Electricity Utility Cyber Security
Launched
February 7, 2023
Details
Working with electricity transmitters and distributors to address cyber security business risks in a consistent manner that achieves the OEB’s expectations for reliability, security and privacy.
Updates
Updates
Date
Issue / Document
March 27, 2024
The OEB issued a Notice of Amendments to the Distribution System Code and Transmission System Code. The amendments require utilities to comply with a new Ontario Cyber Security Standard document which focuses on privacy, corporate governance, and situational awareness related to cyber security. These amendments will come into force on October 1, 2024.
February 12, 2024
The OEB issued a Notice of Proposal to Amend the Distribution System Code and Transmission System Code. The amendments require utilities to comply with a new Ontario Cyber Security Standard document with an initial focus on privacy, corporate governance, and situational awareness related to cyber security.
February 12, 2024
The OEB made changes to improve the effectiveness of utilities’ cyber security reporting. These revisions align reporting questions with the Ontario Cyber Security Framework (OCSF), increase the granularity of response options, and enable utilities to report against version 1.1 of the OCSF, released in December 2023.
December 7, 2023
The Cyber Security Advisory Committee (CSAC), an industry-led committee consisting of representatives of Ontario’s utilities and other stakeholders, released version 1.1 of the Ontario Cyber Security Framework (OCSF). The OEB considers the OCSF to be the critical tool for utilities to assess their cyber security readiness. The OCSF consists of more than 100 control actions that are classified into five functions: Identify, protect, detect, respond, and recover. The OCSF is based on the National Institute of Standards and Technology (NIST) cyber security framework, which is a widely referenced cyber security framework. It also incorporates privacy principles contained in Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). The OEB’s Reporting and Record-Keeping Requirements (RRR) and the cyber security sections of the Transmission System Code (TSC) and Distribution System Code (DSC), respectively, reference the OCSF as being the basis for utility cyber security reporting to the OEB.
February 7, 2023
The OEB issued a letter describing a plan to implement cyber security requirements that support utilities in enhancing their cyber security readiness. The letter noted that licensed utilities are responsible for managing cyber security risk as part of their overall business risk and that the OEB’s role is to set the expectations for managing those risks.