become a top priority for various sectors. 

State and local governments across the country are examining ways to protect their citizens and strengthen their resilience against physical, natural and cyber threats.  Institutional and industrial control systems that are connected to networks face exacerbated risks because of the increased reliance on the networked devices necessary to operate these systems and the severe health, safety, environmental, and regulatory consequences of a cyber-attack. These at-risk systems include oil and gas pipelines; LNG facilities; offshore oil and gas rigs/platforms; electricity generation, transmission, and distribution assets; hydropower and municipal water facilities; nuclear reactors and chemical plants; and medical, research and academic institutions.          

Van Ness Feldman has the experience and capabilities to assist operators of these facilities in addressing the multifaceted cyber threats impacting their assets. Our decades of experience with all aspects of energy and natural resources project development and operation, along with our work as former government officials, allow us to offer the following types of cybersecurity services: 

REGULATORY COMPLIANCE & MONITORING

Our professionals make it a priority to stay ahead of new legislation, regulations, and other cyber developments, in order to keep our clients well versed and in compliance with requirements as they arise. Our team is able to ensure regulatory compliance with The National Institute of Standards and Technology (NIST) Framework, the Pipeline Security Guidelines by the Transportation Security Administration (TSA), and various electric power industry reliability standards, including the Critical Infrastructure Protection (CIP) standards enforced by the North American Electric Reliability Corporation (NERC). 

RISK ASSESSMENT & MITIGATION

Employing our unique understanding of the regulatory framework governing these industries, our attorneys, with the help of cyber risk professionals, can conduct compliance audits to evaluate general operational system vulnerabilities and offer potential solutions, including system improvements, and employee training to mitigate risks.

INCIDENT PLANNING & RESPONSE

Our team can assist clients in coordinating with enforcement authorities and provide appropriate notifications in the event of a security breach. For clients that have avoided incidents to date, we can offer advice on response planning, including partnering with technical experts to conduct "table top" exercises that yield lessons learned from a simulated incident.

INTERNAL INVESTIGATIONS

In the event that a cyber-incident does occur, Van Ness Feldman attorneys can assist with or conduct interviews of client personnel and review relevant documents and data to determine whether failures and/or misconduct occurred, and report any findings.

LITIGATION & ENFORCEMENT

Our talented team of litigators can respond quickly and effectively if a cyber-attack or incident results in an enforcement action or litigation. We have served as lead counsel in numerous complex proceedings in federal and state courts (both trial and appellate) and in administrative proceedings before federal, state, and local agencies.

GOVERNMENT RELATIONS & ADVOCACY

The lawyers and public policy professionals who comprise Van Ness Feldman’s bipartisan government relations team have served as legal counsel and policy advisers to members of Congress and Congressional committees, White House staff, and presidential appointees to federal agencies in both Democratic and Republican administrations. Through our experiences and relationships, we are able to effectively coordinate funding and other legislative efforts for our clients.  Team members have significant experience assisting clients with advocacy regarding the development and implementation of cybersecurity-related legislation. Our team also has noteworthy executive branch experience with  agencies that have oversight of systems at risk of cyber-attacks, including:  

  • Bureau of Ocean Energy Management
  • National Transportation Safety Board
  • Bureau of Safety and Environmental Enforcement
  • North American Electric Reliability Corporation
  • Department of Homeland Security
  • Nuclear Regulatory Commission
  •  Department of Justice
  • Occupational Safety and Health Administration
  • Environmental Protection Agency
  • Pipeline and Hazardous Materials Safety Administration
  • Federal Energy Regulatory Commission
  • U.S. Chemical Safety Board
  • National Oceanic and Atmospheric Administration
  •  United State Coast Guard

RECENT MATTERS

Our professionals have made presentations at several energy sector and other industry events and handled a wide array of representative matters including:

  • Providing counsel on the application of various critical infrastructure protection (CIP) standards apply to company assets;
  • Assisting a client to draw comparisons among cybersecurity requirements applicable in different sectors in an effort to craft a policy development strategy that would be favorable to the industry and defensible in the regulatory and legal arenas;
  • Summarizing the latest regulatory and legislative changes for clients keen on staying current in their cybersecurity posture and knowledge;
  • Providing legal analysis of specific federal cybersecurity laws and surveying client stakeholders to determine whether the law is meeting its designed goals or whether amendments could improve its efficacy;
  • Advising on NIST cybersecurity standards and helping the client bolster its cybersecurity practices; and
  • Reviewing and advising clients on applicable state privacy requirements.




Download PDF Version

Professionals

Michael D. Farber

Partner

Washington D.C.

202-298-1803

mfarber@vnf.com / vCard

Gwendolyn Keyes Fleming

Partner

Washington D.C.

202-298-1928

gfleming@vnf.com / vCard

Malcolm C. McLellan

Partner

Seattle

206.829.1814

mcm@vnf.com / vCard

Tracy Nagelbush Tolk

Principal, Governmental Issues

Washington D.C.

202.298.1937

tan@vnf.com / vCard

R. Scott Nuzum

Of Counsel

Washington D.C.

202.298.1951

rsn@vnf.com / vCard

Terese (T.C.) Richmond

Partner

Seattle

206.623.9372

ter@vnf.com / vCard

Jonathan D. Simon

Partner

Washington D.C.

202.298.1932

jxs@vnf.com / vCard

Darshana Singh

Associate

Washington D.C.

202-298-3736

dxs@vnf.com / vCard

Eric C. Wagner

Senior Policy Advisor

Washington D.C.

202-298-1953

ewagner@vnf.com / vCard

Michael Weiner

Legislative Assistant

Washington D.C.

202.298.1848

mrw@vnf.com / vCard