Photo of Web Leslie

Web Leslie represents and advises emerging and leading companies on a broad array of technology issues, including on cybersecurity, national security, investigations, and data privacy matters.

Web provides strategic advice and counsel on cybersecurity preparedness, data breach, cross-border privacy law, and government investigations, and helps clients navigate complex policy matters related to cybersecurity and national security.

In addition to his regular practice, Web also counsels pro bono clients on technology, immigration, and criminal law matters, including representing a client sentenced to life without parole by a non-unanimous jury in Louisiana.

Web previously served in government in various roles at the Department of Homeland Security, including at the Cybersecurity and Infrastructure Security Agency (CISA), where he specialized in cybersecurity policy, public-private partnerships, and interagency cyber operations. He also served as Special Assistant to the Secretary of Homeland Security.

The Federal Energy Regulatory Commission (“FERC”) issued a final rule (Order No. 887) directing the North American Electric Reliability Corporation (“NERC”) to develop new or modified Reliability Standards that require internal network security monitoring (“INSM”) within Critical Infrastructure Protection (“CIP”) networked environments.  This Order may be of interest to entities that develop, implement, or maintain hardware or software for operational technologies associated with bulk electric systems (“BES”).

The forthcoming standards will only apply to certain high- and medium-impact BES Cyber Systems.  The final rule also requires NERC to conduct a feasibility study for implementing similar standards across all other types of BES Cyber Systems.  NERC must propose the new or modified standards within 15 months of the effective date of the final rule, which is 60 days after the date of publication in the Federal Register.  

Continue Reading FERC Orders Development of New Internal Network Security Monitoring Standards

On April 20, 2022, the cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom—the so-called “Five Eye” governments—announced the publication of Alert AA22-110A, a Joint Cybersecurity Advisory (the “Advisory”) warning critical infrastructure organizations throughout the world that the Russian invasion of Ukraine could expose them “to increased malicious cyber activity from Russian state-sponsored cyber actors or Russian-aligned cybercrime groups.”  The Advisory is intended to update a January 2022 Joint Cybersecurity Advisory, which provided an overview of Russian state-sponsored cyber operations and tactics, techniques, and procedures (“TTPs”).

In its announcement, the authorities urged critical infrastructure network defenders in particular “to prepare for and mitigate potential cyber threats by hardening their cyber defenses” as recommended in the Advisory.

Continue Reading International Cybersecurity Authorities Issue Joint Advisory on Russian Cyber Threats to Critical Infrastructure