Skip Ribbon Commands
Skip to main content

Protecting the Power Grid from Cyber Threats

01/03/2018


​​​​​Ontario Energy Board Framework Setting the Pace

Cyber incursions and attacks are challenging the energy sector throughout the world as companies seek to protect key infrastructure and utilities from potentially deadly threats. The vulnerability of Ontario’s electricity system to cyber attacks is of growing concern and the focus of utility and cyber experts across Canada.

In the face of this growing risk, MNP Cyber Security Leader, Danny Timmins, is taking part in a panel discussion on cyber security on Tuesday March 1, 2018 during in the 16th Ontario Power Summit Conference in Toronto, ON. During the discussion, Cyber Security, an Ever-Present Threat, Danny will be discussing the nature and scope of the threat and what provincial authorities and utilities are doing to meet the threat, changes to Ontario Energy Board (OEB) Framework for Energy / Cyber and strategies to help local distribution companies be prepared and protected.

Energy Cyber Power Summit

67% of companies with critical infrastructure suffered at least one attack in the past 12 months*
78% expect a successful exploit of their ICS / SCADA systems within the next two years
*Source: Critical Infrastructure: Security Preparedness and Maturity (July 2014), Unisys and Ponemon Institute

Ontario's independent energy regulator, the OEB, recently outlined a framework to enhance security around its electricity generating assets, Cybersecurity Framework to Protect Access to Electronic Operating Devices and Business Information Systems within Ontario’s Non-Bulk Power Assets. The framework is expected to strengthen the industry focus on cyber security, defining a process and providing tools to facilitate continuous improvement among organizations subject to OEB regulatory oversight.

The board also released an accompanying white paper identifying best practices that should be built into Ontario’s smart grid to ensure reliability and consumer protection. The whitepaper lays out a number of self-assessment tools to assess risk profile and preparedness.

Compliance

Local distribution companies (LDCs) will be required to submit cyber security reports to the OEB and will also be subject to annual self-certification of cyber security capability. On approval, the framework will be adopted in two stages:

Stage 1: During this stage, a baseline of security must be established within three months of final approval of the framework.

Compliance will include basic reporting and a self-assessment questionnaire with management attestation.

Stage 2: System Maturity will then be evaluated within 12 months of final approval of the framework.

To evolve to a higher level of maturity, the security controls of LDCs will be evaluated. Risk-based and rotational testing will comprise self-assessment, desktop audits and on-site tests by a new Centralized Compliance Authority or an independent third party. LDCs will submit reports to the OEB re the status of reducing residual risk through the maturation of their security controls.

Dynamic Risk Management Approach

Regulatory compliance alone, although helpful for tracking and implementing security, does not provide sufficient protection. In an increasingly sophisticated cyber threat environment, energy organizations must be cyber resilient – able to prepare for and adapt to changing conditions and withstanding and rapidly recovering from attacks.

LCDs may benefit from working with a trusted cyber security partner to provide an objective perspective and expert guidance in conducting assessments and preparing appropriate reports.

Focusing on mitigation of the likeliest and most dangerous risks, cyber security specialists work with leadership teams to devise and implement strategies that protect vital infrastructure, operations and customers across the entire supply chain.

For more information on how MNP can help, contact:
Danny Timmins, National Leader, Cyber Security, at 905.607.9777 ext. 230 or [email protected]
Jason Hails, National Leader, Energy and Utilities, at 416.263.6920 or [email protected]