Cybersecurity Protection

The BCUC is responsible for ensuring regulated entities protect their online systems and data from cyber risks.

Cybersecurity is an essential part of providing safe and reliable service to customers, as businesses increasingly rely on technology.


Protection Activities

The BCUC carries out several activities to identify cyber risks and monitor entities' compliance to defense measures.

Protecting BC's Electricity Grid

British Columbia's (BC) electricity system is protected by Mandatory Reliability Standards, which are the rules for operating a reliable and secure system.

Entities that own and/or operate critical infrastructure (systems, facilities, technologies) to generate, transmit, and control the flow of electricity over BC’s bulk electric system must follow Mandatory Reliability Standards. They must also develop cybersecurity protection plans for their critical infrastructure.

The BCUC uses a compliance monitoring program to monitor and evaluate entities.

We determine if entities are following the required standards and plans, by using audits and investigations to assess an entity’s compliance.

Learn more

Cybersecurity Framework

Two-Year Pilot

In December 2022, the BCUC has developed a Cybersecurity Framework with the intent to mitigate cybersecurity risk to public utilities for their critical infrastructure, that is not included in the scope of the Mandatory Reliability Standards.

The framework is flexible and scalable based on size and risk profile of the public utility and makes use of existing industry guidance. It is proposed to be introduced on a two-year pilot basis to assess its effectiveness in addressing public utility cybersecurity risk.

After the pilot, the BCUC will consider adopting the framework on a permanent basis. The BCUC has established a submission process to receive feedback on the proposed pilot and the Cybersecurity Framework.

Communications

When concerns arise, the BCUC issues information bulletins to advise public utilities and those in the MRS program of alerts and recommendations on actions to mitigate cybersecurity risks.


Keeping Informed

The BCUC monitors cybersecurity issues related to public utilities and those under the Mandatory Reliability Standards through:

  1. Rate applications

    The BCUC assesses and examines a public utility’s cybersecurity expenditures when the utility submits its rate application to the BCUC.

  2. Threat briefings

    The BCUC attends cybersecurity threat briefings for the energy and utilities sector and monitors threat alerts issued by local, provincial, federal, and international government agencies.

  3. Cybersecurity incidents

    The BCUC requires public utilities to report all cybersecurity incidents to the BCUC so they can be followed up on until they are resolved.

  4. Stakeholder engagement

    The BCUC conducts meetings with public utilities on cybersecurity issues.


Reducing Cybersecurity Risk

The BCUC recommends that regulated entities take steps to reduce their cybersecurity risks that are specific to their needs and capabilities. Cybersecurity risks can be decreased by applying administrative and technical security controls to protect devices, systems, and personnel.

Basic security controls include asset management, access management, backup and recovery, cybersecurity policies, incident response, patch management, personnel training and awareness on critical systems, and physical security.



Additional Resources

There are several public resources that provide more information on cybersecurity. Click on the headings to open the list. This list does not imply endorsement by the BCUC.

Mandatory Reliability Standards

Discover how Mandatory Reliability Standards protect North America's bulk power system and the BCUC's key role.

Learn more