The provincial auditor general says BC Hydro is “effectively managing” the risk of cybersecurity, but it needs to expand detection to include system component’s outside reliability standards.
Carol Bellringer released her audit Tuesday morning focused on how the utility manages cybersecurity risks to its industrial control systems, considered an integral part of its electrical power infrastructure.
Bellringer says BC Hydro is detecting and responding to cybersecurity threats covered by mandatory reliability standards, which are accepted across North America.
But the audit says hydro needs to expand efforts to detect cybersecurity threats to lower power capacity components, which Bellringer says may allow incidents to cause localized outages, and overall could have a large effect on the power system.
BC Hydro provides electricity to 95 per cent of residents in the province and the system is considered “critical infrastructure” for its role in everyday life and importance to the provincial economy.
The audit says the energy sector is one of the most cyberattacked of all infrastructure sectors and security to it is no longer about prevention, but quickly detecting and responding to attacks.
Recommendations in the audit include assessing cybersecurity risks, maintaining an inventory of its hardware and software components, and implementing detection mechanisms and monitoring, in real time.