Off-peak rates to drop slightly

Canada Critical Infrastructure Cyber Risks include state-sponsored actors probing the electricity grid and ICS/OT, ransomware on utilities, and espionage targeting smart cities, medical devices, and energy networks, pre-positioning for disruptive operations.

Key Points

Nation-state and criminal cyber risks to Canada's power, water, and OT/ICS, aiming to disrupt, steal data, or extort.

✅ State-sponsored probing of power grid and utilities

✅ OT/ICS exposure grows as systems connect to IT networks

✅ Ransomware, espionage, and pre-positioning for disruption

State-sponsored actors are "very likely" trying to shore up their cyber capabilities to attack Canada's critical infrastructure — such as the electricity supply, as underscored by the IEA net-zero electricity report indicating rising demand for clean power, to intimidate or to prepare for future online assaults, a new intelligence assessment warns.

"As physical infrastructure and processes continue to be connected to the internet, cyber threat activity has followed, leading to increasing risk to the functioning of machinery and the safety of Canadians," says a new national cyber threat assessment drafted by the Communications Security Establishment.

"We judge that state-sponsored actors are very likely attempting to develop the additional cyber capabilities required to disrupt the supply of electricity in Canada, even as cleaning up Canada's electricity remains critical for climate goals."

Today's report — the second from the agency's Canadian Centre for Cyber Security wing — looks at the major cyber threats to Canadians' physical safety and economic security.

The CSE does say in the report that while it's unlikely cyber threat actors would intentionally disrupt critical infrastructure — such as water and electricity supplies — to cause major damage or loss of life, they would target critical organizations "to collect information, pre-position for future activities, or as a form of intimidation."

The report said Russia-associated actors probed the networks of electricity utilities in the U.S. and Canada last year and Chinese state-sponsored cyber threat actors have targeted U.S. utility employees. Other countries have seen their industrial control systems targeted by Iranian hacking groups and North Korean malware was found in the IT networks of an Indian power plant, it said.

The threat grows as more critical infrastructure goes high-tech.

In the past, the operational technology (OT) used to control dams, boilers, electricity and pipeline operations has been largely immune to cyberattacks — but that's changing as manufacturers incorporate newer information technology in their systems and products and as the race to net-zero drives grid modernization, says the report.

That technology might make things easier and lower costs for utilities already facing debates over electricity prices in Alberta amid affordability concerns, but it comes with risks, said Scott Jones, the head of the cyber centre.

"So that means now it is a target, it is accessible and it's vulnerable. So what you could see is shutting off of transmission lines, you can see them opening circuit breakers, meaning electricity simply won't flow to our homes to our business," he told reporters Wednesday.

While the probability of such attacks remains low, Jones said the goal of Wednesday's briefing is to send out the early warnings.

"We're not trying to scare people. We're certainly not trying to scare people into going off grid by building a cabin in the woods. We're here to say, 'Let's tackle these now while they're still paper, while they're still a threat we're writing down.'"

Steve Waterhouse, a former cybersecurity officer for the Department of National Defence who now teaches at Université de Sherbrooke, said a saving grace for Canada could be the makeup of its electrical systems.

"Since in Canada, they're very centralized, it's easier to defend, and debates about bridging Alberta and B.C. electricity aim to strengthen resilience, while down in the States, they have multiple companies all around the place. So the weakest link is very hard to identify where it is, but the effect is a cascading effect across the country ... And it could impact Canada, just like we saw in the big Northeastern power outage, the blackout of 2003," he said.

"So that goes to say, we have to be prepared. And I believe most energy companies have been taking extra measures to protect and defend against these type of attacks, even as Canada points to nationwide climate success in electricity to meet emissions goals."

In the future, attacks targeting so-called smart cities and internet-connected devices, such as personal medical devices, could also put Canadians at risk, says the report. 

Earlier this year, for example, Health Canada warned the public that medical devices containing a particular Bluetooth chip — including pacemakers, blood glucose monitors and insulin pumps — are vulnerable to cyber attacks that could crash them.

