Hydro One upgrades Chesterville transformer station

Ontario Clean Grid Plan outlines emissions-free electricity growth, renewable energy procurement, nuclear expansion at Bruce and Darlington, reduced natural gas, grid reliability, and net-zero alignment to meet IESO demand forecasts and EV manufacturing loads.

Key Points

A plan to expand emissions-free power via renewables and nuclear, cut natural gas use, and meet growing demand.

✅ Targets renewables, hydro, and nuclear capacity growth

✅ Aims to reduce reliance on gas for grid reliability

✅ Aligns with IESO demand forecasts and EV manufacturing loads

Ontario is working toward filling all of the province’s quickly growing electricity needs with emissions-free sources, including a plan to secure new renewable generation and clean power options, but isn’t quite ready to commit to a moratorium on natural gas.

Energy Minister Todd Smith announced Monday a plan to address growing energy needs for 2030 to 2050 — the Independent Electricity System Operator projects Ontario’s electricity demand could double by mid-century — and next steps involve looking for new wind, solar and hydroelectric power.

“While we may not need to start building today, government and those in the energy sector need to start planning immediately, so we have new clean, zero-emissions projects ready to go when we need them,” Smith said in Windsor, Ont.

The strategy also includes two nuclear projects announced last week — a new large-scale nuclear plant at Bruce Power on the shore of Lake Huron and three new small modular reactors at the site of the Darlington nuclear plant east of Toronto.

Those projects, enough to power six million homes, will help Ontario end its reliance on natural gas to generate electricity, said Smith, but committing to a natural gas moratorium in 2027 and eliminating natural gas by 2050 is contingent on the federal government helping to speed up the new nuclear facilities.

“Today’s report, the Powering Ontario’s Growth plan, commits us to working towards a 100 per cent clean grid,” Smith said in an interview.

“Hopefully the federal government can get on board with our intentions to build this clean generation as quickly as possible … That will put us in a much better position to use our natural gas facilities less in the future, if we can get those new projects online.”

The IESO has said that natural gas is required to ensure supply and stability in the short to medium term, as Ontario works on balancing demand and emissions across the grid, but that it will also increase greenhouse gas emissions from the electricity sector.

The province is expected to face increased demand for electricity from expanded electric vehicle use and manufacturing in the coming years, even as a $400-billion cost estimate for greening the grid is debated.

Keith Brooks, programs director for Environmental Defence, said the provincial plan could have been much more robust, containing firm timelines and commitments.

“This plan does not commit to getting emissions out of the system,” he said.

“It doesn’t commit to net zero, doesn’t set a timeline for a net zero goal or have any projection around emissions from Ontario’s electricity sector going forward. In fact, it’s not really a plan. It doesn’t set out any real goals and it doesn’t it doesn’t project what Ontario’s supply mix might look like.”

The Canadian Climate Institute applauded the plan’s focus on reducing reliance on gas-fired generation and emphasizing non-emitting generation, but also said there are still some question marks.

“The plan is silent on whether the province intends to construct new gas-fired generation facilities,” even as new gas plant expansions are proposed, senior research director Jason Dion wrote in a statement.

“The province should avoid building new gas plants since cost-effective alternatives are available, and such facilities are likely to end up as stranded assets. The province’s timeline for reaching net zero generation is also unclear. Canada and other G7 countries have set a target for 2035, something Ontario will need to address if it wants to remain competitive.”

Related News

• Electricity Forum News

• Power Generation News

PG&E Bankruptcy Plan outlines wildfire victims compensation via a $13.5B trust funded by cash and stock, aiming CPUC and court approval before June 30 to access the state wildfire insurance fund and finalize settlement.

Key Points

A regulator-approved plan funding a $13.5B wildfire victims trust with cash and PG&E stock to exit bankruptcy.

✅ $13.5B trust split between cash and PG&E shares

✅ Targets CPUC and court approval to meet June 30 deadline

✅ Accesses state wildfire insurance fund for future risks

Pacific Gas & Electric's plan for getting out of bankruptcy has won overwhelming support from the victims of deadly Northern California wildfires ignited by the utility's fraying electrical grid, while some have pursued mega-fire lawsuits through the courts as well, despite concerns that they will be shortchanged by a $13.5 billion fund that's supposed to cover their losses.

The company announced the preliminary results of the vote on Monday without providing a specific tally. Those numbers are supposed to be filed with U.S. Bankruptcy Judge Dennis Montali by Friday.

The backing of the wildfire victims keeps PG&E on track to meet a June 30 deadline to emerge from bankruptcy in time to qualify for a coverage from a California wildfire insurance fund created to help protect the utility from getting into financial trouble again.

The current bankruptcy case, which began early last year, will require PG&E to pay out about $25.5 billion to cover the devastation caused by its neglect, including a Camp Fire guilty plea that underscored liabilities in court proceedings. It's the second time in less than 20 years that PG&E has filed for bankruptcy.

The backing for PG&E's plan isn't a surprise, even though some of the roughly 80,000 wildfire victims had been trying to rally resistance to what they consider to be a deeply flawed plan. The misgivings mostly center on the massive debt that the utility will take on to finance the plan and uncertainties about the fluctuating value of the $6.75 billion in company stock that comprises half of the $13.5 billion promised them.

As it became apparent that the COVID-19 pandemic would drive the economy into a deep recession, PG&E's shares plunged along with the rest of the stock market during March, even as it announced pandemic response measures for customers and employees during that period. That led one financial expert to estimate the PG&E stock earmarked for the wildfire victims' trust would be worth only $4.85 billion, a nearly 30% markdown.

But PG&E's stock price has rebounded in recent weeks and it's now worth more than it was when the deal setting up the victims' trust was struck last December. The shares surged more than 8% to $12.28 in Monday's late afternoon trading. The stock stood at $9.65 when PG&E reached its settlement the wildfire victims.

Critics of the utility's plan also are upset because the company still hasn't specified when the fire victims will be able to sell the shares. It now seems likely the victims will have to hold the stock through the upcoming wildfire season in Northern California, raising the specter that another calamity caused by the utility's badly outdated equipment, as power line fire reports have underscored, could cause the shares to plummet before they can cash out.

A petition signed by more than 3,100 wildfire victims recently urged Gov. Gavin Newsom to consider pushing back the deadline for qualifying for the state's wildfire from June 30 to late August to allow for more time to revise PG&E's plan, as many also turn to a wildfire assistance program for interim aid while they wait. Newsom's office hasn't responded to inquiry about the plan from The Associated Press.

But the lawyers representing the wildfire victims advised their clients to vote in favor of PG&E's plan, contending that it's the best deal they are going to get.

PG&E still must get its plan approved by the judge supervising its case, and a recent judge order on dividend use underscores the focus on wildfire mitigation. The confirmation hearings are scheduled to begin May 27. The judge, though, has indicated he will give great weight to the wishes of the wildfire victims.

California state regulators also must approve PG&E's plan, amid projections that rates will stabilize in 2025 for customers. A vote on that is scheduled Thursday before the Public Utilities Commission.

Related News

• Electricity Forum News

• Energy Policy News

Idaho Power Valmy Settlement outlines early closure of the North Valmy coal-fired plant in Nevada, accelerated depreciation recovery, a 1.17% base-rate increase, and impacts for customers, NV Energy co-ownership, and Idaho Public Utilities Commission review.

Key Points

A proposed agreement to close North Valmy early, recover costs via a 1.17% rate hike, and seek PUC approval.

✅ Unit 1 closes 2019; Unit 2 closes 2025 in Nevada.

✅ 1.17% base-rate hike; about $1.20 per 1,000 kWh monthly bill.

✅ Idaho PUC comment deadline May 25; NV Energy co-owner.

State regulators have set a May 25 deadline for public comment on a proposed settlement related to the early closure of a coal-fired plant co-owned by Idaho Power, even as some utilities plan to keep a U.S. coal plant running indefinitely in other jurisdictions.

The settlement calls for shuttering Unit 1 of the North Valmy Power Plant in Nevada in 2019, with Unit 2 closing in 2025, amid regional coal unit retirements debates. The units had been slated for closure in 2031 and 2035, respectively.

If approved by the Idaho Public Utilities Commission, the settlement would increase base rates by approximately $13.3 million, or 1.17 percent, in order to allow the company to recover its investment in the plant on an accelerated basis.

That equates to an additional $1.20 on the monthly bill of the typical residential customer using 1,000 kilowatt-hours of energy per month.

Idaho Power, which co-owns the plant with NV Energy, maintains that closing Valmy early rather than continuing to operate it until it is fully depreciated in 2035, will ultimately save customers $103 million in today's dollars.

