OEB Initiates Process to Enhance Grid Cyber-Security

In an earlier post, we wrote about a website that asks whether squirrels and raccoons or cyberattacks are a bigger risk to the electricity grid. Notwithstanding the humorous premise of that website, the reality is that there likely are risks to Ontario's electricity grid from cyberattacks. Very recently, there have been news articles (here and here) describing what is called the first successful large-scale cyberattack on an electricity grid, which caused a blackout for hundreds of thousands of people in the Ukraine in December 2015.

On February 11, 2016, the Ontario Energy Board issued a Notice announcing a process to review cyber-security of the electricity distribution grid and associated business systems that could impact the protection of personal information and grid security. This follows a questionnaire that the OEB had required all distributors to complete, setting out how they manage risks associated with cyber-security, including descriptions of their detection programs and response plans. According to the OEB's Notice, a Working Group will soon be established to leverage best practices currently in place, and ensure alignment with industry standards in order that a "sector-wide coherent framework for assessing and managing the associated security risks" can be established and implemented. It appears that the OEB's process will be confidential, and that the OEB will be designating and inviting appropriate parties (including the IESO) to participate in the Working Group.