The foreign signals intelligence agency also says that while state-sponsored programs in China, Russia, Iran and North Korea "almost certainly" pose the greatest state-sponsored cyber threats to Canadian individuals and organizations, many other states are rapidly developing their own cyber programs.

Waterhouse said he was glad to see the government agency call out the countries by name, representing a shift in approach in recent years.

"To tackle on and be ready to face a cyber-attack, you have to know your enemy," he said.

"You have to know what's vulnerable inside of your organization. You have to know how ... vulnerable it is against the threats that are out there."

Commercial espionage continues
State-sponsored actors will also continue their commercial espionage campaigns against Canadian businesses, academia and governments — even as calls to make Canada a post-COVID manufacturing hub grow — to steal Canadian intellectual property and proprietary information, says the CSE.

"We assess that these threat actors will almost certainly continue attempting to steal intellectual property related to combating COVID-19 to support their own domestic public health responses or to profit from its illegal reproduction by their own firms," says the "key judgments" section of the report.

"The threat of cyber espionage is almost certainly higher for Canadian organizations that operate abroad or work directly with foreign state-owned enterprises."

The CSE says such commercial espionage is happening already across multiple fields, including aviation, technology and AI, energy and biopharmaceuticals.

While state-sponsored cyber activity tends to offer the most sophisticated threats, CSE said that cybercrime continues to be the threat most likely to directly affect Canadians and Canadian organizations, through vectors like online scams and malware.

"We judge that ransomware directed against Canada will almost certainly continue to target large enterprises and critical infrastructure providers. These entities cannot tolerate sustained disruptions and are willing to pay up to millions of dollars to quickly restore their operations," says the report.

Cybercrime becoming more sophisticated 
According to the Canadian Anti-Fraud Centre, Canadians lost over $43 million to cybercrime last year. The CSE reported earlier this year that online thieves have been using the COVID-19 pandemic to trick Canadians into forking over their money — through scams like a phishing campaign that claimed to offer access to a Canada Emergency Response Benefit payment in exchange for the target's personal financial details.

Online foreign influence activities — a dominant theme in the CSE's last threat assessment briefing — continue and constitute "a new normal" in international affairs as adversaries seek to influence domestic and international political events, says the agency.

"We assess that, relative to some other countries, Canadians are lower-priority targets for online foreign influence activity," it said.

"However, Canada's media ecosystem is closely intertwined with that of the United States and other allies, which means that when their populations are targeted, Canadians become exposed to online influence as a type of collateral damage."

According to the agency's own definition, "almost certainly" means it is nearly 100 per cent certain in its analysis, while "very likely" means it is 80-90 per cent certain of its conclusions. The CSE says its analysis is based off of a mix of confidential and non-confidential intelligence and sources. 

Related News

• Electricity Forum News

• Climate Change News

Russian Utility Grid Cyberattacks reveal DHS findings on Dragonfly/Energetic Bear breaching control rooms and ICS/SCADA via vendor supply-chain spear-phishing, threatening blackouts and critical infrastructure across U.S. power utilities through stolen credentials and reconnaissance.

Key Points

State-backed ops breaching utilities via vendors to reach ICS/SCADA, risking grid disruption and control-room access.

✅ Spear-phishing and watering-hole attacks on vendor networks

✅ Stolen credentials used to reach isolated ICS/SCADA

✅ Potential to trigger localized blackouts and service disruptions

Hackers working for Russia were able to gain access to the control rooms of US electric utilities last year, allowing them to cause blackouts, federal officials tell the Wall Street Journal.

The hackers -- working for a state-sponsored group previously identified as Dragonfly or Energetic Bear -- broke into utilities' isolated networks by hacking networks belonging to third-party vendors that had relationships with the power companies, the Department of Homeland Security said in a press briefing on Monday.

Officials said the campaign had claimed hundreds of victims and is likely continuing, the Journal reported.

"They got to the point where they could have thrown switches" to disrupt the flow power, Jonathan Homer, chief of industrial-control-system analysis for DHS, told the Journal.

"While hundreds of energy and non-energy companies were targeted, the incident where they gained access to the industrial control system was a very small generation asset that would not have had any impact on the larger grid if taken offline," the DHS said in a statement Tuesday. "Over the course of the past year as we continued to investigate the activity, we learned additional information which would be helpful to industry in defending against this threat."

Organizations running the nation's energy, nuclear and other critical infrastructure have become frequent targets for cyberattacks in recent years due to their ability to cause immediate chaos, whether it's starting a blackout or blocking traffic signals. These systems are often vulnerable because of antiquated software and the high costs of upgrading infrastructure.

The report comes amid heightened tension between Russia and the US over cybersecurity, alongside US condemnation of power grid hacking in recent months. Earlier this month, US special counsel Robert Mueller filed charges against 12 Russian hackers tied to cyberattacks on the Democratic National Committee.

Hackers compromised US power utility companies' corporate networks with conventional approaches, such as spear-phishing emails and watering-hole attacks as seen in breaches at power plants across the US that target a specific group of users by infecting websites they're known to visit, the newspaper reported. After gaining access to vendor networks, hackers turned their attention to stealing credentials for access to the utility networks and familiarizing themselves with facility operations, officials said, according to the Journal.

Homeland Security didn't identify the victims, the newspaper reports, adding that some companies may not know they had been compromised because the attacks used legitimate credentials to gain access to the networks.

Cyberattacks on electrical systems aren't an academic matter. In 2016, Ukraine's grid was disrupted by cyberattacks attributed to Russia, which is engaged in territorial disputes with the country over eastern Ukraine and the Crimean peninsula. Russia has denied any involvement in targeting critical infrastructure.

President Donald Trump signed an executive order in May designed to bolster the United States' cybersecurity by protecting federal networks, critical infrastructure and the public online. One section of the order focuses on protecting the grid like electricity and water, as well as financial, health care and telecommunications systems.

The Department of Homeland Security didn't respond to a request for comment.

Related News

• Electricity Forum News

• Grid Technologies News

Washington-Led Lawsuit Against Energy Emergency challenges President Trump's executive order, citing state rights, environmental reviews, permitting, and federal overreach; coalition argues record energy output undermines emergency claims in Seattle federal court.

Key Points

Multistate suit to void Trump's energy emergency, alleging federal overreach and weakened environmental safeguards.

✅ Challenges executive order's legal basis and scope

✅ Claims expedited permitting skirts environmental reviews

✅ Seeks to halt emergency permits for non-emergencies

In a significant legal move, Washington State Attorney General Nick Brown has spearheaded a coalition of 15 states in filing a lawsuit against President Donald Trump's executive order declaring a national energy emergency. The lawsuit, filed in federal court in Seattle on May 9, 2025, challenges the legality of the emergency declaration, which aims to expedite permitting processes for fossil fuel projects in pursuit of an energy dominance vision by bypassing key environmental reviews.

Background of the Energy Emergency Declaration

President Trump's executive order, issued on January 20, 2025, asserts that the United States faces an inadequate and unreliable energy grid, particularly affecting the Northeast and West Coast regions. The order directs federal agencies, including the Army Corps of Engineers and the Department of the Interior, to utilize "any lawful emergency authorities" to facilitate the development of domestic energy resources, with a focus on oil, gas, and coal projects. This includes expediting reviews under the Clean Water Act, Endangered Species Act, the National Environmental Policy Act, and the National Historic Preservation Act, potentially reducing public input and environmental oversight.

Legal Grounds for the Lawsuit

The coalition of states, led by Washington and California, argues that the emergency declaration is an overreach of presidential authority, echoing disputes over the Affordable Clean Energy rule in federal courts. They contend that U.S. energy production is already at record levels, and the declaration undermines state rights and environmental protections. The lawsuit seeks to have the executive order declared unlawful and to halt the issuance of emergency permits for non-emergency projects. 

Implications for Environmental Protections

Critics of the energy emergency declaration express concern that it could lead to significant environmental degradation. By expediting permitting processes, including geothermal permitting, and reducing public participation, the order may allow projects to proceed without adequate consideration of their impact on water quality, wildlife habitats, and cultural resources. Environmental advocates argue that such actions could set a dangerous precedent, enabling future administrations to bypass essential environmental safeguards under the guise of national emergencies, even as the EPA advances new pollution limits for coal and gas plants to address the climate crisis.

Political and Legal Reactions

The Trump administration defends the executive order, asserting that the president has the authority to declare national emergencies and that the energy emergency is necessary to address perceived deficiencies in the nation's energy infrastructure and potential electricity pricing changes debated by industry groups. However, legal experts suggest that the broad application of emergency powers in this context may face challenges in court. The outcome of the lawsuit could have significant implications for the balance of power between state and federal authorities, as well as the future of environmental regulations in the United States.

The legal challenge led by Washington State Attorney General Nick Brown represents a critical juncture in the ongoing debate over energy policy and environmental protection. As the lawsuit progresses through the courts, it will likely serve as a bellwether for future conflicts between state and federal governments regarding the scope of executive authority and the preservation of environmental standards, amid ongoing efforts to expand uranium and nuclear energy programs nationwide. The outcome may set a precedent for how national emergencies are declared and managed, particularly concerning their impact on state governance and environmental laws.

Related News

• Electricity Forum News

• Energy Policy News

BC Hydro Site C and Clean Energy Policy shapes B.C.'s power mix, affecting run-of-river hydro, net metering for rooftop solar, independent power producers, and surplus capacity forecasts tied to LNG Canada demand.

Key Points

BC Hydro's strategy centers on Site C, limiting new run-of-river projects and tightening net metering amid surplus power

✅ Site C adds long-term capacity with lower projected rates.

✅ Run-of-river IPP growth paused amid surplus forecasts.

✅ Net metering limits deter oversized rooftop solar.

Innergex Renewable Energy Inc. is celebrating the official commissioning today of what may be the last large run-of-river hydro project in B.C. for years to come.

The project – two new generating stations on the Upper Lillooet River and Boulder Creek in the Pemberton Valley – actually began producing power in 2017, but the official commissioning was delayed until Friday September 14.

Innergex, which earlier this year bought out Vancouver’s Alterra Power, invested $491 million in the two run-of-river hydro-electric projects, which have a generating capacity of 106 megawatts of power. The project has the generating capacity to power 39,000 homes.

The commissioning happened to coincide with an address by BC Hydro CEO Chris O’Riley to the Greater Vancouver Board of Trade Friday, in which he provided an update on the progress of the $10.7-billion Site C dam project.

That project has put an end, for the foreseeable future, of any major new run-of-river projects like the Innergex project in Pemberton.

BC Hydro expects the new dam to produce a surplus of power when it is commissioned in November 2024, so no new clean energy power calls are expected for years to come.

Independent power producers aren’t the only ones who have seen a decline in opportunities to make money in B.C. providing renewable power, as the Siwash Creek project shows. So will homeowners who over-build their own solar power systems, in an attempt to make money from power sales.

There are about 1,300 homeowners in B.C. with rooftop solar systems, and when they produce surplus power, they can sell it to BC Hydro.

BC Hydro is amending the net metering program to discourage homeowners from over-building. In some cases, some howeowners have been generating 40% to 50% more power than they need.

“We were getting installations that were massively over-sized for their load, and selling this big quantity of power to us,” O’Riley said. “And that was never the idea of the program.”

Going forward, BC Hydro plans to place limits on how much power a homeowner can sell to BC Hydro.

BC Hydro has been criticized for building Site C when the demand for power has been generally flat, and reliance on out-of-province electricity has drawn scrutiny. But O’Riley said the dam isn’t being built for today’s generation, but the next.

“We’re not building Site C for today,” he said. “We have an energy surplus for the short term. We’re not even building it for 2024. We’re building it for the next 100 years.”

O’Riley acknowledged Site C dam has been a contentious and “extremely challenging” project. It has faced numerous court challenges, a late-stage review by the BC Utilities Commission, cost overruns, geotechnical problems and a dispute with the main contractors.

In a separate case, the province was ordered to pay $10 million over the denial of a Squamish power project, highlighting broader legal risk.

But those issues have been resolved, O’Riley said, and the project is back on track with a new construction schedule.

“As we move forward, we have a responsibility to deliver a project on time and against the new revised budget, and I’m confident the changes we’ve made are set up to do that,” O’Riley said.

Currently, there are about 3,300 workers employed on the dam project.

Despite criticisms that BC Hydro is investing in a legacy mega-project at a time when cost of wind and solar have been falling, O’Riley insisted that Site C was the best and lowest cost option.

“First, it’s the lowest cost option,” he said. “We expect over the first 20 years of Site C’s operating life, our customers will see rates 7% to 10% below what it would otherwise be using the alternatives.”

BC Hydro missed a critical window to divert the Peace River, something that can only be done in September, during lower river flows. That added a full year’s delay to the project.

O’Riley said BC Hydro had built in a one-year contingency into the project, so he expects the project can still be completed by 2024 – the original in-service target date. But the delay will add more than $2 billion to the last budget estimate, boosting the estimated capital cost from $8.3 billion to $10.7 billion.

Meeting the 2024 in-service target date could be important, if Royal Dutch Shell and its consortium partners make a final investment decision this year on the $40 billion LNG Canada project.

That project also has a completion target date of 2024, and would be a major new industrial customer with a substantial power draw for operations.

“If they make a decision to go forward, they will be a very big customer of BC Hydro,” O’Riley told Business in Vancouver. “They would be in our top three or four biggest customers.”

Related News

• Electricity Forum News

• Power Generation News

DTEK Rotterdam+ price-fixing case scrutinizes alleged collusion over coal-based electricity tariffs in Ukraine, with NABU probing NERC regulators, market manipulation, consumer overpayment, and wholesale pricing tied to imported coal benchmarks.

Key Points

NABU probes alleged DTEK-NERC collusion to inflate coal power tariffs via Rotterdam+; all suspects deny wrongdoing.

✅ NABU alleges tariff manipulation tied to coal import benchmarks.

✅ Four DTEK execs and four NERC officials reportedly charged.

✅ Probe centers on 2016-2017 overpayments; defendants contest.

Two more executives of DTEK, Ukraine’s largest private power and coal producer and recently in energy talks with Octopus Energy, have been charged in a criminal case on August 14 involving an alleged conspiracy to fix electricity prices with the state energy regulator, Interfax reported.

They are Ivan Helyukh, the CEO of subsidiary DTEK Grid, which operates as Ukraine modernizes its network alongside global moves toward a smart electricity grid, and Borys Lisoviy, a top manager of power generation company Skhidenergo, according to Kyiv-based Concorde Capital investment bank.

Ukraine’s Anti-Corruption Bureau (NABU) alleges that now four DTEK managers “pressured” and colluded with four regulators at the National Energy and Utilities Regulatory Commission to manipulate tariffs on electricity generated from coal that forced consumers to overpay, reflecting debates about unjustified profits in the UK, $747 million in 2016-2017.

DTEK allegedly benefited $560 million in the scheme.

All eight suspects are charged with “abuse of office” and deny wrongdoing, similar to findings in a B.C. Hydro regulator report published in Canada.

There is “no legitimate basis for suspicions set out in the investigation,” DTEK said in an August 8 statement.

Suspect Dmytro Vovk, the former head of NERC, dismissed the investigation as a “wild goose chase” on Facebook.

In separate statements over the past week, DTEK said the managers who are charged have prematurely returned from vacation to “fully cooperate” with authorities in order to “help establish the truth.”

A Kyiv court on August 14 set bail at $400,000 for one DTEK manager who wasn’t named, as enforcement actions like the NT Power penalty highlight regulatory consequences.

The so-called Rotterdam+ pricing formula that NABU has been investigating since March 2017, similar to federal scrutiny of TVA rates, was in place from April 2016 until July of this year.

It based the wholesale price of electricity by Ukrainian thermal power plants on coal prices set in the Rotterdam port plus delivery costs to Ukraine.

NABU alleges that at certain times it has not seen documented proof that the purchased coal originated in Rotterdam, insisting that there was no justification for the price hikes, echoing issues around paying for electricity in India in some markets.

Ukraine started facing thermal-coal shortages after fighting between government forces and Russia-backed separatists in the eastern part of the country erupted in April 2014. A vast majority of the anthracite-coal mines on which many Ukrainian plants rely are located on territory controlled by the separatists.

Overnight, Ukraine went from being a net exporter of coal to a net importer and started purchasing coal from as far away as South Africa and Australia.

Related News

• Electricity Forum News

• Energy Policy News

Germany Nuclear Phase-Out reflects a decisive energy policy shift, retiring reactors as firms shun new builds amid high costs, radioactive waste challenges, climate goals, insurance gaps, and debate over small modular reactors and subsidies.

Key Points

Germany's policy to end nuclear plants and block new builds, emphasizing safety, waste, climate goals, and viability.

✅ Driven by safety risks, waste storage limits, and insurance gaps

✅ High capital costs and subsidies make new reactors uneconomic

✅ Political debate persists; SMRs raise cost and proliferation concerns

A year has passed since Germany deactivated its last three nuclear power plants, marking a significant shift in its energy policy.

Nuclear fission once heralded as the future of energy in Germany during the 1960s, was initially embraced with minimal concern for the potential risks of nuclear accidents. As Heinz Smital from Greenpeace recalls, the early optimism was partly driven by national interest in nuclear weapon technology rather than energy companies' initiatives.

Jochen Flasbarth, State Secretary in the Ministry of Development, reflects on that era, noting Germany's strong, almost naive, belief in technology. Germany, particularly the Ruhr region, grappled with smog-filled skies at that time due to heavy industrialization and coal-fired power plants. Nuclear energy presented a "clean" alternative at the time.

This sentiment was also prevalent in East Germany, where the first commercial nuclear power plant came online in 1961. In total, 37 nuclear reactors were activated across Germany, reflecting a widespread confidence in nuclear technology.

However, the 1970s saw a shift in attitudes. Environmental activists protested the construction of new power plants, symbolizing a generational rift. The 1979 Three Mile Island incident in the US, followed by the catastrophic Chornobyl disaster in 1986, further eroded public trust in nuclear energy.

The Chornobyl accident, in particular, significantly dampened Germany's nuclear ambitions, according to Smital. Post-Chernobyl, plans for additional nuclear power plants in Germany, once numbering 60, drastically declined.

The emergence of the Green Party in 1980, rooted in anti-nuclear sentiment, and its subsequent rise to political prominence further influenced Germany's energy policy. The Greens, joining forces with the Social Democrats in 1998, initiated a move away from nuclear energy, facing opposition from the Christian Democrats (CDU) and Christian Social Union (CSU).

However, the Fukushima disaster in 2011 prompted a policy reversal from CDU and CSU under Chancellor Angela Merkel, leading to Germany's eventual nuclear phase-out in March 2023, after briefly extending nuclear power amid the energy crisis.

Recently, the CDU and CSU have revised their stance once more, signaling a potential U-turn on the nuclear phaseout, advocating for new nuclear reactors and the reactivation of the last shut-down plants, citing climate protection and rising fossil fuel costs. CDU leader Friedrich Merz has lamented the shutdown as a "black day for Germany." However, these suggestions have garnered little enthusiasm from German energy companies.

Steffi Lemke, the Federal Environment Minister, isn't surprised by the companies' reluctance, noting their longstanding opposition to nuclear power, which she argues would do little to solve the gas issue in Germany, due to its high-risk nature and the long-term challenge of radioactive waste management.

Globally, 412 reactors are operational across 32 countries, even as Europe is losing nuclear power during an energy crunch, with the total number remaining relatively stable over the years. While countries like China, France, and the UK plan new constructions, there's a growing interest in small, modern reactors, which Smital of Greenpeace views with skepticism, noting their potential military applications.

In Germany, the unresolved issue of nuclear waste storage looms large. With temporary storage facilities near power plants proving inadequate for long-term needs, the search for permanent sites faces resistance from local communities and poses financial and logistical challenges.

Environment Minister Lemke underscores the economic impracticality of nuclear energy in Germany, citing prohibitive costs and the necessity of substantial subsidies and insurance exemptions.

As things stand, the resurgence of nuclear power in Germany appears unlikely, with economic factors playing a decisive role in its future.

Related News

• Electricity Forum News

• Power Generation News