Energy Industry Cybersecurity and Event Response

Overview

Energy companies, like all businesses, are susceptible to cybersecurity attacks, data breaches, catastrophic events, and environmental emergency situations. There is an increased focus on ensuring security and protecting the nation’s critical infrastructure, particularly energy-related infrastructure such as generators, pipelines, and electronic networks, from destructive cyber and physical attacks.

As a premier national energy practice, BakerHostetler has earned a reputation within the energy industry for providing exceptional work and obtaining favorable results. Because we have an on-the-ground presence where many of our clients’ operations are located, we are able to immediately assess a situation and respond as necessary. Many of our attorneys have energy-specific degrees or have worked in-house with major energy companies, which gives us inside knowledge and hands-on experience to handle energy emergencies with assured and practical advice.

We represent a wide range of clients in the energy industry, including:

  • Oil and gas companies
  • Pipeline companies
  • Project owners, developers, and contractors
  • Oil field service companies
  • Mining and metals companies
  • Landowners
  • Governmental agencies
  • Private equity funds
  • Venture capital firms
  • Financial institutions and lenders
  • Investors
  • REITs

BakerHostetler has more than 80 lawyers across the nation who focus principally on clients in various sectors of the energy industry. Our energy lawyers represent producers, operators, service companies, and landowners throughout the country in connection with litigation, arbitration, and dispute resolution arising out of various emergencies, including data breaches, security incidents, releases, oil spills, blowouts, pipeline disasters, mechanical failures, and electrocutions. We not only assist with immediate emergency response needs, but also with any litigation arising out of the emergency. We have handled claims involving international and maritime laws, toxic torts, product liability, personal injury, class actions, workers’ compensation, and wrongful death.

More »

We also have one of the country’s largest and most comprehensive teams focused on data privacy and information security, partnering with clients to help them mitigate reputational and financial risks of cyber- and physical security. We have helped clients recover from more than 750 data breaches, including 175 responses in the past year – a volume and breadth of experience resulting in effective and efficient action that minimizes liability, is cost conscious, and protects a company’s reputation.

Data Security Assessment and Response Planning

We work with our energy clients to conduct data security assessments, interviewing business managers, security staff, and information technology managers; reviewing data security policies and procedures; and conducting penetration tests and vulnerability scans. This allows us to help clients identify opportunities to improve the security of their computer networks. We help clients develop response plans in order to enable them to handle security incidents quickly, efficiently, and in a manner that complies with applicable laws while mitigating risk and preserving customer relationships.

24-Hour Data Breach and Catastrophic Event Response

Given the urgency of data breaches, catastrophic events, and other emergency situations, we have assembled an Emergency Response Team that is available to assist clients throughout the country 24 hours a day. Our team is dispatched to the incident site immediately in order to assess the situation, advise on appropriate next steps, and assist with public relations, cleanup, and investigations. We have responded to data breaches, cybersecurity attacks, pipeline disasters, oil spills, blowouts, and chemical plant explosions, among other energy and environmental emergencies.

Reputation Protection

We understand that one of the greatest threats posed by a data security incident, catastrophic event, or environmental disaster is the potential impact on the company’s reputation. While we have hundreds of examples to draw upon to gauge how customers or employees will respond to an incident, we do not push a “one size fits all” approach because we know that each company has unique relationships with its customers and employees. When warranted, we include experienced crisis communications professionals on the incident response team and work with them to frame an internal and external communication strategy that satisfies legal notification obligations, preserves legal defenses, and best positions the company to minimize reputational harm.

Select Experience

  • Assisted in preparation of incident response plan for publicly traded pipeline company, and negotiated numerous information technology transactions, including cloud computing agreements, addressing, among other things, indemnification and recourse in the event of a security breach.
  • Represented a pressure control system manufacturer after a well blowout, that killed two members of the energy crew, injured two others, and destroyed the workover rig.
  • Defended an energy company as co-defendant in a case arising from a chemical plant explosion in Ohio, with a certified class of more than 10,000 neighboring residents alleging personal injury, property damage, real property diminution in value, and evacuation claims.
  • Provided oversight of pipeline spill response actions in connection with releases from an underground 12-inch jet fuel pipeline in the Florida Keys and from a train derailment in upstate New York that struck two above-ground 12-inch jet fuel pipelines.
  • Represented the charterer of a tanker involved in an oil spill, including handling emergency response services and representing the client in all spill-related litigation.
More »

