Skip Links
Powering Tomorrow > IESO opens the door to sector-wide cybersecurity offensive

February 28, 2019  |  Data

IESO opens the door to sector-wide cybersecurity offensive

The IESO’s new cybersecurity mandate, announced in July last year, is good news for Ontario utilities looking to shore up their cybersecurity defenses, and even better news for the province’s electricity system.

Cybersecurity Infographic

As part of its expanded role, the IESO has initiated a sector-wide data-sharing service to help increase the sector’s cybersecurity resilience. By participating, utilities will be made aware of any threats facing the sector as a whole, as well as contributing to the system operator’s ability to see these threats, all in near real-time.

The service is the result of a first-of-its-kind partnership between the IESO and the Canadian Centre for Cybersecurity (CCCS), which operates under the Communications Security Establishment (CSE) – Canada’s central trusted government source of cybersecurity information, advice and guidance.

“The IESO is leveraging its partnership with CCCS and is reaching out to all electricity utilities across the province to join forces in ensuring Ontario’s electricity system continues to operate safely and reliably in the face of potential cyber threats,” said Alex Foord, the IESO’s Vice-President, Information & Technology Services and Chief Information Officer. “We are the first system operator in North America to pursue this kind of sector-wide partnership for the purpose of building even greater resiliency into the electricity grid.”


We are the first system operator in North America to pursue this kind of sector-wide partnership for the purpose of building even greater resiliency into the electricity grid.
Alex Foord, IESO Vice-President, Information & Technology Services, and Chief Information Officer

Three local utilities – Toronto Hydro-Electric System Limited, Hydro One and Hydro Ottawa – are already onboard. Once security agreements were signed and information systems linked, CCCS began to pull in information from the IESO’s systems for analysis, sharing any red flags with the IESO. The system operator’s cybersecurity team in turn reviews and produces energy sector contextual outputs and uploads them to an information-sharing portal (see sidebar). On the basis of this information, the IESO determines if any alerts are warranted for the entire sector, or for individual utilities.

“Our number one goal is situational awareness for the sector,” said Ben Blakely, the IESO’s Senior Manager, Information Security. “Alerts might relate to a potential loss of power to the whole grid, part of it, or an individual utility. Or, they could be about a data breach affecting customer information, day-to-day operations, or payment systems.”

Hydro Ottawa was among the first utilities to sign up. “We didn’t hesitate to get involved because from our perspective, it’s all upside,” said Hydro Ottawa’s Manager of Cybersecurity, Jojo Maalouf. “The electricity grid in the National Capital Region is critical infrastructure. We are confident that under the IESO’s leadership, and with the support of other utilities in the province, we will all benefit from the CSE partnership.”


The electricity grid in the National Capital Region is critical infrastructure. We are confident that under the IESO’s leadership, and with the support of other utilities in the province, we will all benefit from the CSE partnership.

Jojo Maalouf, Manager of Cybersecurity, Hydro Ottawa

According to Blakely, all organizations that participate in the electricity sector have something to contribute, as well as a way to benefit. “This new capability can scale as well as provide unique insights for all those involved, no matter their size. When the IESO receives information from CCCS, it may be customized for our sector, it may relate specifically to the bulk electricity system, or it may be broader. There is strength in numbers, and in the information that’s shared.”

There are 67 electrical utilities in Ontario, several of which are currently in the process of signing the necessary agreements. Electricity sector companies that want to join the IESO’s province-wide cybersecurity initiative can do so at any time.

 

Ontario utilities’ cybersecurity tool kit just got bigger

A new online service is now available to provide cybersecurity support to Ontario’s electricity utilities that want to share best practices, approaches, guidance and experience with their peers in a secure environment.            

Available thanks to a new partnership between the IESO and the Canadian Cyber Threat Exchange (CCTX), the service is housed in a centralized and secure online portal.            

According to the Ponemon Institute, an average of 39 per cent of all cyber attacks can be thwarted because the organization engaged in sharing of threat intelligence with peers. The IESO’s Senior Manager, Information Security, Ben Blakely, agrees. That’s why he’s reaching out to all electrical utilities across Ontario to join forces in sharing their data, and their real-life experiences, to stop cyber threats in their tracks.

Blakely says the data-sharing initiative is part of a two-pronged strategy designed to support Ontario utilities and protect the provincial grid. “Part two is our CCTX partnership, which we’re also opening up to all electrical utilities. We hope this becomes a place where our energy sector peers can learn, share and help each other.”

The online portal is a ‘one-stop-shop’ for cybersecurity information for Ontario’s electricity sector. The IESO’s cybersecurity team manages all content, acting as as a moderator and issuing updates.

For access to the portal, or for more information, contact the IESO’s cybersecurity team.

Share: