Hunton Andrews Kurth Obtains SAFETY Act Certification for Energy Company’s Internal Enterprise-Wide Cybersecurity Program

Hunton Andrews Kurth LLP recently represented an energy company in obtaining the first public SAFETY Act certification for an internal enterprise-wide cybersecurity program.

Administered by the Department of Homeland Security (DHS), the Supporting Anti-Terrorism by Fostering Effective Technologies Act of 2002, more commonly known as SAFETY Act, protects the reputation of and limits the liabilities faced by companies, including energy, financial, communications and other critical infrastructure companies, that deploy DHS approved technologies and services against certain cyber or physical attacks.

“Today’s environment of increased interconnectivity and intensified threats in our country’s critical infrastructure sectors is vastly different from that of the past,” said Paul M. Tiao, co-chair of the firm’s energy sector security team. “Particularly for companies in the energy, financial, communications and manufacturing sectors, as cyber and physical attacks become more rampant, the reputational damage they can cause – and the amount of liability companies face in their wake – could be monumental.”

“Congress passed the SAFETY Act with the intent of preventing potential terrorism-related liability from stifling the development or sale of anti-terrorism technologies and services – making the nation less secure as a result,” added Kevin W. Jones co-chair of the energy sector security team. “The goal was to limit the potential reputational harm and legal liability faced by companies offering such products or services, and in some circumstances, to give them complete immunity.”

The DHS process for approving an application for SAFETY Act protection takes several months after the company’s submission of its application, and that is preceded by a sometimes-lengthy process of preparing the application. The application must address multiple statutory criteria and include information from stakeholders across the company. If approved, DHS grants the technology or service liability and reputational protections at one of three levels, with certification being the highest.

About the Energy Sector Security Team and Cyber and Physical Security Task Force

Combining lawyers from more than a dozen practice groups, Hunton Andrews Kurth’s energy sector security team and its cyber and physical security task force work with companies in the electric utility, oil and natural gas, financial, communications, chemical, manufacturing and other critical infrastructure sectors to minimize the risks or consequences of a serious security incident. For more information, click here and here.