The company said a significant decrease in market prices for electricity has made it uneconomic to operate the plant except during extremely cold or hot weather, when the demand for energy peaks, a trend underscored by transactions involving the San Juan Generating Station deal elsewhere. The company also said plant balances have increased by approximately $70 million since its last general rate case in 2011, due to routine maintenance and repairs, as well as investments required to meet environmental regulations.

The proposed settlement reflects a number of changes to Idaho Power's original proposal regarding Valmy, and comes in the wake of discussions with interested parties in February and April, against the backdrop of a broader energy debate over plant closures and reliability.

In its initial application, filed in October, Idaho Power proposed closing both units in 2025. The original proposal would have increased base rates by $28.5 million, or about 2.5 percent, in order to allow the company to recover its costs associated with the plant's accelerated depreciation, decommissioning and anticipated investments, with cautionary examples such as the Kemper power plant costs illustrating potential risks.

Concurrently, Idaho Power asked for commission approval to adjust depreciation rates for its other plants and equipment based on the result of a study it conducts every five years, as outlined in Case IPC-E-16-23. The adjustment would have led to a $6.7 million increase to base rates.

The two requests filed in October would have increased customer costs by a total of $35.2 million or 3.1 percent, leading to a $3.08 increase on the bills of the typical residential customer who uses 1,000 kilowatt-hours per month.

The proposed settlement submitted to the Commission on May 4 calls for $13,285,285 to be recovered from all customer classes through base rates until 2028, all related to the Valmy shutdown. That is an increase of 1.17 percent and would result in a $1.20 increase on the bills of the typical residential customer who uses 1,000 kilowatt-hours per month.

Related News

• Electricity Forum News

• Power Generation News

US Power Grid Cyberattacks target utilities and nuclear plants, probing SCADA, ICS, and business networks at sites like Wolf Creek; suspected Russian actors, malware, and spear-phishing trigger DHS and FBI alerts on critical infrastructure resilience.

Key Points

Intrusions on energy networks probing ICS and SCADA, seeking persistence and elevating risks to critical infrastructure.

✅ Wolf Creek nuclear plant targeted; no operational systems breached

✅ Attackers leveraged stolen credentials, malware, and spear-phishing

✅ DHS and FBI issued alerts; utilities enhance cyber resilience

Hackers working for a foreign government recently breached at least a dozen US power plants, including the Wolf Creek nuclear facility in Kansas, according to current and former US officials, sparking concerns the attackers were searching for vulnerabilities in the electrical grid.

The rivals could be positioning themselves to eventually disrupt the nation’s power supply, warned the officials, who noted that a general alert, prompting a renewed focus on protecting the U.S. power grid, was distributed to utilities a week ago. Adding to those concerns, hackers recently infiltrated an unidentified company that makes control systems for equipment used in the power industry, an attack that officials believe may be related.

The chief suspect is Russia, according to three people familiar with the continuing effort to eject the hackers from the computer networks. One of those networks belongs to an ageing nuclear generating facility known as Wolf Creek -- owned by Westar Energy Inc, Great Plains Energy Inc, and Kansas Electric Power Cooperative Inc -- on a lake shore near Burlington, Kansas.

The possibility of a Russia connection is particularly worrying, former and current official s say, because Russian hackers have previously taken down parts of the electrical grid in Ukraine and appear to be testing increasingly advanced tools, including cyber weapons to disrupt power grids, to disrupt power supplies.

The hacks come as international tensions have flared over US intelligence agencies’ conclusion that Russia tried to influence the 2016 presidential election, and amid U.S. government condemnation of Russian power-grid hacking in recent advisories. The US, which has several continuing investigations into Russia’s activities, is known to possess digital weapons capable of disrupting the electricity grids of rival nations.

“We don’t pay attention to such anonymous fakes,” Kremlin spokesman Dmitry Peskov said, in response to a request to comment on alleged Russian involvement.

It was unclear whether President Donald Trump was planning to address the cyber attacks at his meeting on Friday with Russian President Vladimir Putin. In an earlier speech in Warsaw, Trump called out Russia’s “destabilising activities” and urged the country to join “the community of responsible nations.”

The Department of Homeland Security and Federal Bureau of Investigation said they are aware of a potential intrusion in the energy sector. The alert issued to utilities cited activities by hackers since May.

