There are gaps in BC Hydro's cybersecurity system that could allow attackers to trigger localized power outages, according to a new report calling for increased monitoring.
B.C.'s Office of the Auditor General reviewed BC Hydro's control systems, and found the Crown corporation is "effectively managing" cybersecurity risks by following mandatory international standards.
But some pieces of equipment – generally ones with lower power capacity – aren't covered by those standards and aren't currently being monitored, according to the audit.
That might make them "vulnerable to cybersecurity threats," according to Auditor General Carol Bellringer, who said thorough security measures are increasingly important.
"Globally, the energy sector is one of the most cyberattacked of all critical infrastructure sectors," Bellringer says in the report.
"Cybersecurity is no longer only about prevention, but also about quickly detecting and responding to attacks – because some are almost certain to get through."
The government did not publicly disclose specifics about BC Hydro's potential vulnerabilities for security reasons, but said the utility provider has been given a technical report outlining the audit's findings.
Read the full report, "Detection and Response to Cybersecurity Threats on BC Hydro's Industrial Control Systems," below.
