l I Government of Canada Gouvernement du Canada NATIONAL ELECTRIC GRID SECURITY AND RESILIENCE ACTION PLAN December 2016 Table of Contents Introduction 3 Structure of the Action Plan 3 Implementation of the Action Plan 3 Goal 1 Protect Today's Electric Grid and Enhance Preparedness 4 Introduction 4 Objectives 4 Government of Canada Actions 5 Goal 2 Manage Contingencies and Enhance Response and Recovery Efforts 8 Introduction 8 Objectives 8 Government of Canada Actions 8 Goal 3 Build a More Secure and Resilient Future Grid 9 Introduction 9 Objectives 10 Government of Canada Actions 11 Conclusion 13 Abbreviations 14 References 14 Page 2 of 14 JOINT CANADA-U S GRID SECURITY AND RESILIENCE STRATEGY CANADIAN ACTION PLAN Introduction On March 10 2016 Prime Minister Trudeau and President Obama issued a U S -Canada Joint Statement on Climate Energy and Arctic Leadership Included in the statement was a commitment to develop a common strategy for strengthening the security and resilience of the inter-connected North American electricity grid Since that time Canadian officials have worked collaboratively with U S counterparts and key stakeholders to develop the Joint United States-Canada Electric Grid Security and Resilience Strategy Strategy and domestic action plans for implementation The Canadian Action Plan Action Plan articulates a set of strategic actions measures and outreach activities designed to enhance the current security posture of the inter-connected electricity grid and to ensure that future grid improvements investments address security and resilience matters throughout the design implementation and operational stages of a project The legislative and regulatory regimes governing the energy sector in Canada are complex given the respective roles and responsibilities of owners operators regulatory bodies and the Federal and Provincial Territorial Governments Regulatory oversight of the electric grid reliability rests primarily within the jurisdiction of the Provinces and Territories The Federal Government is responsible for interprovincial and international electric transmission lines The Federal Government is also responsible for national energy policy national safety and security matters and cross-border initiatives Structure of the Action Plan The Strategy articulates three strategic goals that provide the framework for efforts to reduce the systemic risks to the electric grid through a combination of organizational technical and policy efforts This Action Plan is designed to help Canada attain these goals 1 Protect Today's Electric Grid and Enhance Preparedness 2 Manage Contingencies and Enhance Response and Recovery Efforts 3 Build a More Secure and Resilient Future Electric Grid Implementation of the Action Plan The Canadian lead on this initiative is Natural Resources Canada NRCan supported by Public Safety Canada NRCan has the legislative mandate for identification of risks to critical energy infrastructure and for taking measures to address those risks Public Safety Canada PS has the overarching responsibility for security and resilience of all ten critical infrastructure sectors in Canada The Canadian mandate for critical infrastructure protection flows from the provisions of the Emergency Management Act 2007 the National Strategy for Critical Infrastructure and Canada's Cyber Security Strategy Page 3 of 14 It should be noted that this Action Plan is designed to leverage current federal activities and thus will be revenue budget neutral Implementation will take place in collaboration with the key Canadian stakeholders and the U S Departments of Energy and Homeland Security Nothing in this action plan precludes governments agencies or private sector stakeholders from engaging in additional value-added activities to promote the security and resilience of the energy sector Iterations and future developments of this effort will be guided by Canada's legislative and regulatory frameworks and national priorities This document is not intended to nor does it create any binding obligations under international law Goal 1 Protect Today's Electric Grid and Enhance Preparedness Introduction Protecting today's electricity grid and enhancing preparedness is a key prerequisite for the effective functioning of our economy and the well-being of our citizens The Federal Government plays a key role in providing value-added assistance to the energy sector in this regard Objectives Canada will pursue the following objectives to achieve the strategic goal of protecting today's electric grid and enhancing preparedness Enhance Information Sharing Coordinate and Improve Forensic Law Enforcement and Protection Capabilities Protect against Major Isolated and Cascading Events Align Standards Incentives and Investments with Security Goals Understand and Mitigate Vulnerabilities from Interdependencies with Other Critical Infrastructure Canada's Action Plan items outlined below are designed to help achieve this goal and its objectives by Developing tools to detect avoid deter and mitigate vulnerabilities before they impact the grid thus preventing system interruptions or failures Providing an understanding of the inter-related nature of the energy sector and other key critical infrastructure sectors in Canada thereby assisting in the planning for the management of major isolated or cascading events which could create system failures or affect multiple jurisdictions Page 4 of 14 Sharing actionable threat information with energy sector owner operators regulatory bodies and government departments and agencies and sharing best practices Including intelligence and law enforcement representatives of the Canadian Security Intelligence Service and the Royal Canadian Mounted Police as partners in energyrelated initiatives to provide classified intelligence to stakeholders with the required security clearance and with the need to know Assisting stakeholders to make decisions regarding grid modernization and prudent security investments Sharing sector-specific cyber security threat information and suggesting mitigation measures and Working