Language selection

Search


Cyber security toolkit for Canada’s energy sector

Cyber security resources and contacts for the electricity, nuclear and oil and gas sectors

On this page:

In case of a cyber incident

A cyber incident is any unauthorized or unexpected event or activity, whether successful or not, to compromise confidentiality, integrity, or availability of any computer network or resource. It has the potential to disrupt individuals, organizations, or operational systems.

Government of Canada cyber security programs and services

Cyber security is a shared responsibility between several Government of Canada departments and agencies, with each offering unique programs and services to support the energy sector.

Government of Canada Department / Agency Point of contact Programs and services offered
Natural Resources Canada Website: Cyber and Energy Security Policy and Outreach
Email: cespo-plemce@nrcan-rncan.gc.ca
  • Networks
  • Workshops
  • Research and Development
  • Development and delivery of emergency and tabletop exercises
  • Engagement with industry, United States, international, provincial and territorial partners
Website: Energy Infrastructure Security Division
Email: crirn-nrirc@nrcan-rncan.gc.ca
  • Canadian Resources Infrastructure Resilience Nexus
  • simulation exercises
  • research and development
  • technology testing
  • hands on training
Canadian Centre for Cyber Security Website: Canadian Centre for Cyber Security
Email: energy-par-energie@cyber.gc.ca
  • alerts, advisories and guidance
  • tools (e.g., cyber threat intelligence feed, ASSEMBLYLINE)
  • Energy Sector Community Call and Walk-the-Talk webinars
Public Safety Canada Website: Public Safety Canada
Email: ps.cyberengagements-engagementscybernetiques.sp@canada.ca
  • training
  • workshops
  • security assessments
Royal Canadian Mounted Police Website: Federal Policing National Security Critical Infrastructure Team
Email: sir-sis@rcmp-grc.gc.ca
  • Analysis of critical infrastructure incidents with a nexus to national security in Canada and abroad
Website: National Cybercrime Coordination Centre
  • Works with law enforcement and other partners to help reduce the threat, impact and victimization of cybercrime in Canada
Canadian Security Intelligence Service Website: Canadian Security Intelligence Service
Website: Reporting National Security Information
Phone: (613) 993-9620
  • Investigation of activities suspected of constituting threats to the security of Canada and reporting these threats to the Government of Canada
Office of the Privacy Commissioner Website: Office of the Privacy Commissioner
Website: Report a privacy breach at your organization
  • Canadian privacy laws
  • mandatory reporting of breaches
  • privacy protection
Innovation, Science, and Economic Development Canada Website: Innovation, Science and Economic Development Canada
Website: Report spam
  • Cyber training and certifications for small and medium-sized organizations
  • Spam support
Canadian Anti-Fraud Centre Website: Canadian Anti-Fraud Centre
Website: Report fraud and cybercrime
  • Collects information on fraud and identity theft, as well as past and current scams affecting Canadians

Cyber security resources

Below is a list of various publicly available cyber security resources that may be useful for energy sector partners.

