• About
  • Offices
  • Careers
  • Students
  • Alumni
Background Image
Logo Bennett Jones
  • People
  • Expertise
  • Resources
  • Search
  • Menu
  • Search Mobile
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z All

FEATURED AREAS

Energy
Funds & Finance
Mining
Capital Projects
All Industries
Crisis & Risk Management
Environmental, Social & Governance
Governmental Affairs & Public Policy
All Practices
Insights
Media
Events
Subscribe
COVID-19 Resource Centre
Business Law Talks Podcast
Kickstart
New Energy Economy Series
People
Featured Areas
All Practices
All Industries
About
Offices
Careers
Insights
Events
Search
Search
 
Blog

Electrical Infrastructure Standards Updated to Meet Cybersecurity Threat

January 04, 2018

Written by Martin P.J. Kratz QC, FCIPS and Stephen D. Burns

A quote famously attributed to then FBI Director, Robert Mueller, in March 2012 advised that: “There are only two types of companies: those that have been hacked, and those that will be.”

With the rapid increase in the current plague of cyberattacks, a key issue for regulators continues to be the protection of critical infrastructure. In recent years, various U.S. regulatory agencies have established (and periodically update) standards to improve the ability to detect, mitigate and respond to the increasing cybersecurity threats to critical infrastructure. Canadian regulatory agencies and industry participants, particularly in sectors where there are cross-border connections, have also established (and periodically update) their related standards.

As a result, Canadian electrical infrastructure operators are well advised to watch the recent developments in the United States where the Federal Energy Regulatory Commission (FERC) has, on December 21, 2017, released a draft notice of proposed rulemaking responding to the cybersecurity threat.

The FERC proposed that, under section 215(d)(5) of the Federal Power Act, to modify the NERC Critical Infrastructure Plan (CIP) reliability standards to improve mandatory reporting of cybersecurity incidents. The concern FERC identifies is that the current reporting threshold for cybersecurity incidents may result in the understating of the true scope of such threats facing the bulk electrical system.

The proposed rule would require modifications to the NERC CIP reliability standards to include mandatory reporting of cybersecurity incidents “that compromise or attempt to compromise,” the electronic security perimeter, electronic access control or monitoring system of applicable entities.

The proposed reporting also targets the reporting standards to both improve the quality of such reporting and facilitate the comparison and analysis of incidents. A deadline for the filing of such reports is proposed, as is annual reporting to FERC.

As such, Canadian electrical industry participants are well advised to consider if these proposed U.S. developments will result in similar changes to the applicable critical infrastructure standards in Canada.

Author

  • Stephen D. Burns Stephen D. Burns, Partner, Trademark Agent

Read the Spring 2021 Economic Outlook

Related Links

  • Insights
  • Media
  • Subscribe

Recent Posts

Blog

CBSA Proposes Far-Reaching Changes to Canadian Customs Valuation Law

June 21, 2021
       

Blog

Changes to the Alberta Partnership Act Now in Effect

June 15, 2021
       

Blog

The AER's Holistic Approach to Liability Management

June 15, 2021
       

Blog

What Is the Smart Renewables and Electrification Pathways Program?

June 11, 2021
       

Blog

Class Action Waiver Unenforceable Due to Unconscionability [...]

June 08, 2021
       

The firm that businesses trust with their most complex legal matters.

  • Privacy Policy
  • Disclaimer
  • Terms of Use

© Bennett Jones LLP 2021. All rights reserved. Bennett Jones refers collectively to the Canadian legal practice of Bennett Jones LLP and the international legal practices and consulting activities of various entities which are associated with Bennett Jones LLP

Logo Bennett Jones