Cyber security toolkit for Canada’s energy sector
Cyber security resources and contacts for the electricity, nuclear and oil and gas sectors
On this page:
In case of a cyber incident
A cyber incident is any unauthorized or unexpected event or activity, whether successful or not, to compromise confidentiality, integrity, or availability of any computer network or resource. It has the potential to disrupt individuals, organizations, or operational systems.
- Consult internal incident response plans and procedures. See Public Safety Canada’s document Developing an Operational Technology and Information Technology Incident Response Plan.
- Report a cyber incident to the Canadian Centre for Cyber Security:
- Website: Report a cyber incident
- Email: contact@cyber.gc.ca
- Toll Free: 1-833-Cyber-88 (1-833-292-3788)
- If you believe a cyber incident is of a criminal nature, contact your local law enforcement agency or the Royal Canadian Mounted Police.
- You may also consider contacting Natural Resources Canada, your provincial energy department and/or your federal or provincial energy regulator.
- If you believe a cyber incident is related to national security (i.e., it may be an act of espionage, foreign interference, or tampering of critical infrastructure), please contact the Canadian Security Intelligence Service.
Government of Canada cyber security programs and services
Cyber security is a shared responsibility between several Government of Canada departments and agencies, with each offering unique programs and services to support the energy sector.
| Government of Canada Department / Agency | Point of contact | Programs and services offered |
|---|---|---|
| Natural Resources Canada | Website: Cyber and Energy Security Policy and Outreach Email: cespo-plemce@nrcan-rncan.gc.ca |
|
| Website: Energy Infrastructure Security Division Email: crirn-nrirc@nrcan-rncan.gc.ca |
|
|
| Canadian Centre for Cyber Security | Website: Canadian Centre for Cyber Security Email: energy-par-energie@cyber.gc.ca |
|
| Public Safety Canada | Website: Public Safety Canada Email: ps.cyberengagements-engagementscybernetiques.sp@canada.ca |
|
| Royal Canadian Mounted Police | Website: Federal Policing National Security Critical Infrastructure Team Email: sir-sis@rcmp-grc.gc.ca |
|
| Website: National Cybercrime Coordination Centre |
|
|
| Canadian Security Intelligence Service | Website: Canadian Security Intelligence Service Website: Reporting National Security Information Phone: (613) 993-9620 |
|
| Office of the Privacy Commissioner | Website: Office of the Privacy Commissioner Website: Report a privacy breach at your organization |
|
| Innovation, Science, and Economic Development Canada | Website: Innovation, Science and Economic Development Canada Website: Report spam |
|
| Canadian Anti-Fraud Centre | Website: Canadian Anti-Fraud Centre Website: Report fraud and cybercrime |
|
Cyber security resources
Below is a list of various publicly available cyber security resources that may be useful for energy sector partners.
| Resource name | Organization | Type of resource | Sector |
|---|---|---|---|
| Energy and Utilities Sector Network | Natural Resources Canada | Membership groups and networks | Oil and gas, electricity, nuclear |
| Critical Infrastructure Gateway | Public Safety Canada | Membership groups and networks | Oil and gas, electricity, nuclear |
| Oil and Natural Gas Information Sharing and Analysis Center | Oil and Gas Information Sharing and Analysis Center | Membership groups and networks | Oil and gas |
| Downstream Natural Gas Information Sharing and Analysis Center | Downstream Natural Gas Information Sharing and Analysis Center | Membership groups and networks | Oil and gas |
| Electricity Information Sharing and Analysis Center | Electricity Information Sharing and Analysis Center | Membership groups and networks | Electricity |
| Oil and Natural Gas Subsector Coordinating Council | Oil and Natural Gas Subsector Coordinating Council | Membership groups and networks | Oil and gas |
| Electricity Subsector Coordinating Council | Electricity Subsector Coordinating Council | Membership groups and networks | Electricity |
| Lighthouse | Independent Electricity System Operator | Membership groups and networks | Electricity |
| Candu Owners Group | Candu Owners Group | Membership groups and networks | Nuclear |
| Nuclear Information Technology Strategic Leadership | Nuclear Information Technology Strategic Leadership | Membership groups and networks | Nuclear |
| Canadian Cyber Threat Exchange | Canadian Cyber Threat Exchange | Membership groups and networks | Oil and gas, electricity, nuclear |
| The Canadian Cyber Security Tool | Public Safety Canada | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| Regional Resilience Assessment Program | Public Safety Canada | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| Insider Risk Assessment Tool | Public Safety Canada | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| Cyber Supply Chain Risk Assessment | Canadian Centre for Cyber Security | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| Securing Personal Information: A Self-Assessment Tool for Organizations | Office of the Privacy Commissioner of Canada | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| Cyber Resource Hub | Cybersecurity and Infrastructure Security Agency | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| Cybersecurity Capability Maturity Model (CM2M) | U.S. Department of Energy | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| NIST Cybersecurity Framework Assessment and Auditing Resources | National Institute of Standards and Technology | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| National Vulnerability Database | National Institute of Standards and Technology | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| ATT&CK | MITRE | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| D3FEND | MITRE | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| System of Trust | MITRE | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| Supply Chain Security Assessment Model | North American Transmission Forum | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| Cyber Security Roadmap | Electric Power Research Institute | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| Advanced Vulnerability Grading Tool | Electric Power Research Institute | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| Counterfeit and Fraudulent Items Nuclear Supply Chain Self Assessment Checklist | Electric Power Research Institute | Self assessments and risk management tools | Nuclear |
| Industrial Automation and Control System Cybersecurity Risk Methodology and Incident Response Playbook | BBA Engineering | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| CIRA Canadian Shield | Canadian Internet Registration Authority | Self assessments and risk management tools | Oil and gas, electricity, nuclear |
| Cyber Centre Learning Hub | Canadian Centre for Cyber Security | Certification, training and events | Oil and gas, electricity, nuclear |
| Cyber Centre Events | Canadian Centre for Cyber Security | Certification, training and events | Oil and gas, electricity, nuclear |
| Certifications in the Field of Cyber Security | Canadian Centre for Cyber Security | Certification, training and events | Oil and gas, electricity, nuclear |
| Critical Infrastructure Exercises | Public Safety Canada | Certification, training and events | Oil and gas, electricity, nuclear |
| Cy-Phy Exercise Program | Public Safety Canada | Certification, training and events | Oil and gas, electricity, nuclear |
| Industrial Control Systems Security Events | Public Safety Canada | Certification, training and events | Oil and gas, electricity, nuclear |
| CyberSecure Canada | Innovation, Science and Economic Development Canada | Certification, training and events | Oil and gas, electricity, nuclear |
| SANS Institute | SANS Institute | Certification, training and events | Oil and gas, electricity, nuclear |
| Industrial Control Systems Training | Cybersecurity and Infrastructure Security Agency | Certification, training and events | Oil and gas, electricity, nuclear |
| Tabletop Exercise Packages | Cybersecurity and Infrastructure Security Agency | Certification, training and events | Oil and gas, electricity, nuclear |
| Cybersecurity Certification | CSA Group | Certification, training and events | Oil and gas, electricity, nuclear |
| Nuclear Training, Workshops and Conferences | Nuclear Energy Institute | Certification, training and events | Nuclear |
| Nuclear Security e-Learning | International Atomic Energy Agency | Certification, training and events | Nuclear |
| World Institute for Nuclear Security | World Institute for Nuclear Security | Certification, training and events | Nuclear |
| Cyber Security Advice, Guidance, and Information | Canadian Centre for Cyber Security | Education resources | Oil and gas, electricity, nuclear |
| Alerts and Advisories | Canadian Centre for Cyber Security | Education resources | Oil and gas, electricity, nuclear |
| National Cyber Threat Assessment 2023-2024 | Canadian Centre for Cyber Security | Education resources | Oil and gas, electricity, nuclear |
| An Introduction to the Cyber Threat Environment | Canadian Centre for Cyber Security | Education resources | Oil and gas, electricity, nuclear |
| The Cyber Threat to Canada’s Oil and Gas Sector | Canadian Centre for Cyber Security | Education resources | Oil and gas |
| The Cyber Threat to Canada’s Electricity Sector | Canadian Centre for Cyber Security | Education resources | Electricity |
| Principles and Approaches for Security-by-Design and -Default | Canadian Centre for Cyber Security | Education resources | Oil and gas, electricity, nuclear |
| Developing Your IT Recovery Plan | Canadian Centre for Cyber Security | Education resources | Oil and gas, electricity, nuclear |
| IT Security Risk Management: A Lifecycle Approach | Canadian Centre for Cyber Security | Education resources | Oil and gas, electricity, nuclear |
| Generative Artificial Intelligence | Canadian Centre for Cyber Security | Education resources | Oil and gas, electricity, nuclear |
| National Cyber Security Strategy | Public Safety Canada | Education resources | Oil and gas, electricity, nuclear |
| National Cyber Security Action Plan (2019-2024) | Public Safety Canada | Education resources | Oil and gas, electricity, nuclear |
| Developing an Operational Technology and Information Technology Incident Response Plan | Public Safety Canada | Education resources | Oil and gas, electricity, nuclear |
| Critical Infrastructure | Public Safety Canada | Education resources | Oil and gas, electricity, nuclear |
| Fundamentals of Cyber Security for Canada’s Critical Infrastructure Community | Public Safety Canada | Education resources | Oil and gas, electricity, nuclear |
| Resilience to Insider Risk | Public Safety Canada | Education resources | Oil and gas, electricity, nuclear |