Resource name Organization Type of resource Sector
Energy and Utilities Sector Network Natural Resources Canada Membership groups and networks Oil and gas, electricity, nuclear
Critical Infrastructure Gateway Public Safety Canada Membership groups and networks Oil and gas, electricity, nuclear
Oil and Natural Gas Information Sharing and Analysis Center Oil and Gas Information Sharing and Analysis Center Membership groups and networks Oil and gas
Downstream Natural Gas Information Sharing and Analysis Center Downstream Natural Gas Information Sharing and Analysis Center Membership groups and networks Oil and gas
Electricity Information Sharing and Analysis Center Electricity Information Sharing and Analysis Center Membership groups and networks Electricity
Oil and Natural Gas Subsector Coordinating Council Oil and Natural Gas Subsector Coordinating Council Membership groups and networks Oil and gas
Electricity Subsector Coordinating Council Electricity Subsector Coordinating Council Membership groups and networks Electricity
Lighthouse Independent Electricity System Operator Membership groups and networks Electricity
Candu Owners Group Candu Owners Group Membership groups and networks Nuclear
Nuclear Information Technology Strategic Leadership Nuclear Information Technology Strategic Leadership Membership groups and networks Nuclear
Canadian Cyber Threat Exchange Canadian Cyber Threat Exchange Membership groups and networks Oil and gas, electricity, nuclear
The Canadian Cyber Security Tool Public Safety Canada Self assessments and risk management tools Oil and gas, electricity, nuclear
Regional Resilience Assessment Program Public Safety Canada Self assessments and risk management tools Oil and gas, electricity, nuclear
Insider Risk Assessment Tool Public Safety Canada Self assessments and risk management tools Oil and gas, electricity, nuclear
Cyber Supply Chain Risk Assessment Canadian Centre for Cyber Security Self assessments and risk management tools Oil and gas, electricity, nuclear
Securing Personal Information: A Self-Assessment Tool for Organizations Office of the Privacy Commissioner of Canada Self assessments and risk management tools Oil and gas, electricity, nuclear
Cyber Resource Hub Cybersecurity and Infrastructure Security Agency Self assessments and risk management tools Oil and gas, electricity, nuclear
Cybersecurity Capability Maturity Model (CM2M) U.S. Department of Energy Self assessments and risk management tools Oil and gas, electricity, nuclear
NIST Cybersecurity Framework Assessment and Auditing Resources National Institute of Standards and Technology Self assessments and risk management tools Oil and gas, electricity, nuclear
National Vulnerability Database National Institute of Standards and Technology Self assessments and risk management tools Oil and gas, electricity, nuclear
ATT&CK MITRE Self assessments and risk management tools Oil and gas, electricity, nuclear
D3FEND MITRE Self assessments and risk management tools Oil and gas, electricity, nuclear
System of Trust MITRE Self assessments and risk management tools Oil and gas, electricity, nuclear
Supply Chain Security Assessment Model North American Transmission Forum Self assessments and risk management tools Oil and gas, electricity, nuclear
Cyber Security Roadmap Electric Power Research Institute Self assessments and risk management tools Oil and gas, electricity, nuclear
Advanced Vulnerability Grading Tool Electric Power Research Institute Self assessments and risk management tools Oil and gas, electricity, nuclear
Counterfeit and Fraudulent Items Nuclear Supply Chain Self Assessment Checklist Electric Power Research Institute Self assessments and risk management tools Nuclear
Industrial Automation and Control System Cybersecurity Risk Methodology and Incident Response Playbook BBA Engineering Self assessments and risk management tools Oil and gas, electricity, nuclear
CIRA Canadian Shield Canadian Internet Registration Authority Self assessments and risk management tools Oil and gas, electricity, nuclear
Cyber Centre Learning Hub Canadian Centre for Cyber Security Certification, training and events Oil and gas, electricity, nuclear
Cyber Centre Events Canadian Centre for Cyber Security Certification, training and events Oil and gas, electricity, nuclear
Certifications in the Field of Cyber Security Canadian Centre for Cyber Security Certification, training and events Oil and gas, electricity, nuclear
Critical Infrastructure Exercises Public Safety Canada Certification, training and events Oil and gas, electricity, nuclear
Cy-Phy Exercise Program Public Safety Canada Certification, training and events Oil and gas, electricity, nuclear
Industrial Control Systems Security Events Public Safety Canada Certification, training and events Oil and gas, electricity, nuclear
CyberSecure Canada Innovation, Science and Economic Development Canada Certification, training and events Oil and gas, electricity, nuclear
SANS Institute SANS Institute Certification, training and events Oil and gas, electricity, nuclear
Industrial Control Systems Training Cybersecurity and Infrastructure Security Agency Certification, training and events Oil and gas, electricity, nuclear
Tabletop Exercise Packages Cybersecurity and Infrastructure Security Agency Certification, training and events Oil and gas, electricity, nuclear
Cybersecurity Certification CSA Group Certification, training and events Oil and gas, electricity, nuclear
Nuclear Training, Workshops and Conferences Nuclear Energy Institute Certification, training and events Nuclear
Nuclear Security e-Learning International Atomic Energy Agency Certification, training and events Nuclear
World Institute for Nuclear Security World Institute for Nuclear Security Certification, training and events Nuclear
Cyber Security Advice, Guidance, and Information Canadian Centre for Cyber Security Education resources Oil and gas, electricity, nuclear
Alerts and Advisories Canadian Centre for Cyber Security Education resources Oil and gas, electricity, nuclear
National Cyber Threat Assessment 2023-2024 Canadian Centre for Cyber Security Education resources Oil and gas, electricity, nuclear
An Introduction to the Cyber Threat Environment Canadian Centre for Cyber Security Education resources Oil and gas, electricity, nuclear
The Cyber Threat to Canada’s Oil and Gas Sector Canadian Centre for Cyber Security Education resources Oil and gas
The Cyber Threat to Canada’s Electricity Sector Canadian Centre for Cyber Security Education resources Electricity
Principles and Approaches for Security-by-Design and -Default Canadian Centre for Cyber Security Education resources Oil and gas, electricity, nuclear
Developing Your IT Recovery Plan Canadian Centre for Cyber Security Education resources Oil and gas, electricity, nuclear
