On April 20, 2022, the cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom—the so-called “Five Eye” governments—announced the publication of Alert AA22-110A, a Joint Cybersecurity Advisory (the “Advisory”) warning critical infrastructure organizations throughout the world that the Russian invasion of Ukraine could expose them “to increased malicious cyber activity from Russian state-sponsored cyber actors or Russian-aligned cybercrime groups.”  The Advisory is intended to update a January 2022 Joint Cybersecurity Advisory, which provided an overview of Russian state-sponsored cyber operations and tactics, techniques, and procedures (“TTPs”).

In its announcement, the authorities urged critical infrastructure network defenders in particular “to prepare for and mitigate potential cyber threats by hardening their cyber defenses” as recommended in the Advisory.

Continue Reading International Cybersecurity Authorities Issue Joint Advisory on Russian Cyber Threats to Critical Infrastructure

The Federal Energy Regulatory Commission (FERC) recently signaled that it is exploring ways to improve the cybersecurity of the U.S. electricity grid.  On June 18, 2020, FERC issued a Notice of Inquiry (NOI) regarding whether some of its reliability standards regarding cybersecurity must be enhanced and whether the focus of its standards must change due to the threat of a coordinated cyberattack targeting geographically distributed generation resources.  On June 18, 2020, FERC also issued a staff paper that suggests a framework for providing incentives in transmission rates for cybersecurity investments.

These FERC actions may presage regulatory actions that could have material operational and cost implications for all grid participants.  Accordingly, FERC is seeking comments on both documents with deadlines of August 24, 2020 for the NOI and August 17, 2020 for the staff paper.  Major grid participants would be well advised to evaluate the NOI and staff paper and consider responding to FERC’s request for comments.
Continue Reading FERC Requests Comments on Grid Cybersecurity Initiatives

On Monday, the 2015 G-7 Summit ended with the President and other Leaders of the G-7 focused generally on a wide range of economic, security, and development issues, and specifically discussing the energy sector’s cybersecurity posture.  According to the White House, the Leaders “launched a new cooperative effort to enhance cybersecurity of the energy sector