Energy Industry Cybersecurity and Event Response

Overview

Energy companies, like all businesses, are susceptible to cybersecurity attacks, data breaches, catastrophic events, and environmental emergency situations. There is an increased focus on ensuring security and protecting the nation’s critical infrastructure, particularly energy-related infrastructure such as generators, pipelines, and electronic networks, from destructive cyber and physical attacks.

As a premier national energy practice, BakerHostetler has earned a reputation within the energy industry for providing exceptional work and obtaining favorable results. Because we have an on-the-ground presence where many of our clients’ operations are located, we are able to immediately assess a situation and respond as necessary. Many of our attorneys have energy-specific degrees or have worked in-house with major energy companies, which gives us inside knowledge and hands-on experience to handle energy emergencies with assured and practical advice.

We represent a wide range of clients in the energy industry, including:

  • Oil and gas companies
  • Pipeline companies
  • Project owners, developers, and contractors
  • Oil field service companies
  • Mining and metals companies
  • Landowners
  • Governmental agencies
  • Private equity funds
  • Venture capital firms
  • Financial institutions and lenders
  • Investors
  • REITs

BakerHostetler has more than 80 lawyers across the nation who focus principally on clients in various sectors of the energy industry. Our energy lawyers represent producers, operators, service companies, and landowners throughout the country in connection with litigation, arbitration, and dispute resolution arising out of various emergencies, including data breaches, security incidents, releases, oil spills, blowouts, pipeline disasters, mechanical failures, and electrocutions. We not only assist with immediate emergency response needs, but also with any litigation arising out of the emergency. We have handled claims involving international and maritime laws, toxic torts, product liability, personal injury, class actions, workers’ compensation, and wrongful death.

More »

We also have one of the country’s largest and most comprehensive teams focused on data privacy and information security, partnering with clients to help them mitigate reputational and financial risks of cyber- and physical security. We have helped clients recover from more than 750 data breaches, including 175 responses in the past year – a volume and breadth of experience resulting in effective and efficient action that minimizes liability, is cost conscious, and protects a company’s reputation.

Data Security Assessment and Response Planning

We work with our energy clients to conduct data security assessments, interviewing business managers, security staff, and information technology managers; reviewing data security policies and procedures; and conducting penetration tests and vulnerability scans. This allows us to help clients identify opportunities to improve the security of their computer networks. We help clients develop response plans in order to enable them to handle security incidents quickly, efficiently, and in a manner that complies with applicable laws while mitigating risk and preserving customer relationships.

24-Hour Data Breach and Catastrophic Event Response

Given the urgency of data breaches, catastrophic events, and other emergency situations, we have assembled an Emergency Response Team that is available to assist clients throughout the country 24 hours a day. Our team is dispatched to the incident site immediately in order to assess the situation, advise on appropriate next steps, and assist with public relations, cleanup, and investigations. We have responded to data breaches, cybersecurity attacks, pipeline disasters, oil spills, blowouts, and chemical plant explosions, among other energy and environmental emergencies.

Reputation Protection

We understand that one of the greatest threats posed by a data security incident, catastrophic event, or environmental disaster is the potential impact on the company’s reputation. While we have hundreds of examples to draw upon to gauge how customers or employees will respond to an incident, we do not push a “one size fits all” approach because we know that each company has unique relationships with its customers and employees. When warranted, we include experienced crisis communications professionals on the incident response team and work with them to frame an internal and external communication strategy that satisfies legal notification obligations, preserves legal defenses, and best positions the company to minimize reputational harm.

