1. Insights
  2. Blogs
  3. Speaking Energy

CISA Recommends Cybersecurity “Best Practices” in Advance of Winter Holidays

Dec 16, 2021

Reading Time : 1 min

CISA warned that “[s]ophisticated threat actors, including nation-states and their proxies, have demonstrated capabilities to compromise networks and develop long-term persistence mechanisms,” as well as “capability to leverage this access for targeted operations against critical infrastructure with potential to disrupt National Critical Functions,” which are “functions of government and private industry so vital that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, and public health or safety,” including, for example, the generation, transmission and distribution of electricity. (See here).

CISA provided a number of proactive “best practices” that entities can take to “strengthen operational resiliency by improving network defenses and rapid response capabilities.” Its principal recommendations are to:

  1. “Increase organizational vigilance by ensuring there are no gaps in Information Technology (IT)/Operational Technology (OT) security personnel coverage [during the holiday season, when staffing may be reduced,] and that staff provides continual monitoring for all types of anomalous behavior.”
  2. “Prepare your organization for rapid response by adopting a state of heightened awareness.” This includes creating, updating or reviewing, as applicable, cybersecurity incident response procedures and continuity plans, and ensuring that personnel know what to do during and after an incident, so they can continue to “operate key functions in an IT-constrained or otherwise degraded environment.”
  3. “Ensure your network defenders implement cybersecurity best practices” such as using multifactor authentication and strong passwords for access to systems, installing approved software updates (while “prioritizing known exploited vulnerabilities”) and securing accounts and access credentials.
  4. “Stay informed about current cybersecurity threats and malicious techniques,” including by keeping up with CISA notifications about security topics and known threats.
  5. “Lower the threshold for threat and information sharing” and “[i]mmediately report cybersecurity incidents and anomalous activity to CISA and/or the FBI.”

CISA also provided additional actions to improve general cybersecurity hygiene, enhance functional resilience and speed incident response capabilities, as well as links to resources for additional information and guidance. Best wishes for safe and healthy winter holidays for all.

Share This Insight

Categories

Oil & GasTransmissionSmart Grid/Energy StorageLobbying & Public PolicyPowerRenewable EnergyNorth America
Subscribe to the Speaking Energy Blog Series >

Previous Entries

Speaking Energy

February 10, 2026

The global energy sector enters 2026 amid major policy shifts, geopolitical tension and evolving market dynamics. The Trump administration’s reversal of Biden-era climate initiatives and renewed emphasis on domestic production have reshaped the policy landscape, offering a more favorable regulatory environment even as conflicts abroad, oil price volatility and shifting trade policies tempered deal activity through 2025.

...

Read More

Speaking Energy

January 22, 2026

On January 16, 2026, the National Energy Dominance Council (NDEC) and governors from each of the 13 states in PJM issued a Statement of Principles urging PJM Interconnection, L.L.C. (PJM) to hold an emergency backstop auction and take other measures to support the entry of new capacity to preserve the reliability of the PJM region. The Statement of Principles calls on PJM to expeditiously file with the Federal Energy Regulatory Commission (FERC or the Commission) tariff revisions that would overhaul aspects of PJM’s market rules to address rising electricity prices and growing reliability risks in the PJM region. The Statement of Principles comes at a time of growing concern that PJM will not have sufficient capacity in the coming years to meet demand due to the retirement of existing generation resources, the glacial pace of new entry and projected increased demand associated with data center development.

...

Read More

Speaking Energy

December 21, 2025

On December 19, 2025, the Federal Energy Regulatory Commission (FERC or the Commission) issued its much-anticipated order on show cause proceeding concerning the co-location of generation and load within the PJM Interconnection, L.L.C. (PJM) market.[1] In the order, the Commission finds that PJM’s tariff is unjust and unreasonable because it does not provide sufficient clarity on the rates, terms, and conditions of service applicable to generators serving Co-Located Load and does not include transmission services appropriate for customers that are willing and able to limit their use of the transmission system in certain conditions. 

...

Read More

Speaking Energy

November 25, 2025

We are pleased to share the program materials and a recording of Akin’s recently presented webinar, “Navigating the Evolving Landscape of Corporate PPAs.”

...

Read More

Recommended Blogs

© 2026 Akin Gump Strauss Hauer & Feld LLP. All rights reserved. Attorney advertising. This document is distributed for informational use only; it does not constitute legal advice and should not be used as such. Prior results do not guarantee a similar outcome. Akin is the practicing name of Akin Gump LLP, a New York limited liability partnership authorized and regulated by the Solicitors Regulation Authority under number 267321. A list of the partners is available for inspection at Eighth Floor, Ten Bishops Square, London E1 6EG. For more information about Akin Gump LLP, Akin Gump Strauss Hauer & Feld LLP and other associated entities under which the Akin Gump network operates worldwide, please see our Legal Notices page.