B.C. Hydro’s vast electrical grid is considered by international security agencies as part of North America’s “critical infrastructure,” protected against cyberattacks as well as vandalism and terrorism.
A new report by B.C.’s Auditor General finds B.C. Hydro is meeting security standards to prevent the nightmare scenario, a cyberattack that could trigger blackouts across the interconnected continental power grid. But smaller-scale disruptions are still possible and should be addressed, Auditor General Carl Bellringer says.
The audit notes that energy infrastructure is one of the most cyberattacked of all critical infrastructure world-wide.
B.C. Hydro “needs to expand its detection efforts because the standards focus on ensuring reliable operation of the power system as a whole, but don’t cover all components of the system,” Bellringer wrote. “Any components that don’t fall under the mandatory standards may be vulnerable to cybersecurity threats and should be monitored.”
B.C. Hydro supplies electricity to 95 per cent of B.C. and is essential for the economy, from homes to hospitals to industry. The audit recommends additional detection mechanisms to monitor the rest of the system.
B.C. Hydro responded that it has invested more than $30 million over two years to its cyber and physical security programs, which are kept confidential. The utility accepts the recommendation to extend its monitoring, using a “risk-based approach to prioritize mitigation measures where needed.”