Security & Electricity – Adapting & Responding to Security Threats

Protecting the grid is a top priority for Canadian electricity companies, a responsibility the sector takes very seriously.


Reliable and resilient electricity is essential for Canadians. It will only become more important as clean electricity powers more aspects of our everyday lives. Electricity companies work 24/7 to keep the grid secure and reliable in the face of a dynamic security environment, from cyber threats like ransomware to the security challenges of more extreme weather events.

Protecting the grid is a top priority for Canadian electricity companies, a responsibility the sector takes very seriously. From complying with security standards as a baseline, to participating in forums for security information sharing, to continuously taking proactive actions to prevent and respond to issues, to practicing responses to major events, to fostering a culture of security, to making investments to support physical and cybersecurity – this work never stops.  

When faced with challenges, it’s always better to be working in unity of effort with others. Therefore, security partnerships, with governments, with partners in the United States, with suppliers and with other critical infrastructure security communities, are also essential.

Together, we are ready to protect and respond.

Standards & Guidance

Electricity companies with a footprint in the wider bulk power system follow mandatory and enforceable reliability and cybersecurity standards set by the North American Electric Regulatory Corporation as a baseline. Companies also follow guidance from bodies like the National Institute of Standards and Technology. These standards and guidance provide a foundation for a secure and reliable grid.

Taking Action

Companies work every day to ensure they have strong security practices in place – everything from ensuring people have the right training, to making investments in security tools and processes to protect physical and digital assets, to practising response and recovery from major events.

Information Sharing & Critical Infrastructure Partnerships

Given the complex nature of security threats and critical infrastructure interdependencies, no one company, sector or government can take on challenges alone. Partnerships and information sharing are essential for success.

Every two years, Canadian and American electricity companies participate in GridEx, a distributed play exercise that simulates a cyber and physical attack on the North American electricity grid and other critical infrastructure. Led by NERC's E-ISAC, GridEx is an opportunity to practice response and recovery to major security threats.

Electricity companies also participate in forums for security information sharing. They work with government and law enforcement partners to ensure they have the most up to date information on security threats and mitigations. Canadian companies work with their Americans counterparts on electricity security – engaging in unity of effort and response to evolving threats.