Photo of Erik Dullea

Erik Dullea

Subscribe to Erik Dullea's Posts

As head of Husch Blackwell’s Cybersecurity practice group, Erik assists clients in all aspects of cybersecurity and information security compliance and data breach response. Erik previously served as the acting deputy associate general counsel for the National Security Agency’s cybersecurity practice group before returning to the firm in 2023.

Follow:Read more about Erik DulleaErik's Linkedin Profile

In the weeks that followed a ransomware attack on a domestic pipeline company, the federal government’s efforts to shore up the cybersecurity posture of America’s critical infrastructure and supply chains, including the oil and gas industry, have garnered increased attention.  Historically, the oil and gas sector has not been subject to mandatory cybersecurity regulations, but rather was encouraged to follow voluntary security guidelines that were initially published by the Transportation Security Administration (TSA) in 2011 and revised in 2018. Yet, the industry sector’s geographic size, number of operators/stakeholders within the sector, and its importance to the national economy make the oil and gas industry an attractive target for cyberattacks.

Each of these factors begs the question whether voluntary cybersecurity measures are sufficient to protect this critical infrastructure component? Based on the TSA’s decision to publish the very first Pipeline Security Directive (“Directive”) three weeks after Colonial Pipeline was victimized by a ransomware attack, the answer to this rhetorical question appears to be an emphatic “No.”

Bottom Line Up Front: The Department of Energy (DOE) will implement new cybersecurity programs to enhance energy sector resilience. DOE’s announcement coincides with the Senate Energy and Natural Resources Committee’s support for the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER). Expect to see resilience to cyber attacks in future government procurement activities.

On March 18, 2021, CESER announced several new research programs designed to enhance the safety and resilience of the U.S. energy sector. The Trump administration established CESER to protect critical energy infrastructure by assisting oil, natural gas, and electricity industries secure their infrastructure. Currently, energy infrastructure faces threats not only from climate and natural hazards, but also evolving and increasing physical and cyber threats.