Cyber Security

Per the Ontario Cyber Security Standard (“OCSS”) amendment enacted September 22^nd, 2025, licensed Ontario transmission and distribution entities are required to report cyber security incidents as defined within the OCSS to the IESO.  The incident report template can be found within the OCSS, the Lighthouse™ Portal, and here: Ontario Cyber Security Standard.

Incidents are to be reported through the IESO’s Lighthouse™ portal.  Where the portal is inaccessible or unavailable, reports can be made via email to CyberIncidentReports@ieso.ca.  Licensed transmission and distributions entities not already participating in Lighthouse™ should contact cybersecurity@ieso.ca for more information on joining the program and subsequent access to the Lighthouse™ portal.

Cyber Security Incidents which meet the criteria defined in both the Ontario Cyber Security Standard and in the IESO Market Manuals must be reported separately through both channels.

The following is an excerpt from IESO Market Manual 7.1 IESO Controlled grid Operating Procedures. Please refer to the latest version of the Market Rules and Manual,  for the complete requirements for reporting cyber security incidents.

In accordance with NERC Reliability Standards, Market Participants must report any event that meets the reporting criteria defined in:

• NERC standard CIP-003: Cyber Security — Security Management Controls (if applicable to the market participant); or
• NERC standard CIP-008: Cyber Security – Incident Reporting and Response Planning (if applicable to the market participant)

These reporting obligations apply to market participants for whom:

• NERC standard CIP-003 applies, and with Low impact BES Cyber System(s); or
• NERC standard CIP-008 applies, and with Medium or High impact BES Cyber System(s).

  For actual or potentially reportable events relating to criteria outlined above, Market Participants will:

• Notify the IESO Shift Control Specialist (SCS) by phoning 905-855-6200 within 60 minutes of confirming a NERC Reportable Cyber Security Incident has occurred and email scs@ieso.ca for this NERC Reportable Cyber Security Incident with the completed form located in Appendix C.4 of Market Manual 7.1.
• Notify the IESO Shift Control Specialist (SCS) by phoning 905-855-6200 by end of the next calendar day after confirming the determination by the Market Participant that a NERC Cyber Security Incident attempted to compromise a BES Cyber System (BCS), Electronic Security Perimeter (ESP), or an Electronic Access Control or Monitoring System (EACMS) (as per CIP-008, or as identified in the Market Participant’s Cyber Security Incident Response Plan). Additionally, email scs@ieso.ca for this NERC Cyber Security Incident with the completed form located in Appendix C.5.
• Promptly notify the IESO Control Room Manager – Operations by telephone of any physical security events.

Cyber Security Incidents which meet the criteria defined in the Ontario Cyber Security Standard and in the IESO Market Manuals must be reported through both channels.

Cyber security incidents that do not fall within the reporting requirements outlined in the IESO Market Manuals and Rules or the Ontario Cyber Security Standard, can be voluntarily reported to IESO's cyber security team via email to CyberIncidentReports@ieso.ca.