Select Experience

  • Assisted in preparation of incident response plan for publicly traded pipeline company, and negotiated numerous information technology transactions, including cloud computing agreements, addressing, among other things, indemnification and recourse in the event of a security breach.
  • Represented a pressure control system manufacturer after a well blowout, that killed two members of the energy crew, injured two others, and destroyed the workover rig.
  • Defended an energy company as co-defendant in a case arising from a chemical plant explosion in Ohio, with a certified class of more than 10,000 neighboring residents alleging personal injury, property damage, real property diminution in value, and evacuation claims.
  • Provided oversight of pipeline spill response actions in connection with releases from an underground 12-inch jet fuel pipeline in the Florida Keys and from a train derailment in upstate New York that struck two above-ground 12-inch jet fuel pipelines.
  • Represented the charterer of a tanker involved in an oil spill, including handling emergency response services and representing the client in all spill-related litigation.
More »

Experience

  • Assisted in preparation of incident response plan for publicly traded pipeline company, and negotiated numerous information technology transactions, including cloud computing agreements, addressing, among other things, indemnification and recourse in the event of a security breach.
  • Represented a pressure control system manufacturer after a well blowout, that killed two members of the energy crew, injured two others, and destroyed the workover rig.
  • Defended an energy company as co-defendant in a case arising from a chemical plant explosion in Ohio, with a certified class of more than 10,000 neighboring residents alleging personal injury, property damage, real property diminution in value, and evacuation claims.
  • Provided oversight of pipeline spill response actions in connection with releases from an underground 12-inch jet fuel pipeline in the Florida Keys and from a train derailment in upstate New York that struck two above-ground 12-inch jet fuel pipelines.
  • Represented the charterer of a tanker involved in an oil spill, including handling emergency response services and representing the client in all spill-related litigation.
  • Participated with clients in U.S. Coast Guard inspections and audits, annual spill drill exercises and tabletop sessions, and management of pipeline spill response actions.
  • Represented a pipeline company in claims against a salvage company in connection with damages caused to the client’s offshore pipeline during salvage operations.
  • Prepared policies and procedures for the rollout of a Bring Your Own Device program for a multijurisdictional energy infrastructure company.
  • Counseled a Fortune 500 electric and natural gas utility on privacy and data security issues, including Identity Theft Red Flags Rule, Telephone Consumer Protection Act, and Fair Credit Reporting Act compliance, state data security regulations, and incident response. In addition, serve as incident response counsel and have assisted client in preparing its breach response plan.

Recognition

  • Chambers USA: Nationwide Privacy & Data Security (2013 to 2018)
    • Chambers USA Privacy and Data Security- Healthcare Spotlight Table (2018)
  • Recognized as one of the top law firms for client service, BakerHostetler was named to the 2019 BTI Client Service 30 for the fifth consecutive year.

News

Publications

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Best Cybersecurity Practices for Healthcare Organizations – Ransomware Prevention
By Kathryn Carey, Aleksandra Vold
February 8, 2019
This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its “Cybersecurity Best Practices” report. For previous articles in the series...
Read More ->
Data Privacy Monitor
Insurance Data Security Model Law Picks Up Steam
By Andreas T. Kaltsounis, Shea M. Leitch
February 6, 2019
Three states recently enacted variations of the National Association of Insurance Commissioner’s (NAIC) Insurance Data Security Model Law (MDL-668), based on the landmark cybersecurity requirements issued by the New York Department of...
Read More ->
Data Privacy Monitor
What Can We Learn From the Healthcare Data Breach ‘Wall of Shame'?
By Eric A. Packel
February 4, 2019
In addition to dealing with the public outcry and regulatory scrutiny resulting from a healthcare data breach, covered entities under the Health Insurance Portability and Accountability Act (or their business associates) are required to...
Read More ->
Data Privacy Monitor
Washington State Proposes Sweeping Privacy Legislation
By Andreas T. Kaltsounis, Shea M. Leitch
February 4, 2019
On Jan. 17, 2019, a new privacy law was proposed in the Washington state Senate. If passed, the Washington Privacy Act would impose far-reaching responsibilities on companies to protect the privacy of “personal data.” Lifting many...
Read More ->
Data Privacy Monitor
The Use of Smart Speakers in the Healthcare Industry
February 1, 2019
Smart speakers are voice-activated, internet-connected devices with an integrated virtual assistant that can answer questions, follow instructions and control other smart devices. Nearly one in five U.S. adults has access to a smart...
Read More ->