with representatives of the ten key critical infrastructure sectors in Canada to raise awareness and to inform emergency preparedness response and recovery Government of Canada Actions The following actions will be undertaken to address Goal 1-- Protect Today's Electric Grid and Enhance Preparedness 1 1 NRCan in collaboration with PS will establish a user community portal for sharing information among members of the Energy and Utilities Sector Network EUSN leveraging Public Safety's Critical Infrastructure Gateway Deliverable Energy Sector user community portal Timeline Within 1 year of the publication of this Action Plan 1 2 NRCan in collaboration with energy sector industry associations will organize annual senior-level government and industry meetings to discuss emerging security issues and develop specific measures to address them Deliverable Inaugural senior-level government and industry meeting Timeline Within 1 year of the publication of this Action Plan and ongoing 1 3 NRCan will conduct analysis and produce sector-specific security bulletins to share information with members of the EUSN Deliverable Energy Infrastructure Security Bulletins Timeline ongoing Page 5 of 14 1 4 NRCan will facilitate discussions with Canadian Provinces Territories and electricity regulators regarding grid security resilience investments and modernization Deliverable Meeting workshop or webinar Timeline Within 1 year of the publication of this Action Plan and ongoing 1 5 PS in collaboration with NRCan will raise awareness and encourage the use of the Canadian Cyber Incident Response Centre's CCIRC Community portal amongst Canadian electricity sector stakeholders Deliverable Formal invitation to stakeholders and presentation delivered to NRCan's EUSN Timeline Within 1 year of the publication of this Action Plan and ongoing 1 6 PS in conjunction with NRCan will work with government and private sector representatives from sectors such as energy finance and information and communications technology to address key dependencies interdependencies Deliverable Facilitated discussions Timeline Ongoing 1 7 PS in collaboration with NRCan Geo Analytics and Emergency Geomatics Service will explore the feasibility of leveraging energy infrastructure maps to help predict and mitigate the cascading impacts of electrical grid disruptions and identify interdependencies with other critical infrastructure sectors in order to assess risks and enhance resilience Timeline Within 2 years of the publication of this Action Plan 1 8 PS will continue efforts to increase and enhance collaboration with the electricity sub-sector including distributing information designed to protect electrical systems and increase their resiliency Deliverable 1 CCIRC engagement activities including distribution of cyber security information to ensure that the electrical sub-sector in Canada is better informed about cyber security threats against their infrastructure better connected to Page 6 of 14 national incident response and mitigation resources and better equipped to respond to cyber security incidents within individual organizations Timeline Ongoing Deliverable 2 PS will host annual workshops on security of industrial control systems for critical infrastructure owners and operators including energy electricity sector stakeholders to raise awareness of current and emerging threats and to learn how to better defend against them Deliverable Annual workshops Timeline Ongoing 1 9 NRCan and PS will develop a revitalized framework to enhance situational awareness during events and define key roles and responsibilities for government and industry in order to provide credible timely and actionable information to electricity sector owners and operators during emergency situations Deliverable Updated Framework for situational awareness during events Timeline Within 1 year of the publication of this Action Plan 1 10 PS will work with NRCan and the U S Department of Energy to explore opportunities to deliver a cluster of site assessments subject to the agreement of the infrastructure owners and operators involving electrical facilities within a crossborder region in collaboration with the U S Department of Homeland Security to measure resilience and address vulnerabilities Deliverable Report on strengthening cross border regional resilience Timeline Process launched within 1 year of the publication of this Action Plan Page 7 of 14 Goal 2 Manage Contingencies and Enhance Response and Recovery Efforts Introduction The electric grid is composed of a highly diverse set of assets systems and functions and is primarily owned and operated by the private sector in the United States or by Provincial Territorial investor-owned and municipal utilities in Canada In part because of its complexity and physical size and the increasing use of networked Industrial Control Systems the electric grid is vulnerable to disruptions from a variety of hazards and threats Enhancing response and recovery efforts depends on collaboration with all stakeholders The challenge is addressing the continued evolution of physical threats technological risks cyber incidents and natural hazards including climate change Objectives Canada will pursue the following objectives to achieve the strategic goal of managing contingencies and enhancing response and recovery efforts Improve Emergency Response and Continuity Support Mutual Assistance for Recovering from Disruptions Caused by Physical and Cyber Threats Identify Dependencies and Supply Chain Needs During Emergencies Recover and Rebuild Canada's Action Plan items outlined below will help to achieve this goal and its objectives by Designing and conducting a tabletop exercise to increase capabilities of personnel and organization to respond and recover from physical or cyber incidents and using the lessons learned to adapt processes and procedures and Collaborating with the energy sector to exchange information and expertise related to cyber security thereby helping both industry and government to increase cyber resilience increase technical capacity and promote innovation