Energy Industry Cybersecurity and Event Response

Overview

Energy companies, like all businesses, are susceptible to cybersecurity attacks, data breaches, catastrophic events, and environmental emergency situations. There is an increased focus on ensuring security and protecting the nation’s critical infrastructure, particularly energy-related infrastructure such as generators, pipelines, and electronic networks, from destructive cyber and physical attacks.

As a premier national energy practice, BakerHostetler has earned a reputation within the energy industry for providing exceptional work and obtaining favorable results. Because we have an on-the-ground presence where many of our clients’ operations are located, we are able to immediately assess a situation and respond as necessary. Many of our attorneys have energy-specific degrees or have worked in-house with major energy companies, which gives us inside knowledge and hands-on experience to handle energy emergencies with assured and practical advice.

We represent a wide range of clients in the energy industry, including:

  • Oil and gas companies
  • Pipeline companies
  • Project owners, developers, and contractors
  • Oil field service companies
  • Mining and metals companies
  • Landowners
  • Governmental agencies
  • Private equity funds
  • Venture capital firms
  • Financial institutions and lenders
  • Investors
  • REITs

BakerHostetler has more than 80 lawyers across the nation who focus principally on clients in various sectors of the energy industry. Our energy lawyers represent producers, operators, service companies, and landowners throughout the country in connection with litigation, arbitration, and dispute resolution arising out of various emergencies, including data breaches, security incidents, releases, oil spills, blowouts, pipeline disasters, mechanical failures, and electrocutions. We not only assist with immediate emergency response needs, but also with any litigation arising out of the emergency. We have handled claims involving international and maritime laws, toxic torts, product liability, personal injury, class actions, workers’ compensation, and wrongful death.

More »

We also have one of the country’s largest and most comprehensive teams focused on data privacy and information security, partnering with clients to help them mitigate reputational and financial risks of cyber- and physical security. We have helped clients recover from more than 750 data breaches, including 175 responses in the past year – a volume and breadth of experience resulting in effective and efficient action that minimizes liability, is cost conscious, and protects a company’s reputation.

Data Security Assessment and Response Planning

We work with our energy clients to conduct data security assessments, interviewing business managers, security staff, and information technology managers; reviewing data security policies and procedures; and conducting penetration tests and vulnerability scans. This allows us to help clients identify opportunities to improve the security of their computer networks. We help clients develop response plans in order to enable them to handle security incidents quickly, efficiently, and in a manner that complies with applicable laws while mitigating risk and preserving customer relationships.

24-Hour Data Breach and Catastrophic Event Response

Given the urgency of data breaches, catastrophic events, and other emergency situations, we have assembled an Emergency Response Team that is available to assist clients throughout the country 24 hours a day. Our team is dispatched to the incident site immediately in order to assess the situation, advise on appropriate next steps, and assist with public relations, cleanup, and investigations. We have responded to data breaches, cybersecurity attacks, pipeline disasters, oil spills, blowouts, and chemical plant explosions, among other energy and environmental emergencies.

Reputation Protection

We understand that one of the greatest threats posed by a data security incident, catastrophic event, or environmental disaster is the potential impact on the company’s reputation. While we have hundreds of examples to draw upon to gauge how customers or employees will respond to an incident, we do not push a “one size fits all” approach because we know that each company has unique relationships with its customers and employees. When warranted, we include experienced crisis communications professionals on the incident response team and work with them to frame an internal and external communication strategy that satisfies legal notification obligations, preserves legal defenses, and best positions the company to minimize reputational harm.