IT Security Risk Management: A Lifecycle Approach Canadian Centre for Cyber Security Education resources Oil and gas, electricity, nuclear
Generative Artificial Intelligence Canadian Centre for Cyber Security Education resources Oil and gas, electricity, nuclear
National Cyber Security Strategy Public Safety Canada Education resources Oil and gas, electricity, nuclear
National Cyber Security Action Plan (2019-2024) Public Safety Canada Education resources Oil and gas, electricity, nuclear
Developing an Operational Technology and Information Technology Incident Response Plan Public Safety Canada Education resources Oil and gas, electricity, nuclear
Critical Infrastructure Public Safety Canada Education resources Oil and gas, electricity, nuclear
Fundamentals of Cyber Security for Canada’s Critical Infrastructure Community Public Safety Canada Education resources Oil and gas, electricity, nuclear
Resilience to Insider Risk Public Safety Canada Education resources Oil and gas, electricity, nuclear
Insider Risk Resilience Guidance Document Public Safety Canada Education resources Oil and gas, electricity, nuclear
Russian State Sponsored and Criminal Cyber Threats to Critical Infrastructure Cybersecurity and Infrastructure Security Agency Education resources Oil and gas, electricity, nuclear
APT Cyber Tools Targeting SCADA Devices Cybersecurity and Infrastructure Security Agency Education resources Oil and gas, electricity, nuclear
Securing Industrial Control Systems: A Unified Initiative Cybersecurity and Infrastructure Security Agency Education resources Oil and gas, electricity, nuclear
Nuclear Reactors, Materials, and Waste Sector-Specific Plan Cybersecurity and Infrastructure Security Agency Education resources Nuclear
Cybersecurity Considerations for Distributed Energy Resources U.S. Department of Energy Education resources Electricity
Defense-in-Depth: Cybersecurity in the Natural Gas and Oil Industry Oil and Natural Gas Subsector Coordinating Council Education resources Oil and gas
Canadian Gas Association Codes and Standards Canadian Gas Association Regulations, standards and best practices Oil and gas
CSA Petroleum and Natural Gas Standards CSA Group Regulations, standards and best practices Oil and gas
CSA Electrical Standards CSA Group Regulations, standards and best practices Electricity
CSA Nuclear
Standards
CSA Group Regulations, standards and best practices Nuclear
CSA N290.7:21, Cyber Security for Nuclear Facilities CSA Group Regulations, standards and best practices Nuclear
NERC Reliability Standards North American Electric Reliability Corporation Regulations, standards and best practices Electricity
Cyber Planning for Response and Recovery Study Federal Energy Regulatory Commission and North American Electric Reliability Corporation Regulations, standards and best practices Electricity
NIST Cybersecurity Framework National Institute of Standards and Technology Regulations, standards and best practices Oil and gas, electricity, nuclear
Series of Standards on Security of Industrial Automation and Control Systems International Society of Automation Regulations, standards and best practices Oil and gas, electricity, nuclear
American Petroleum Institute Standard 1164, 3rd Edition American Petroleum Institute Regulations, standards and best practices Oil and gas
Industrial Control Systems Recommended Practices Cybersecurity and Infrastructure Security Agency Regulations, standards and best practices Oil and gas, electricity, nuclear
Cyber Security Key Management for Power System Equipment International Electrotechnical Commission Regulations, standards and best practices Oil and gas, electricity, nuclear
Information Security Controls for the Energy Utility Industry International Organization for Standardization and International Electrotechnical Commission Regulations, standards and best practices Oil and gas, electricity, nuclear
Enhancing Cyber Resilience in Electricity Systems International Energy Agency Regulations, standards and best practices Electricity
CNSC DIS-21-03, Cyber Security and the Protection of Digital Information Canadian Nuclear Safety Commission Regulations, standards and best practices Nuclear
IAEA NSS No. 17-T (Rev. 1) Technical Guidance on Computer Security at Nuclear Facilities International Atomic Energy Agency Regulations, standards and best practices Nuclear
IAEA NSS No. 33-T Technical Guidance on Computer Security of Instrumentation and Control Systems at Nuclear Facilities International Atomic Energy Agency Regulations, standards and best practices Nuclear
IAEA Nuclear Security Series No. 42-G Implementing Guide on Computer Security for Nuclear Security International Atomic Energy Agency Regulations, standards and best practices Nuclear
IAEA (2022) Computer Security Approaches to Reduce Cyber Risks in the Nuclear Supply Chain International Atomic Energy Agency Regulations, standards and best practices Nuclear
IAEA (2016) Conducting Computer Security Assessments at Nuclear Facilities International Atomic Energy Agency Regulations, standards and best practices Nuclear
IAEA (2016) Computer Security Incident Response Planning at Nuclear Facilities International Atomic Energy Agency Regulations, standards and best practices Nuclear
IAEA (2019) Managing Counterfeit and Fraudulent Items in the Nuclear Industry International Atomic Energy Agency Regulations, standards and best practices Nuclear
Cyber Security and Critical Energy Infrastructure Program Natural Resources Canada Research and development Oil and gas, electricity, nuclear
Canadian Resources Infrastructure Resilience Nexus Natural Resources Canada Research and development Oil and gas, electricity, nuclear
Cyber Security Cooperation Program Public Safety Canada Research and development Oil and gas, electricity, nuclear
Canadian Safety and Security Program Defence Research and Development Canada Research and development Oil and gas, electricity, nuclear
Canadian Nuclear Laboratories Cyber Security Canadian Nuclear Laboratories Research and development Nuclear
Federal Nuclear Science and Technology Work Plan Atomic Energy of Canada Limited Research and development Nuclear

This table contains links to websites not under the control of the Government of Canada and are provided solely for the convenience of our website visitors. We are not responsible for the accuracy, currency or reliability of the content of such websites. The Government of Canada does not offer any guarantee in that regard and is not responsible for the information found through these links, nor does it endorse the sites and their content. For more information read the Terms and Conditions.

Websites not under the control of the Government of Canada may not be available in both official languages, indicated in table.

Page details

Date modified: