4 minute read
Ready to Respond: The Electricity Sector and Evolving Cyber Threats
Ready to Respond:
The Electricity Sector and Evolving Cyber Threats
- By Leah Michalopulos -
Director, Government Relations, Canadian Electricity Association
Reliable and resilient electricity is essential; this is why electricity companies work 24/7 to keep the grid running, keep our laptops powered, and keep our lights on. While the pandemic has been prevalent in all facets of business and life over the last year, perhaps an even more urgent challenge has been evolving cyber security threats.
Not only are threat actors rising in numbers and becoming more sophisticated, but “state-sponsored actors are very likely attempting to develop cyber capabilities to disrupt Canadian critical infrastructure”. These are the stark messages outlined in the Canadian Centre for Cyber Security’s recent National Cyber Threat Assessment (‘NCTA’). The world recently faced a real-life example of these threats when the SolarWinds supply chain compromise was brought to light. By exploiting a software vulnerability, hackers were able to access the networks of governments and businesses for several months.
While the attack was not specific to the electricity sector, it has forced everyone to take a closer look at the security of systems, and the supply chains that serve them.
The NCTA also describes that while advancements in technology are spurring innovation and transformation and are in fact making our lives better in many ways, the growth of technologies such as the Internet of Things (IoT), the Industrial Internet of Things, and automation also mean new risks in the cyber security landscape – risks that companies must adapt to.
Most of these cyber security threats are not surprising to the electricity sector; this is the reality it faces every day as it continuously works to protect the grid against dynamic threats.
And this is a top priority for Canadian electricity companies, a responsibility taken seriously. From complying with cyber security standards as a baseline, to participating in forums for security information sharing, to continuously taking proactive actions to prevent and respond to physical and cybersecurity intrusions, to practicing response to major events, to striving for a culture of security and making investments that support physical and cyber security – the work never stops.
Also essential are partnerships with the broader security community, such as the Canadian government, including with the Canadian Centre for Cyber Security. Given the integrated nature of the Canada-U.S. electricity grid, Canadians also cooperate with their American counterparts on electricity security matters – engaging in unity of effort and response to evolving threats.
But as shown in the NCTA and with SolarWinds, threats against the electricity sector and the threat landscape itself continue to evolve. This comes at a time when electricity is becoming even more essential, and we are becoming even more digitally connected.
As technologies such as artificial intelligence and IoT integration transform the way we live and work, and with policymakers and businesses looking to achieve clean energy goals, electricity will only become more important. And this is good. More electricity can power more innovation – creating jobs and opportunities for Canadians. More electricity can mean increased digital connectivity – making our lives easier and more efficient.
But none of this is possible without secure electricity.
As threats continue to renew and evolve, the way we respond to them must evolve as well. Electricity companies are already doing this by consistently learning, adapting, and responding. We cannot do it alone though; no one can. The electricity sector, other critical infrastructure sectors and governments working in unity of effort and response to threats, is more crucial than ever. Addressing prevalent, evolving, and increasingly sophisticated threats means that it will be essential to forge even stronger trusted partnerships throughout the critical infrastructure security community.
Now more than ever, government partners must continue to invest in programs and policies that serve to support the security posture of Canadian critical infrastructure and continue to show leadership on these issues.
This includes helping to promote and train a cyber workforce ready to take on the challenges of today and tomorrow. It includes deepened support for cyber security information and intelligence sharing programs between industry and government. It includes enabling electricity companies to take cyber security actions through provision of actionable and timely information. It includes partnership and collaboration to find solutions to the major cyber security issues we face today.
The need for electricity is only going to grow in the future. And the system that makes, moves, and delivers that electricity is only going to become increasingly networked and connected. Actors motivated by malice, money, or politics will not go away. Collectively, we cannot, and we will not, let our guard down.
A version of this article was originally published in January 2021 on the Canadian Global Affairs Institute website.
