Cyber Security and Insurance Coverage: Evolving

Transcript:Cyber Security and Insurance Coverage: Evolving:
Cyber Security and Insurance Coverage: Evolving Risks Where More Than Data Is At Stake Cyber Risks – Insurance Coverage and Regulatory Updates for the Offshore Energy and Marine Sectors Cefor Annual Seminar Oslo 9 April 2015 Glenn Legge James Brown Legge, Farrow, Kimmitt, McGrath & Brown, L.L.P. www.leggefarrow.com Concerns about exposure to cyber attacks in the marine and offshore energy sectors. Enhanced government oversight and corporate obligations to protect against increasing risk of cyber attacks. U.S. Coast Guard (USCG) and Department of Homeland Security (DHS) proposed regulations for marine and offshore energy sectors. Insurance coverage issues arising from exclusions for cyber risks. New contractual allocation clauses for cyber risks. Path Forward Issues to be Addressed 2014 – Hackers caused a floating energy facility off the coast of West Africa to list, forcing temporary shut down. 20 June 2014 – AnonGhost announced it had launched a barrage of cyber-attacks on energy companies in the Middle East and the United States. Later identified as “Operation Petrol”. 2 July 2014 – DHS’s ICS-CERT warned of malicious software used by “a Russian hacking group – ‘Energetic Bear’ or ‘Dragonfly’ – targeting the energy sector and related industries.” 10 December 2014 – ICS-CERT identified a variant of the Black Energy malware that targeted GE Cimplicity and Siemens WinCC SCADA programs. 30 January 2015 – ICS-CERT identified a remote exploit vulnerability affecting Cobham Sailor 900 VSAT, a maritime satellite broadband product and allowing attacker to bypass passwords. Cyber attacks - Is the Offshore Energy Next? Is Next Now? Enhanced Government Oversight to Manage Risks of Cyber Attacks June 2013 – Executive Order 13636 Improving Critical Infrastructure Cybersecurity. February 2014 – Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0 National Institute of Standards and Technology (NIST). February 2014 – DHS/DOE Oil and Natural Gas Subsector Cybersecurity Capability Maturity Model (ONG – C2M2) – Version 1.1. July 2014 – DHS Insurance Industry Working Session Readout Report. June 2014 – SEC Commissioner Aguilar Addresses Corporate Obligations Concerning Cyber Risks. December 2014 – DHS/USCG issue notice of proposed cybersecurity regulations. Enhanced Government Oversight to Manage Risks of Cyber Attacks Executive Order 13636, Improving Critical Infrastructure Cybersecurity Adoption of the Cybersecurity Framework (“Framework”). Market-based incentives to encourage the development of cyber insurance. Litigation risk mitigation for entities that adopt the Framework and meet reasonable insurance requirements. Legal benefits may include limited indemnity, higher burdens of proof, or limited penalties; case consolidations;