A new report from BC’s auditor general has found that while BC Hydro has done a good job of protecting the core components of its system from cyberattack, the same cannot be said of the utility’s smaller components.
Auditor General Carol Bellringer noted that the utility has the capability to identify and respond to cyberattacks on critical parts of its industrial control systems (ICS), which are managed under North America-wide reliability standards. However, the audit also discovered that BC Hydro’s localized systems are not governed by those standards, and thus may be vulnerable.
The auditor’s report warned that the smaller components BC Hydro is not paying closer attention to – mostly lower power capacity equipment – could allow malicious actors to tamper with the system to create localized power outages. Bellringer added that enough outages could set off a chain reaction that endangers the larger system, or even cause catastrophic failure in Alberta or as far as the US.
“Globally, the energy sector is one of the most cyberattacked of all critical infrastructure sectors,” the auditor general wrote in her report.
Bellringer noted that cybersecurity is no longer about prevention, but also about “quickly detecting and responding to attacks,” especially when some attacks are almost certain to slip through.
Global News reported that details of the report were only communicated with the public in broad strokes, to prevent malicious actors from acting upon the vulnerabilities. But a detailed report was sent to BC Hydro.
The auditor general made three public recommendations for the utility:
