Crisis Response &
Incident Investigation

Archive for the ‘Cybersecurity’ Category

Mark Thibodeaux Quoted on Cybersecurity Risk, Liability Issues in Law360

Posted on: October 17th, 2016

Houston attorney Mark Thibodeaux, Deputy Practice Leader of the Cybersecurity and Privacy team for Sutherland Asbill & Brennan, was quoted by Law360 in an article exploring liability risks from cyberattacks on energy companies.

“The biggest security risk for the energy industry is these cyber-physical attacks, it’s not just data being stolen and moved around. The big liability risk is a power grid shutdown, or an overpressured pipeline, or a drilling rig in the Gulf of Mexico that is attacked and causes a major oil spill,” Mr. Thibodeaux said in an article headlined “5 Ways Energy Cos. Can Limit Legal Fallout From Attacks” (subscription required).

The article notes that the U.S. Department of Homeland Security and the Federal Energy Regulatory Commission are just two of the regulatory agencies putting pressure on oil and gas and power companies to make every effort to protect their increasingly automated layers of industrial controls. And while energy infrastructure companies are heavily insured, damages or losses from cyberattacks may be excluded, or greatly limited by insurance policies.

A Lloyd’s of London report estimated that a cyberattack that shuts down significant portions of the U.S. electric grid could have a $1 trillion impact on the U.S. economy, with insurers paying out more than $70 billion in claims.

“There’s not enough insurance in the world to cover a major event affecting a large portion of the grid,” Mr. Thibodeaux said.

He noted that energy companies also need to protect against contractors accidentally compromising their cybersecurity protections and should explore this question: “Does your contractor have deep enough pockets to protect you?”


Data Privacy Team Writes Law360 Series on Cybersecurity Information-Sharing Act

Posted on: February 23rd, 2016

Houston commercial litigator Mark Thibodeaux, Deputy Practice Leader of Sutherland’s Cybersecurity and Privacy team, recently co-authored a two-part Law360 series examining the federal guidance and questions that remain about the full scope of the benefits from the Cybersecurity Information Sharing Act of 2015.

The information-sharing system has been praised by many companies that recognize it “can be used to monitor or operate defensive measures and combat cyberthreats,” Thibodeaux and his colleagues write in Part I. “There are also benefits to providing information. Many companies are facing similar cyberthreats and in many cases are facing the same attackers.”

Among the points made in the article, headlined “Information Sharing Under CISA: What It Means For Companies,” is the observation that liability protection may be “one of the most important incentives for companies to consider … but may not be the shield that many think it is.”

Part II in the series, headlined “Information Sharing Under CISA: How DHS Guidance Helps,” examines the recent guidance provided by the Department of Homeland Security. The DHS identifies the government processes that encourage information sharing and the steps companies should take to benefit from CISA.

Ultimately, the authors conclude, CISA provides a framework for companies to consider whether information sharing is right for them.

Co-authors of the series with Mr. Thibodeaux are Washington Partner Daniel Frank, who advises clients on cybersecurity and regulatory matters, and Washington Associate Allison Speaker, who assists on cybersecurity matters and advises on energy regulatory matters.