All hands on deck

According to Alex Foord, the IESO’s Chief Information Officer, it may be difficult to know exactly how many potential cyber-attacks are planned – and thwarted – every year, but this much is certain: the threats are real and they are becoming more sophisticated.

“We take cybersecurity issues very seriously,” said Foord. “Ontario depends on the reliable functioning of its critical infrastructure, and the power system is one of our most vital assets. Being a reliability coordinator goes beyond just the flow of electrons, which is why collaboration and information-sharing are key IESO priorities. As a sector, the more information we share, the better prepared we will be when it comes to fending off threats and attacks.”

How exactly will the IESO and CSE work together? Scott Jones, Head of the Canadian Centre for Cyber Security, says the Cyber Centre will work closely with the IESO. “In addition to information and technology sharing, with the IESO and across the sector, the Cyber Centre will provide support with threat prediction, identification and response on an as-needed basis, as well as guidance on threat assessment and reporting.”

The Cyber Centre partnership is the latest in a series of initiatives designed to help the IESO manage the risks associated with cyber threats. According to Ben Blakely, the IESO’s Head of Information Security, a new security operations centre, with advanced prediction and identification capabilities, will be operational in December 2018. With these capabilities, the centre will provide 24/7 near real-time cybersecurity monitoring to support the IESO’s in-house cybersecurity team.

“The centre will be a major milestone in the evolution of our cybersecurity program because it will help to ensure that any threats targeting data, assets and infrastructure are dealt with before widespread damage and disruption can occur.”

The power of collaboration

Coupled with its in-house technical bench strength, the IESO has a tradition of purposeful engagement with stakeholders on important industry issues. This will remain a top priority as the organization begins to carry out its new cybersecurity mandate.

The Cybersecurity Forum, which was established as a standing forum to allow for information-sharing on emerging cybersecurity issues, will continue, as will the IESO’s annual executive briefing with global cybersecurity experts.

The IESO will also continue to work collaboratively with reliability partners, including utilities and sector participants, and to support the development of new policies that focus on reliability, security and privacy. “Cybersecurity is complex, and it typically cuts across multiple layers of the sector, said Foord. “Our approach needs to be multifaceted as well, in order to build resilience and, when necessary, to engage in a coordinated response.” 

Other cybersecurity-related initiatives are in the works. Stay tuned to Powering Tomorrow for the latest updates.

The IESO’s licence has been amended to reflect the organization’s expanded accountability for providing cybersecurity-related services to the broader electricity sector - services that now include cybersecurity situational awareness, broader collaboration efforts and more robust information exchange.

With this latest change, announced in July, the IESO becomes the first system operator in North America to lead the sector on cybersecurity matters. The decision comes on the heels of a collaborative effort between the IESO, the Ontario Energy Board and industry stakeholders to develop a cybersecurity framework for the province.

The IESO’s new role acknowledges the organization’s leadership in protecting Ontario’s power grid from cyber threats and leverages the comprehensive cybersecurity governance framework already in place for its own operations. Based on the National Institute of Standards and Technology (NIST) standards, the framework goes beyond current electricity sector standards and is considered best practice on cybersecurity across all industries.

In support of its new mandate, the IESO has established partnerships with the Canadian Centre for Cyber Security (Cyber Centre), which is part of the Communications Security Establishment (CSE). The Cyber Centre is the central trusted government source of cyber security information, advice and guidance for Canadian enterprises, critical infrastructure owners and operators, and Canadians. This partnership reflects both the urgency of managing cybersecurity risk for the sector and signaling the central role that collaboration will play.