Select Experience

  • Assisted in preparation of incident response plan for publicly traded pipeline company, and negotiated numerous information technology transactions, including cloud computing agreements, addressing, among other things, indemnification and recourse in the event of a security breach.
  • Represented a pressure control system manufacturer after a well blowout, that killed two members of the energy crew, injured two others, and destroyed the workover rig.
  • Defended an energy company as co-defendant in a case arising from a chemical plant explosion in Ohio, with a certified class of more than 10,000 neighboring residents alleging personal injury, property damage, real property diminution in value, and evacuation claims.
  • Provided oversight of pipeline spill response actions in connection with releases from an underground 12-inch jet fuel pipeline in the Florida Keys and from a train derailment in upstate New York that struck two above-ground 12-inch jet fuel pipelines.
  • Represented the charterer of a tanker involved in an oil spill, including handling emergency response services and representing the client in all spill-related litigation.
More »

Experience

  • Assisted in preparation of incident response plan for publicly traded pipeline company, and negotiated numerous information technology transactions, including cloud computing agreements, addressing, among other things, indemnification and recourse in the event of a security breach.
  • Represented a pressure control system manufacturer after a well blowout, that killed two members of the energy crew, injured two others, and destroyed the workover rig.
  • Defended an energy company as co-defendant in a case arising from a chemical plant explosion in Ohio, with a certified class of more than 10,000 neighboring residents alleging personal injury, property damage, real property diminution in value, and evacuation claims.
  • Provided oversight of pipeline spill response actions in connection with releases from an underground 12-inch jet fuel pipeline in the Florida Keys and from a train derailment in upstate New York that struck two above-ground 12-inch jet fuel pipelines.
  • Represented the charterer of a tanker involved in an oil spill, including handling emergency response services and representing the client in all spill-related litigation.
  • Participated with clients in U.S. Coast Guard inspections and audits, annual spill drill exercises and tabletop sessions, and management of pipeline spill response actions.
  • Represented a pipeline company in claims against a salvage company in connection with damages caused to the client’s offshore pipeline during salvage operations.
  • Prepared policies and procedures for the rollout of a Bring Your Own Device program for a multijurisdictional energy infrastructure company.
  • Counseled a Fortune 500 electric and natural gas utility on privacy and data security issues, including Identity Theft Red Flags Rule, Telephone Consumer Protection Act, and Fair Credit Reporting Act compliance, state data security regulations, and incident response. In addition, serve as incident response counsel and have assisted client in preparing its breach response plan.

Recognition

  • Recognized as one of the top law firms for client service, we were named to the 2018 BTI Client Service 30 for the fourth consecutive year.

News

Publications

Blog

In The Blogs

Previous Next
Data Privacy Monitor
When Obscurity Is Not a Defense
February 22, 2018
Many organizations facing a data-security incident struggle to understand how or why their organization was targeted in an attack. Most simply believe they are too small or too obscure to be targeted by malicious cyber actors. Even larger...
Read More ->
Data Privacy Monitor
Recent OCR Newsletter Highlights Growing Cyber Extortion Threat for Healthcare Organizations
February 19, 2018
The OCR’s January 2018 newsletter details specific types of cyber extortion that healthcare organizations are currently encountering, including ransomware, denial of service attacks, distributed denial of service attacks and theft of...
Read More ->
Data Privacy Monitor
Looking Back: The Federal Trade Commission Issues Annual Data Privacy Report for 2017
February 6, 2018
On Jan. 18, 2018, the Federal Trade Commission (FTC) published its Annual Privacy and Data Security Update. The update is helpful to businesses in that it recaps the efforts and areas of involvement the FTC has targeted in the past year as...
Read More ->
Data Privacy Monitor
SAMHSA Updates Privacy Regulations to Reflect Advancements in Healthcare
January 31, 2018
On Jan. 3, 2018, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued its final rule regarding the Confidentiality of Substance Use Disorder Patient Records Part 2. These changes become effective Feb. 2, 2018. As...
Read More ->
Data Privacy Monitor
Clock Ticking, European Commission Launches GDPR Implementation Guidance Website
January 26, 2018
With only four months remaining until the EU General Data Protection Regulation takes effect on May 25, 2018, the European Commission has launched a new website offering guidance on requirements and implementation targeted at an array of...
Read More ->