Government of Canada Actions The following actions will be taken to address Goal 2-- Manage Contingencies and Enhance Response and Recovery Efforts 2 1 NRCan in collaboration with the Canadian Electricity Association will hold a Canadian executive table-top exercise in relation to GridEx IV in November 2017 Deliverable Table-top exercise Page 8 of 14 Timeline November 2017 2 2 Through the PS-led Cyber Review officials will be reaching out to discuss the cyber security concerns of the Canadian energy sector as a key constituent of the broader critical infrastructure community Officials will seek the perspectives of expert stakeholders on key issues in critical infrastructure resilience including that of the energy grid They will also seek expert views on the Government of Canada's forward agenda on cyber security gathered under three action areas cyber resilience cyber capacity and capability and cyber security innovation The three cyber review action areas will allow stakeholders to provide input that maps to the three themes of the cross-border electrical grid strategy - such that 'protecting today's grid' looks at cyber resilience 'managing contingencies and response recovery' speaks to cyber capabilities and capacity and 'building a more security and resilient future grid' deals with cyber security innovation Deliverable Consultations with the energy sector and broader CI community as part of the cyber review Timeline Fall 2016 and ongoing 2 3 NRCan and PS in collaboration with the Canadian Electricity Association will clarify and summarize federal and sector-specific resources and capabilities in regards to cybersecurity threats and incidents Deliverable Guidance for the electrical sector on federal cyber incident response capabilities and processes Timeline Within 2 years of the publication of this Action Plan Goal 3 Build a More Secure and Resilient Future Grid Introduction The United States and Canada are working to build a more secure and resilient electric grid that is responsive to a variety of threats hazards and vulnerabilities To achieve this the electric grid will need to be more flexible and agile with an architecture into which new technologies can be readily incorporated As the electric grid evolves the electric grid owners and operators are integrating a variety of approaches to risk management including more diverse and distributed generation that could serve to provide a more resilient and secure electric grid Page 9 of 14 Greater use of intermittent sources of power will elevate the role of energy storage systems and enable a more flexible system In the future the electric grid will likely draw on new combinations of generation incorporate evolving energy storage and distribution systems and accept new technologies many of which are emerging much more rapidly than the electric grid technologies of the last century Owners and operators will need to protect the electric grid from new and evolving risks stemming from such technologies - in particular cyber threats Investments to meet those needs may necessitate incentives beyond those provided for by current policy recognizing that utilities have variable levels of resources to make these investments Additionally global climate change will increasingly create new stresses to which the electric grid will need to adapt The electric grid gains reliability from the development and integration of new technologies but technology also introduces new potential security vulnerabilities Expanding networks of sensors are improving the amount speed and quality of data generated about the electric grid With advanced computation and analytics a more accurate picture of electric grid status is becoming available in real time providing greater decision capabilities and more reliable automated responses to events These changes also increase the number of vulnerabilities to cyber incidents Objectives Canada will pursue the following objectives to achieve the strategic goal of building a more secure and resilient electric grid Understand and Manage New and Evolving Risks from Electric Grid Technologies and Electric Grid Design Develop and Deploy Security and Resilience Tools and Technologies Integrate Security and Resilience into Planning Investment and Policy Decision-Making Coordinating Cross-Border Grid Integration Between the United States and Canada Understand and Mitigate Risks Posed by Climate Change Develop a Highly-Skilled Workforce Canada's Action Plan items outlined below will help to achieve this goal and its objectives by Delivering hands-on skills training and knowledge transfer in relation to cyber security for energy facility owner operators senior IT professionals control room operators and policy makers Conducting innovative research and development to develop and test new technologies for Industrial Control Systems Page 10 of 14 Providing security facility assessments and management- level classified briefings to assist energy sector owner operators to address deficiencies and make improvements to increase security and resilience of assets and operations Contributing to clean energy initiatives by integrating security and resilience considerations from the onset of the process when developing new technologies Providing tools and standards to guide industry operations and emergency response activities and Working collaboratively on cross-border initiatives to managing climate change risks and evolving cyber security issues as they relate to cross-border energy infrastructure Government of Canada Actions The following actions will be taken to address Goal 3-- Build a More Secure and Resilient Future Grid 3 1 PS in collaboration with NRCan and electricity sector stakeholders e g Canadian Electricity Association will explore opportunities to leverage the Regional Resilience Assessment Program to help identify vulnerabilities and dependencies and to explore opportunities to strengthen the program going forward Deliverable Site assessments Timeline Within 1 year of the publication of this Action Plan and ongoing 3 2 NRCan with the concurrence