Areas of Practice

News & Publications  

Oil and gas cybersecurity projects went ‘to the bottom of the pile’ in energy slump (Houston Chronicle, 12 April 2018) - Oil companies put cybersecurity initiatives on hold while crude prices languished at multi-year lows in 2015 and 2016, falling behind in hardening their systems while state-sponsored hacking groups only got more proficient at probing U.S. energy networks, security experts say. As oil companies cut thousands of jobs and pared back drilling operations in the downturn, cybersecurity teams faced funding shortfalls for projects to secure computer networks that run rigs, pipelines and other oil field assets, increasing pressure for a field already challenged by finite resources and competing priorities. In an oil bust, “projects, capabilities and needs that aren’t exactly on top of mind go to the bottom of the pile,” said Paul Brager Jr., a cybersecurity professional at Houston oil field services firm Baker Hughes, a GE company. But among federal agencies and security professionals called in to respond to online attacks, there’s no longer any doubt foreign adversaries in Russia, Iran and North Korea have planned and executed attacks to plant themselves in U.S. critical infrastructure, which includes pipelines, refineries and petrochemical plants.

Cybersecurity standards for private companies: Taking notes from the SEC’s public company guidance (Nixon Peabody, 18 April 2018) - The Securities and Exchange Commission (“SEC”) recently updated and expanded its guidance to public companies on cybersecurity risks and incidents in its “Commission Statement and Guidance on Public Company Cybersecurity Disclosures“ (the “2018 Guidance”). The 2018 Guidance represents a broad recognition of the critical role that cybersecurity plays in the health of companies and the stability of markets. “There is no doubt that the cybersecurity landscape and the risks associated with it continue to evolve,” said a statement released by SEC Chairman Jay Clayton. “Public companies must stay focused on these issues and take all required action to inform investors about material cybersecurity risks and incidents in a timely fashion.” To support this effort, the SEC has created a cybersecurity website with helpful alerts and bulletins, compliance toolkits, and educational resources. In addition, the Unit charged with targeting a wide range of cyber-related misconduct, such as market manipulation through the spread of false information, hacking, and intrusions and attacks on trading platforms and market infrastructure. While a private company can be reassured that a member of the Cyber Unit will not show up at its door, the 2018 Guidance offers useful insights about the evolving risks in the digital marketplace, as well as effective controls and procedures to manage these risks—all of which can inform a private company that must navigate similar pitfalls in the modern e-commerce environment. Cybersecurity is, as the SEC’s website states, “a responsibility of every market participant.” To that end, the following are some key takeaways for private companies from the 2018 Guidance: * *

​​Technology Transactions​

​

Mergers and Acquisitions

​

Employment Law​

​

Corporate Governance​

​

Intellectual Property

​

Debt and Equity Financing

​

Open Source Licensing​​​​​

​

Cyber Security Law

​

Data Privacy (GDPR)

​

Escrow Services

​

Real Estate