Effects of President Trump’s Executive Order Requiring Review of Federal Cybersecurity Policies on the Electric Power Industry
By William DeGrandis, Robert Silvers & Jenna McGrath
On May 11, 2017, President Trump signed
The Order is notable for its emphasis on the electric power industry. While the Order addresses generally the importance of cybersecurity across all critical infrastructure sectors, it specifically calls out the security of the electric grid as an early area of focus and prioritization for the new Administration. In particular, the Order requires the Secretary of Energy, in consultation with security agencies and state and local governments, to assess “the potential scope and duration of a prolonged power outage associated with a significant cyber incident . . . against the United States electric subsector,” “the readiness of the United States to manage the consequences of such an incident,” and any “shortcomings in assets or capabilities required to mitigate the consequences of such an incident,” and to issue a report of its assessment within 90 days. (Order, Section 2(e)-(f)).
While the Order does not impose any direct requirements on energy industry participants, we anticipate that energy sector regulators may respond with accelerated attention to the cybersecurity of regulated entities. For example, the
More broadly the order also requires federal agencies to engage with all critical infrastructure entities identified pursuant to
As internet connectivity increasingly becomes integrated into the energy sector’s operational technology, cybersecurity risk will grow, and change in its nature. Threats from nation-states and terrorist actors suggest that this Administration will likely continue its focus on enhancing cybersecurity in order to protect the nation’s energy industry.
In conclusion, the comprehensive review this Order requires may trigger a significant response at agencies regulating the electric power, gas, and oil industries. We will closely monitor any developments and will provide additional updates on issues affecting the power industry and opportunities to participate in any related proceedings so that your organization’s interests are protected.