“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” the government agencies said in a joint statement.

The Department of Energy also said the impact appears limited to administrative and business networks and said it was working with utilities and grid operators to enhance security and resilience.

“Regardless of whether malicious actors attempt to exploit business networks or operational systems, we take any reports of malicious cyber activity potentially targeting our nation’s energy infrastructure seriously and respond accordingly,” the department said in an emailed statement.

Representatives of the National Security Council, the Director of National Intelligence and the Nuclear Regulatory Commission declined to comment. While Bloomberg News was waiting for responses from the government, the New York Times reported that hacks were targeting nuclear power stations.

The North American Electric Reliability Corp, a nonprofit that works to ensure the reliability of the continent’s power system, said it was aware of the incident and was exchanging information with the industry through a secure portal.

“At this time, there has been no bulk power system impact in North America,” the corporation said in an emailed statement.

In addition, the operational controls at Wolf Creek were not pierced, according to government officials, even as attackers accessed utility control rooms elsewhere in the U.S., according to separate reports. “There was absolutely no operational impact to Wolf Creek,” Jenny Hageman, a spokeswoman for the nuclear plant, said in a statement to Bloomberg News.

“The reason that is true is because the operational computer systems are completely separate from the corporate network.”

Determining who is behind an attack can be tricky. Government officials look at the sophistication of the tools, among other key markers, when gauging whether a foreign government is sponsoring cyber activities.

Several private security firms, including Symantec researchers, are studying data on the attacks, but none has linked the work to a particular hacking team or country.

“We don’t tie this to any known group at this point,” said Sean McBride, a lead analyst for FireEye Inc, a global cyber security firm. “It’s not to say it’s not related, but we don’t have the evidence at this point.”

US intelligence officials have long been concerned about the security of the country’s electrical grid. The recent attack, striking almost simultaneously at multiple locations, is testing the government’s ability to coordinate an effective response among several private utilities, state and local officials, and industry regulators.

Specialised teams from Homeland Security and the FBI have been scrambled to help extricate the hackers from the power stations, in some cases without informing local and state officials. Meanwhile, the US National Security Agency is working to confirm the identity of the hackers, who are said to be using computer servers in Germany, Italy, Malaysia and Turkey to cover their tracks.

Many of the power plants are conventional, but the targeting of a nuclear facility adds to the pressure. While the core of a nuclear generator is heavily protected, a sudden shutdown of the turbine can trigger safety systems. These safety devices are designed to disperse excess heat while the nuclear reaction is halted, but the safety systems themselves may be vulnerable to attack.

Homeland Security and the FBI sent out a general warning about the cyber attack to utilities and related parties on June 28, though it contained few details or the number of plants affected. The government said it was most concerned about the “persistence” of the attacks on choke points of the US power supply. That language suggests hackers are trying to establish backdoors on the plants’ systems for later use, according to a former senior DHS official who asked not to be identified.

Those backdoors can be used to insert software specifically designed to penetrate a facility’s operational controls and disrupt critical systems, according to Galina Antova, co-founder of Claroty, a New York firm that specialises in securing industrial control systems.

“We’re moving to a point where a major attack like this is very, very possible,” Antova said. “Once you’re into the control systems -- and you can get into the control systems by hacking into the plant’s regular computer network -- then the basic security mechanisms you’d expect are simply not there.”

The situation is a little different at nuclear facilities. Backup power supplies and other safeguards at nuclear sites are meant to ensure that “you can’t really cause a nuclear plant to melt down just by taking out the secondary systems that are connected to the grid,” Edwin Lyman, a nuclear expert with the Union of Concerned Scientists, said in a phone interview.

The operating systems at nuclear plants also tend to be legacy controls built decades ago and don’t have digital control systems that can be exploited by hackers. Wolf Creek, for example, began operations in 1985. “They’re relatively impervious to that kind of attack,” Lyman said.

The alert sent out last week inadvertently identified Wolf Creek as one of the victims of the attack. An analysis of one of the tools used by the hackers had the stolen credentials of a plant employee, a senior engineer. A US official acknowledged the error was not caught until after the alert was distributed.

According to a security researcher who has seen the report, the malware that activated the engineer’s username and password was designed to be used once the hackers were already inside the plant’s computer systems.

The tool tries to connect to non-public computers, and may have been intended to identify systems related to Wolf Creek’s generation plant, a part of the facility typically more modern than the nuclear reactor control room, according to a security expert who asked to note be identified because the alert is not public.

