Cybersecurity and Electro-Federation Canada

July 31, 2020

By Gurvinder Chopra

In June 2019, the U.S. grid regulator, NERC, issued a warning that a major hacking group was conducting reconnaissance into the networks of electrical utilities.
Just one month later, several major industrial firms announced they had been victims of a state-sponsored hacking campaign.

A year later, hackers targeted over 75 organizations around the world in the manufacturing, media, healthcare, and non-profit sectors, as part of a broad-ranging cyber espionage campaign.

These cyberattacks are just some of the countless threats occurring around the world – resulting in a renewed focus on cybersecurity for all businesses.

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. Cyberattacks typically access, change, or destroy sensitive information; extort money from users and/or interrupt normal business processes.

As the number of connected devices installed in industrial settings rapidly increases, the protection of systems becomes increasingly imperative. There were between 8 and 15 billion devices connected to the internet in 2015 and this number is expected to reach 50 billion devices by 2025. In the Industrial segment, IIoT (Industrial Internet of Things) devices enhance manufacturing, industrial processes and operational efficiencies through internet-connected machinery, infrastructure and advanced smart devices that collect, exchange and analyze data.

Grid companies are also integrating field devices in enterprise-wide information systems, adding configuration management, event retrieval and remote access. IIoT devices, when hacked, can cause major disruptions to operations. Erroneous information can be introduced in industrial sectors and trigger incidents, accidents or shutdowns. IoT devices installed in appliances, home automation products, cameras and laser printers are used by unauthorized third parties to access household, commercial and industrial networks.

With the increase of cyber attacks and the rising volume of connected devices, cybersecurity is integral to safeguarding Canada’s citizens, information, economy and infrastructure – and Electro-Federation Canada (EFC) is spearheading new initiatives to support its members’ cybersecurity requirements.

EFC has aligned with CIO-Strategy Council (CIO-SC), a forum for Canada’s Chief Information Officers, to focus on influencing Canadian information and technology ecosystems. CIO-SC is accredited by the Standards Council of Canada (SCC) as a Standards Development Organization (SDO) in Canada. Collaboration between EFC and CIO-SC has resulted in the formation of an EFC committee that will focus on cybersecurity, and facilitate discussions on Industry 4.0, the cybersecurity of IIoT devices and data governance, and enable members to participate in the development of standards related to these efforts.

The development of new standards and certification programs will help reduce the risk/severity of cyber attacks via IIoT devices. Once developed, the voluntary standards can be adopted by governments and industry. Federal, state and provincial governments routinely adopt thousands of voluntary standards by reference in regulations. Standards are also systematically incorporated by governments and industry as mandatory requirements in procurement documents and supply chain contracts. This will ensure broad compliance to the consolidated standard. EFC is seeking active representation from its members to participate in the new committees, in an effort to collaboratively address the issue of cybersecurity.

Gurvinder Chopra is VP, Standards & Regulations for Electro-Federation Canada.