Standards & Guidance
Electricity companies with a footprint in the wider bulk power system follow mandatory and enforceable reliability and cybersecurity standards set by the North American Electric Regulatory Corporation as a baseline. Companies also follow guidance from bodies like the National Institute of Standards and Technology. These standards and guidance provide a foundation for a secure and reliable grid.
Taking Action
Companies work every day to ensure they have strong security practices in place – everything from ensuring people have the right training, to making investments in security tools and processes to protect physical and digital assets, to practising response and recovery from major events.
Information Sharing & Critical Infrastructure Partnerships
Given the complex nature of security threats and critical infrastructure interdependencies, no one company, sector or government can take on challenges alone. Partnerships and information sharing are essential for success.
Every two years, Canadian and American electricity companies participate in GridEx, a distributed play exercise that simulates a cyber and physical attack on the North American electricity grid and other critical infrastructure. Led by NERC's E-ISAC, GridEx is an opportunity to practice response and recovery to major security threats.
Electricity companies also participate in forums for security information sharing. They work with government and law enforcement partners to ensure they have the most up to date information on security threats and mitigations. Canadian companies work with their Americans counterparts on electricity security – engaging in unity of effort and response to evolving threats.