Even if there is no indication that the hackers gained access to those control systems, the design of the malware suggests they may have at least been looking for ways to do so, the expert said.

Stan Luke, the mayor of Burlington, the largest community near Wolf Creek, which is surrounded by corn fields and cattle pastures, said he learned about a cyber threat at the plant only recently, and then only through golfing buddies.

With a population of just 2,700, Burlington boasts a community pool with three water slides and a high school football stadium that would be the envy of any junior college. Luke said those amenities lead back to the tax dollars poured into the community by Wolf Creek, Coffey County’s largest employer with some 1,000 workers, 600 of whom live in the county.

E&E News first reported on digital attacks targeting US nuclear plants, adding it was code-named Nuclear 17. A senior US official told Bloomberg that there was a bigger breach of conventional plants, which could affect multiple regions.

Industry experts and US officials say the attack is being taken seriously, in part because of recent events in Ukraine. Antova said that the Ukrainian power grid has been disrupted at least twice, first in 2015, and then in a more automated attack last year, suggesting the hackers are testing methods.

Scott Aaronson, executive director for security and business continuity at the Edison Electric Institute, an industry trade group, said utilities, grid operators and federal officials were already dissecting the attack on Ukraine’s electric sector to apply lessons in North America before the US government issued the latest warning to “energy and critical manufacturing sectors”. The current threat is unrelated to recently publicised ransomware incidents or the CrashOverride malware, Mr Aaronson said in an emailed statement.

Neither attack in Ukraine caused long-term damage. But with each escalation, the hackers may be gauging the world’s willingness to push back.

“If you think about a typical war, some of the acts that have been taken against critical infrastructure in Ukraine and even in the US, those would be considered crossing red lines,” Antova said.

Related News

• Electricity Forum News

• Grid Technologies News

European Green Deal Electrification accelerates decarbonization via renewables, electric vehicles, heat pumps, and clean industry, backed by sustainable finance, EIB green lending, just transition funds, and energy taxation reform to phase out fossil fuels.

Key Points

An EU plan to replace fossil fuels with renewable electricity in transport, buildings, and industry, supported by green finance.

✅ Doubles electricity's share to cut CO2 and phase out fossil fuels.

✅ Drives EVs, heat pumps, and electrified industry via renewables.

✅ Funded by EIB lending, EU budget, and just transition support.

The European Union is preparing an ambitious plan to completely decarbonize by 2050. Increasing the share of electricity in Europe’s energy system – electricity that will increasingly come from renewable sources - will be at the center of this strategy, aligning with the broader global energy transition under way, the new head of the European Commission’s energy department said yesterday.

This will mean more electric cars, electric heating and electric industry. The idea is that fossil fuels should no longer be a primary energy source, heating homes, warming food or powering cars. In the medium term they should only be used to generate electricity, a shift mirrored by New Zealand's electricity shift efforts, which then powers these things, resulting in less CO2 emissions.

“First assessments show we need to double the share of electricity in energy consumption by 2050,” Ditte Juul-Jørgensen said at an event in Brussels this week, a goal echoed by recent calls to double investment in power systems from world leaders. “We’ve already seen an increase in the last decade, but we need to go further”.

Juul-Jørgensen, who started in her job as director-general of the commission’s energy department in August, has come to the role at a pivotal time for energy. The 2050 decarbonization proposal from the Commission, the EU’s executive branch, is expected to be approved next month by EU national leaders. A veto from Poland that has blocked adoption until now is likely to be overcome if Poland and other Eastern European countries are offered financial assistance from a “just transition fund”, according to EU sources.

Ursula von der Leyen, the incoming President of the Commission, has promised to unveil a “European Green Deal” in her first 100 days in office designed to get the EU to its 2050 goal. Juul-Jørgensen will be working with the incoming EU Energy Commissioner, Kadri Simson, on designing this complex strategy. The overall aim will be to phase out fossil fuels, and increase the use of electricity from green sources, amid trends like oil majors pivoting to electric across Europe today.

“This will be about how do we best make use of electricity to feed into other sectors,” Juul-Jørgensen said. “We need to think about transforming it into other sources, and how to best transport it.”

“But the biggest challenge from what I see today is that of investment and finance - the changes we have to make are very significant.”

