As part of its expanded role, the IESO announced February 28 that it had initiated a sector-wide data-sharing service to help increase the power sector’s cybersecurity resilience. By participating, utilities will be made aware of any threats facing the sector as a whole, as well as contributing to the system operator’s ability to see these threats, all in near real-time.
The service is the result of a first-of-its-kind partnership between the IESO and the Canadian Centre for Cybersecurity (CCCS), which operates under the Communications Security Establishment (CSE) – Canada’s central government source of cybersecurity information, advice and guidance.
“The IESO is leveraging its partnership with CCCS and is reaching out to all electricity utilities across the province to join forces in ensuring Ontario’s electricity system continues to operate safely and reliably in the face of potential cyber threats,” said Alex Foord, the IESO’s Vice-President, Information & Technology Services and Chief Information Officer. “We are the first system operator in North America to pursue this kind of sector-wide partnership for the purpose of building even greater resiliency into the electricity grid.”
As part of the development of the service, three local utilities – Toronto Hydro-Electric System Limited, Hydro One and Hydro Ottawa – were already on board as of February 28. Once security agreements were signed and information systems linked, CCCS began to pull in information from the IESO’s systems for analysis, sharing any red flags with the IESO. The system operator’s cybersecurity team in turn reviews and produces energy sector contextual outputs and uploads them to an information-sharing portal (see sidebar). On the basis of this information, the IESO determines if any alerts are warranted for the entire sector, or for individual utilities.
“Our number one goal is situational awareness for the sector,” said Ben Blakely, the IESO’s Senior Manager of Information Security. “Alerts might relate to a potential loss of power to the whole grid, part of it, or an individual utility. Or, they could be about a data breach affecting customer information, day-to-day operations, or payment systems.”
Hydro Ottawa was among the first utilities to sign up. “We didn’t hesitate to get involved because from our perspective, it’s all upside,” said Hydro Ottawa’s Manager of Cybersecurity, Jojo Maalouf. “The electricity grid in the National Capital Region is critical infrastructure. We are confident that under the IESO’s leadership, and with the support of other utilities in the province, we will all benefit from the CSE partnership.”
According to Blakely, all organizations that participate in the electricity sector have something to contribute, as well as a way to benefit. “This new capability can scale as well as provide unique insights for all those involved, no matter their size. When the IESO receives information from CCCS, it may be customized for our sector, it may relate specifically to the bulk electricity system, or it may be broader. There is strength in numbers, and in the information that’s shared.”
There are 67 electrical utilities in Ontario, several of which are currently in the process of signing the necessary agreements. Electricity sector companies that want to join the IESO’s province-wide cybersecurity initiative can do so at any time.
For more information visit this location.