McCarter & English, LLP | Contents of this website may contain attorney advertising. | Results may vary depending on your particular facts and legal circumstances.

Share

Alternative Dispute Resolution & Mediation
Artificial Intelligence
Bankruptcy, Restructuring & Litigation
Blockchain, Smart Contracts & Digital Currencies
Business Litigation
Cannabis
Corporate
Crisis Management
Cybersecurity & Data Privacy
Delaware Corporate, LLC & Partnership Law
Design, Fashion & Luxury
E-Discovery & Records Management
Energy & Utilities
Environment & Energy
Financial Institutions
Food & Beverage
Government Affairs
Government Contracts & Global Trade
Government Investigations & White Collar Defense
Healthcare
Hospitality
Immigration
Impact Investing
Insurance Recovery, Litigation & Counseling
Intellectual Property
Labor & Employment
Latin America
Life Sciences
Manufacturing
Products Liability, Mass Torts & Consumer Class Actions
Public Finance
Real Estate
Renewable Energy
Sports & Entertainment
Tax & Employee Benefits
Technology Transactions
Transportation, Logistics & Supply Chain Management
Trusts, Estates & Private Clients
Venture Capital & Emerging Growth Companies
Search By:

4.15.2026

In today’s highly interconnected world, cybersecurity and good data hygiene are more important than ever before. A recent Joint Cybersecurity Advisory issued by several federal government agencies—including the US Department of Energy—identifies specific threats from Iran-backed actors targeting critical energy infrastructure. Specifically, the advisory warns of “ongoing cyber exploitation of internet-connected operational technology” and in particular “programmable logic controllers”—which are prevalent in power generation and distribution facility automation processes.

According to the advisory, the FBI believes these attacks have escalated in recent weeks, likely in response to the current hostilities between Iran and the United States. These cyberattacks are intended to cause disruption by, for example, “maliciously interacting with project files, and manipulating data displayed on HMI [human machine interface] and  SCADA [supervisory control and data acquisition]displays.”

The advisory serves as a good reminder for energy sector participants—large and small—that the industry is a high-profile target for bad actors. One incident can lead to significant operational disruption and financial harm as entities in this sector vary widely in size and resources—some have many resources to focus solely on cybersecurity, and others are much smaller and lack resources to dedicate to only one risk area.

While the government’s alert focuses on particular threats and provides mitigation measures specific to those threats, there are best practices that all entities should habitually revisit in the face of evolving threats. Here are five common steps that all entities can take to make themselves a more difficult target and minimize the damage from a cybersecurity breach:

  1. Technical Security: Make sure your company is encrypting data (and keeping the key somewhere else) using endpoint detection and multifactor authentication and undertaking routine scans/checks for anomalous activity.
  2. Know Your Data: Ensure you know what data is stored where and which vendors have or may have access to what segments of your data.
  3. Back Up: Maintain segregated or off-site backups, and test your ability to restore from them.
  4. Have an Incident Response Plan (IRP): Know whom to call internally and externally, and know the first steps to take. Immediate action can save time and mitigate harm down the line.
  5. Test/Train to Your IRP: Testing and training to the IRP help entities identify gaps and additional risks before a real-life incident.

McCarter & English’s Cybersecurity and Data Privacy team can help entities—whether or not they are in critical infrastructure sectors—identify cybersecurity risks and vulnerabilities and assist in the development of procedures to protect the entities and those they serve. If you would like to learn more about the services our Cybersecurity and Data Privacy team can provide, please contact Erin Prest.