Financing problems

The Commission is going to try to tackle the challenges of financing the energy transition with two tools: dedicated climate funding in the EU budget, and dedicated climate lending from the European Investment Bank.

“The EIB will play an increasing role in future. We hope to see agreement [with the EIB board] on that in the coming months so there’s a clear operator in the EIB to support the green transition. We’re looking at something around €400 billion a year.”

The Commission’s proposed dedicated climate spending in the next seven-year budget must still be approved by the 28 EU national governments. Juul-Jørgensen said there is unanimous agreement on the amount: 25% of the budget. But there is disagreement about how to determine what is green spending.

“A lot of work has been ongoing to ensure that when it comes to counting it reflects the reality of the investments,” she said. “We’re working on the taxonomy on sustainable finance - internally identifying sectors contributing to overall climate objectives.”

Electricity pact

Juul-Jørgensen was speaking at an event organized by the the Electrification Alliance, a pact between nine industry organizations to lobby for electricity to be put at the heart of the European green deal. They signed a declaration at the event calling for a variety of measures to be included in the green deal, reflecting debates over a fully renewable grid by 2030 in other jurisdictions, including a change to the EU’s energy taxation regime which incentivizes a switch from fossil fuel to electricity consumption.

“Electrification is the most important solution to turn the vision of a fossil-free Europe into reality,” said Laurence Tubiana, CEO of the European Climate Foundation, one of the signatories, and co-architect of the Paris Agreement.

“We are determined to deliver, but we must be mindful of the different starting points and secure sufficient financing to ensure a fair transition”, said Magnus Hall, President of electricity industry association Eurelectric, another signatory.

The energy taxation issue has been particularly tricky for the EU, since any change in taxation rules requires the unanimous consent of all 28 EU countries. But experts say that current taxation structures are subsidizing fossil fuels and punishing electricity, as recent UK net zero policy changes illustrate, and unless this is changed the European Green Deal can have little effect.

“Yes this issue will be addressed in the incoming commission once it takes up its function,” Juul-Jørgensen said in response to an audience question. “We all know the challenge - the unanimity requirement in the Council - and so I hope that member states will agree to the direction of work and the need to address energy taxation systems to make sure they’re consistent with the targets we’ve set ourselves.”

But some are concerned that the transformation envisioned by the green deal will have negative impacts on some of the most vulnerable members of society, including those who work in the fossil fuel sector.

This week the Centre on Regulation in Europe sent an open letter to Frans Timmermans, the Commission Vice President in charge of climate, warning that they need to be mindful of distributional effects. These worries have been heightened by the yellow vest protests in France, which were sparked by French President Emmanuel Macron’s attempt to increase fuel taxes for non-electric cars.

“The effectiveness of climate action and sustainability policies will be challenged by increasing social and political pressures,” wrote Máximo Miccinilli, the center’s director for energy. “If not properly addressed, those will enhance further populist movements that undermine trust in governance and in the public institutions.”

Miccinilli suggests that more research be done into identifying, quantifying and addressing distributional effects before new policies are put in place to phase out fossil fuels. He proposes launching a new European Observatory for Distributional Effects of the Energy Transition to deal with this.

EU national leaders are expected to vote on the 2050 decarbonization target, building on member-state plans such as Spain's 100% renewable electricity goal by mid-century, at a summit in Brussels on December 12, and Von der Leyen will likely unveil her European Green Deal in March.

Related News

• Electricity Forum News

• Climate Change News

Canadian Industrial IoT Cybersecurity Standards aim to unify device security for utilities, smart grids, SCADA, and OT systems, aligning with NERC CIP, enabling certification, trust marks, compliance testing, and safer energy sector deployments.

Key Points

National standards to secure industrial IoT for utilities and grids, enabling certification and NERC CIP alignment.

✅ Aligns with NERC CIP and NIST frameworks for energy sector security

✅ Defines certification, testing tools, and a trusted device repository

✅ Enhances OT, SCADA, and smart grid resilience against cyber threats

The Canadian energy sector has been buying Internet-connected sensors for monitoring a range of activities in generating plants, distribution networks facing harsh weather risks and home smart meters for several years. However, so far industrial IoT device makers have been creating their own security standards for devices, leaving energy producers and utilities at their mercy.

The industry hopes to change that by creating national cybersecurity standards for industrial IoT devices, with the goal of improving its ability to predict, prevent, respond to and recover from cyber threats, such as emerging ransomware attacks across the grid.

