Electricity Utility Cyber Security

The OEB issued a Notice of Proposal to Amend the Distribution System Code and Transmission System Code. The amendments require utilities to comply with a new Ontario Cyber Security Standard document with an initial focus on privacy, corporate governance, and situational awareness related to cyber security. 

• Notice of Proposal

The Cyber Security Advisory Committee (CSAC), an industry-led committee consisting of representatives of Ontario’s utilities and other stakeholders, released version 1.1 of the Ontario Cyber Security Framework (OCSF). The OEB considers the OCSF to be the critical tool for utilities to assess their cyber security readiness. The OCSF consists of more than 100 control actions that are classified into five functions: Identify, protect, detect, respond, and recover. The OCSF is based on the National Institute of Standards and Technology (NIST) cyber security framework, which is a widely referenced cyber security framework. It also incorporates privacy principles contained in Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). The OEB’s Reporting and Record-Keeping Requirements (RRR) and the cyber security sections of the Transmission System Code (TSC) and Distribution System Code (DSC), respectively, reference the OCSF as being the basis for utility cyber security reporting to the OEB. 

• Ontario Cyber Security Framework