Experience

  • Assisted in preparation of incident response plan for publicly traded pipeline company, and negotiated numerous information technology transactions, including cloud computing agreements, addressing, among other things, indemnification and recourse in the event of a security breach.
  • Represented a pressure control system manufacturer after a well blowout, that killed two members of the energy crew, injured two others, and destroyed the workover rig.
  • Defended an energy company as co-defendant in a case arising from a chemical plant explosion in Ohio, with a certified class of more than 10,000 neighboring residents alleging personal injury, property damage, real property diminution in value, and evacuation claims.
  • Provided oversight of pipeline spill response actions in connection with releases from an underground 12-inch jet fuel pipeline in the Florida Keys and from a train derailment in upstate New York that struck two above-ground 12-inch jet fuel pipelines.
  • Represented the charterer of a tanker involved in an oil spill, including handling emergency response services and representing the client in all spill-related litigation.
  • Participated with clients in U.S. Coast Guard inspections and audits, annual spill drill exercises and tabletop sessions, and management of pipeline spill response actions.
  • Represented a pipeline company in claims against a salvage company in connection with damages caused to the client’s offshore pipeline during salvage operations.
  • Prepared policies and procedures for the rollout of a Bring Your Own Device program for a multijurisdictional energy infrastructure company.
  • Counseled a Fortune 500 electric and natural gas utility on privacy and data security issues, including Identity Theft Red Flags Rule, Telephone Consumer Protection Act, and Fair Credit Reporting Act compliance, state data security regulations, and incident response. In addition, serve as incident response counsel and have assisted client in preparing its breach response plan.

Recognition

  • Chambers USA: Nationwide Privacy & Data Security (2013 to 2018)
    • Chambers USA Privacy and Data Security - Healthcare Spotlight Table (2018)
  • Recognized as one of the top law firms for client service, BakerHostetler was named to the 2020 BTI Client Service 30 for the sixth consecutive year.

News

Publications

Blog

In The Blogs

Previous Next
Data Counsel
California OAG Proposes New CCPA Regs Two Weeks Before Voters Decide on the Fate of CCPA 2.0
By Alan L. Friel, Shea M. Leitch, Andrew M. Serrao
October 20, 2020
On Monday, Oct. 12, the California Office of the Attorney General (the Attorney General or OAG) released a third set of proposed modifications to the California Consumer Privacy Act (CCPA) regulations (the Regulations). The full text can...
Read More ->
Data Counsel
Jeewon Kim Serrato Co-Authors Article about Pricing, Value of Consumer Data and CCPA's Non-Discrimination Requirement
By Jeewon K. Serrato
October 19, 2020
Partner Jeewon Kim Serrato co-authored an article published in the California Lawyer Association’s Fall 2020 issue of the “Competition Journal” of the Antitrust, UCL and Privacy Section. The article, “Privacy, Pricing, and the Value of...
Read More ->
Data Counsel
Was OFAC's Advisory an October Surprise or More of the Same?
By Lee A. Casey, Theodore J. Kobus III, Barbara D. Linney
October 3, 2020
Ransomware has hit pandemic proportions and there does not seem to be a clear end in sight. On October 1, 2020, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory regarding ransom payments and the...
Read More ->
Data Counsel
Podcast: BakerHostetler Blockchain University: What is Blockchain and Why Should I Care?
October 2, 2020
Blockchain technology is widely anticipated to disrupt major industries and business operations over the next several years. But with all of the “hype” in the blockchain market, at times it can be difficult to separate fact from fiction...
Read More ->
Data Counsel
Employee Training and Record-Keeping Requirements in the Final CCPA Regulations and a Preview of New Retention Requirements in the CPRA
By James A. Sherer, Nichole L. Sterling
September 15, 2020
The California Consumer Privacy Act (CCPA) does not in itself outline specific employee training or record-keeping requirements that demonstrate business compliance with the law. However, the California attorney general’s final CCPA...
Read More ->