To help, the federal government today announced an $818,000 grant support a CIO Strategy Council project oversee the setting of standards.

In an interview council executive director Keith Jansa said the money will help a three-year effort that will include holding a set of cross-country meetings with industry, government, academics and interest groups to create the standards, tools to be able to test devices against the standards and the development of product repository of IoT safe devices companies can consult before making purchases.

“The challenge is there are a number of these devices that will be coming online over the next few years,” Jansa said. “IoT devices are designed for convenience and not for security, so how do you ensure that a technology an electricity utility secures is in fact safeguarded against cyber threats? Currently, there is no associated trust mark or certification that gives confidence associated with these devices.”

He also said the council will work with the North American Electric Reliability Corporation (NERC), which sets North American-wide utility safety procedural standards and informs efforts on protecting the power grid across jurisdictions. The industrial IoT standards will be product standards.

According to Robert Wong, vice-president and CIO of Toronto Hydro, all the big provincial utilities are subject to adhering to NERC CIP standards which have requirements for both cyber and physical security. Ontario is different from most provinces in that it has local distribution companies — like Toronto Hydro — which buy electricity in bulk and resell it to customers.  These LDCs don’t own or operate critical infrastructure and therefore don’t have to follow the NERC CIP standards.

Regional reforms, such as regulatory changes in Atlantic Canada, aim to bring greener power options to the grid.

Electricity is considered around the world as one of a country’s critical national infrastructure. Threats to the grid can be used for ransom or by a country for political pressure. Ukraine had its power network knocked offline in 2015 and 2016 by what were believed to be Russian-linked attackers operating against utilities.

All the big provincial utilities operate “critical infrastructure” and are subject to adhering to NERC CIP (critical infrastructure protection) standards, which have requirements for both cyber and physical security, as similar compromises at U.S. electric utilities have highlighted recently.  There are audited on a regular basis for compliance and can face hefty fines if they fail to meet the requirements.  The LDCs in Ontario don’t own or operate “critical infrastructure” and therefore are not required to adopt NERC CIP standards (at least for now).

The CIO Strategy Council is a forum for chief information officers that is helping set standards in a number of areas. In January it announced a partnership with the Internet Society’s Canada Chapter to create standards of practice for IoT security for consumer devices. As part of the federal government’s updated national cybersecurity strategy it is also developing a national cybersecurity standard for small and medium-sized businesses. That strategy would allow SMBs to advertise to customers that they meet minimum security requirements.

“The security of Canadians and our critical infrastructure is paramount,” federal minister of natural resources Seamus O’Regan said in a statement with today’s announcement. “Cyber attacks are becoming more common and dangerous. That’s why we are supporting this innovative project to protect the Canadian electricity sector.”

The announcement was welcomed by Robert Wong, Toronto Hydro’s vice-president and CIO. “Any additional investment towards strengthening the safeguards against cyberattacks to Canada’s critical infrastructure is definitely good news.  From the perspective of the electricity sector, the convergence of IT and OT (operational technology) has been happening for some time now as the traditional electricity grid has been transforming into a Smart Grid with the introduction of smart meters, SCADA systems, electronic sensors and monitors, smart relays, intelligent automated switching capabilities, distributed energy resources, and storage technologies (batteries, flywheels, compressed air, etc.).

“In my experience, many OT device and system manufacturers and vendors are still lagging the traditional IT vendors in incorporating Security by Design philosophies and effective security features into their products.  This, in turn, creates greater risks and challenges for utilities to protecting their critical infrastructures and ensuring a reliable supply of electricity to its customers.”

The Ontario Energy Board, which regulates the industry in the province, has led an initiative for all utilities to adopt the National Institute of Standards and Technology (NIST) Cybersecurity Framework, along with the ES-C2M2 maturity and Privacy By Design models, he noted.  Toronto Hydro has been managing its cybersecurity practice in adherence to these standards, as the city addresses growing electricity needs as well, he said.

“Other jurisdictions, such as Israel, have invested heavily on a national level in developing its cybersecurity capabilities and are seen as global leaders.  I am confident that given the availability of talent, capabilities and resources in Canada (especially around the GTA) if we get strong support and leadership at a federal level we can also emerge as a leader in this area as well.”

Related News

• Electricity Forum News

• Grid Technologies News