July 7, 2015


Local

Hydro found lacking in its attention to cyber-security

Is Manitoba Hydro prone to a cyber-attack? Could the lights go off because of a hacker, terrorist, disgruntled employee or hostile government? Or could simple equipment failure or bad weather cause havoc?

That's what the province's auditor general set out to find in an examination of the Crown corporation's fail-safes in its industrial control systems (ICS).

Auditor general Carol Bellringer said ICS controls and monitors much of Hydro's electrical generation, transmission and natural gas distribution system.

"Everything going into the electrical system has a computer control that's really critical," she said. "What we found (was) the attention to the full risks was insufficient."

Specifically, the audit looked at Hydro's compliance to the North American Electric Reliability Corporation's (NERC) critical infrastructure protection standards, which include cyber-security control.

The audit sets out a number of recommendations Hydro should follow to meet NERC compliance -- recommendations the utility says it's already addressing.

They include conducting an internal assessment of its ICS cyber-security risks, including cyber-security as a corporate risk, and assigning corporate-wide cyber-security to one executive and corporate-wide physical security to one executive. It should also develop and deliver a security training and awareness program for all staff involved with ICS systems.

Why does it matter?

"To monitor and control the generation, transmission and distribution of electricity, as well as the distribution of natural gas, Manitoba Hydro uses many industrial control systems (ICS)," said the Office of the Auditor General. "We chose to audit Manitoba Hydro's ICS systems because of the significant impact that a loss in the reliable flow of power and gas can have on public safety and on the provincial economy.

"ICS systems control and monitor actual physical devices that, if compromised, could result in unintentional and/or inappropriate commands that could lead to equipment malfunction, causing significant risk to the health and safety of Manitobans as well as the environment. It is essential that the risks to ICS systems are properly managed."

 

Source: the Office of the Auditor General

Republished from the Winnipeg Free Press print edition March 21, 2014 A4

You can comment on most stories on winnipegfreepress.com. You can also agree or disagree with other comments. All you need to do is be a Winnipeg Free Press print or e-edition subscriber to join the conversation and give your feedback.

Have Your Say

New to commenting? Check out our Frequently Asked Questions.

Have Your Say

Comments are open to Winnipeg Free Press print or e-edition subscribers only. why?

Have Your Say

Comments are open to Winnipeg Free Press Subscribers only. why?

The Winnipeg Free Press does not necessarily endorse any of the views posted. By submitting your comment, you agree to our Terms and Conditions. These terms were revised effective January 2015.

Scroll down to load more

Top