of the infrastructure owners and operators will carry out cyber-physical security facility reviews technology testing of industrial control system equipment and software targeted R D and specialized cybersecurity hands-on training and simulation exercises for energy infrastructure control room operators IT engineers and cybersecurity experts Research and development activities will be undertaken to enhance critical infrastructure resiliency and security of cyber-physical industrial control systems Deliverable Hands-on training and simulation exercises technology testing and R D Timeline Ongoing Page 11 of 14 3 3 NRCan will enhance information sharing and facilitate collaboration between domestic and international research organizations that address energy security and resilience Deliverable Information sharing bulletins Timeline Ongoing 3 4 NRCan will seek opportunities to integrate security consideration into internal and federally funded energy innovation R D e g smart grid electric vehicles Deliverable Inclusion of security considerations in funded R D initiatives Timeline Ongoing 3 5 NRCan will undertake research and analysis and share information to help mitigate impacts of all hazards in order to inform emergency management initiatives as well as to improve response and inform codes and standards development Deliverable Analytical products Timeline Ongoing 3 6 NRCan will develop a State of Play Report on climate change adaptation in Canada's energy sector The report will identify risks and opportunities to increase resilience to climate change impacts including an assessment of opportunities for advancing adaptation of cross-border energy infrastructure Deliverable State of Play Report Timeline February 2017 3 7 NRCan will share information with U S Department of Energy on tools and information to manage climate change risks conduct cost-benefit analysis and action measures to increase resilience Timeline May 31 2017 3 8 NRCan will consult with Canadian stakeholders U S Department of Energy and other appropriate organizations to identify activities to better understand and assess the risks of climate change to cross border infrastructure and required actions to reduce risks and implement targeted activities where there is common interest Timeline March 31 2018 Page 12 of 14 3 9 PS will facilitate the development of robust partnerships between Public Safety Portfolio Agencies the CCIRC and private sector owners operators to ensure that cyber anomalies are detected quickly and mitigation measures are shared broadly Timeline Ongoing Conclusion The activities outlined in this Action Plan represent a set of concrete actions designed to strengthen the security and resilience of the inter-connected electricity grid Because infrastructure security is a shared responsibility a successful outcome will depend on close collaboration with Provinces and Territories private sector owner operators regulatory bodies and the U S Departments of Energy and Homeland Security Continual engagement and dialogue between stakeholders will be required as the electricity sector continues to evolve Canada has a long history of working collaboratively with the United States on issues of common interest to benefit long term economic growth and the well-being of our citizens The Joint United States-Canada Electric Grid Strategy and domestic Action Plans will provide a robust framework for bilateral engagement in the near term and on an ongoing basis Canada is committed to working collaboratively with our U S colleagues to deliver benefits to our respective countries in the form of a more secure and resilient electricity grid low carbon economies and a clean energy future In accordance with this Action Plan the Canadian Government will continue to engage with key stakeholders domestically and internationally to work towards a common goal - increasing the security and resilience of the inter-connected electricity grid - using an all hazards approach Much progress has been made in this regard but we must continue to work diligently and proactively on initiatives to enhance emergency preparedness obtain predictive information and address complex and continually evolving threats A robust secure and resilient electric grid is essential to protecting public health and safety economic security and national security Physical incidents cyber incidents or natural events affecting the electric grid can be potentially catastrophic Security mechanisms that function today will not be effective in the future Emerging threats and hazards whether cyber-related or emanating from climate change for example will continually challenge the resilience of the electric grid It is imperative that electric grid stakeholders prepare for disruptive events and continue to work to address the current and future threats hazards and vulnerabilities to their systems We must also be ready to seize the opportunity to adopt new and emerging technologies to address grid vulnerability ensuring that investments are smart and effective As we continue our work we need to be mindful that decisions are made in the public interest and to take climate change and clean energy considerations into account By so doing we will help ensure that we are well positioned to increase the security and resilience of the electricity grid now and into the future Page 13 of 14 Abbreviations CCIRC Canadian Cyber Incident Response Centre EUSN Energy and Utilities Sector Network NEITC National Energy Infrastructure Test Centre NRCan Natural Resources Canada PS Public Safety Canada References Emergency Management Act S C 2007 c 15 National Strategy for Critical Infrastructure 2010 and Action Plan for Critical Infrastructure 2014 - 2017 Canada's Cyber Security Strategy 2010 and Action Plan 2010 - 2015 for Canada's Cyber Security Strategy Page 14 of 14 This document is from the holdings of The National Security Archive Suite 701 Gelman Library The George Washington University 2130 H Street NW Washington D C 20037 Phone 202 994-7000 Fax 202 994-7005 nsarchiv@gwu edu
OCR of the Document
View the Document >>