| Insider Risk Resilience Guidance Document | Public Safety Canada | Education resources | Oil and gas, electricity, nuclear |
| Russian State Sponsored and Criminal Cyber Threats to Critical Infrastructure | Cybersecurity and Infrastructure Security Agency | Education resources | Oil and gas, electricity, nuclear |
| APT Cyber Tools Targeting SCADA Devices | Cybersecurity and Infrastructure Security Agency | Education resources | Oil and gas, electricity, nuclear |
| Securing Industrial Control Systems: A Unified Initiative | Cybersecurity and Infrastructure Security Agency | Education resources | Oil and gas, electricity, nuclear |
| Nuclear Reactors, Materials, and Waste Sector-Specific Plan | Cybersecurity and Infrastructure Security Agency | Education resources | Nuclear |
| Cybersecurity Considerations for Distributed Energy Resources | U.S. Department of Energy | Education resources | Electricity |
| Defense-in-Depth: Cybersecurity in the Natural Gas and Oil Industry | Oil and Natural Gas Subsector Coordinating Council | Education resources | Oil and gas |
| Canadian Gas Association Codes and Standards | Canadian Gas Association | Regulations, standards and best practices | Oil and gas |
| CSA Petroleum and Natural Gas Standards | CSA Group | Regulations, standards and best practices | Oil and gas |
| CSA Electrical Standards | CSA Group | Regulations, standards and best practices | Electricity |
| CSA Nuclear Standards |
CSA Group | Regulations, standards and best practices | Nuclear |
| CSA N290.7:21, Cyber Security for Nuclear Facilities | CSA Group | Regulations, standards and best practices | Nuclear |
| NERC Reliability Standards | North American Electric Reliability Corporation | Regulations, standards and best practices | Electricity |
| Cyber Planning for Response and Recovery Study | Federal Energy Regulatory Commission and North American Electric Reliability Corporation | Regulations, standards and best practices | Electricity |
| NIST Cybersecurity Framework | National Institute of Standards and Technology | Regulations, standards and best practices | Oil and gas, electricity, nuclear |
| Series of Standards on Security of Industrial Automation and Control Systems | International Society of Automation | Regulations, standards and best practices | Oil and gas, electricity, nuclear |
| American Petroleum Institute Standard 1164, 3rd Edition | American Petroleum Institute | Regulations, standards and best practices | Oil and gas |
| Industrial Control Systems Recommended Practices | Cybersecurity and Infrastructure Security Agency | Regulations, standards and best practices | Oil and gas, electricity, nuclear |
| Cyber Security Key Management for Power System Equipment | International Electrotechnical Commission | Regulations, standards and best practices | Oil and gas, electricity, nuclear |
| Information Security Controls for the Energy Utility Industry | International Organization for Standardization and International Electrotechnical Commission | Regulations, standards and best practices | Oil and gas, electricity, nuclear |
| Enhancing Cyber Resilience in Electricity Systems | International Energy Agency | Regulations, standards and best practices | Electricity |
| CNSC DIS-21-03, Cyber Security and the Protection of Digital Information | Canadian Nuclear Safety Commission | Regulations, standards and best practices | Nuclear |
| IAEA NSS No. 17-T (Rev. 1) Technical Guidance on Computer Security at Nuclear Facilities | International Atomic Energy Agency | Regulations, standards and best practices | Nuclear |
| IAEA NSS No. 33-T Technical Guidance on Computer Security of Instrumentation and Control Systems at Nuclear Facilities | International Atomic Energy Agency | Regulations, standards and best practices | Nuclear |
| IAEA Nuclear Security Series No. 42-G Implementing Guide on Computer Security for Nuclear Security | International Atomic Energy Agency | Regulations, standards and best practices | Nuclear |
| IAEA (2022) Computer Security Approaches to Reduce Cyber Risks in the Nuclear Supply Chain | International Atomic Energy Agency | Regulations, standards and best practices | Nuclear |
| IAEA (2016) Conducting Computer Security Assessments at Nuclear Facilities | International Atomic Energy Agency | Regulations, standards and best practices | Nuclear |
| IAEA (2016) Computer Security Incident Response Planning at Nuclear Facilities | International Atomic Energy Agency | Regulations, standards and best practices | Nuclear |
| IAEA (2019) Managing Counterfeit and Fraudulent Items in the Nuclear Industry | International Atomic Energy Agency | Regulations, standards and best practices | Nuclear |
| Cyber Security and Critical Energy Infrastructure Program | Natural Resources Canada | Research and development | Oil and gas, electricity, nuclear |
| Canadian Resources Infrastructure Resilience Nexus | Natural Resources Canada | Research and development | Oil and gas, electricity, nuclear |
| Cyber Security Cooperation Program | Public Safety Canada | Research and development | Oil and gas, electricity, nuclear |
| Canadian Safety and Security Program | Defence Research and Development Canada | Research and development | Oil and gas, electricity, nuclear |
| Canadian Nuclear Laboratories Cyber Security | Canadian Nuclear Laboratories | Research and development | Nuclear |
| Federal Nuclear Science and Technology Work Plan | Atomic Energy of Canada Limited | Research and development | Nuclear |
This table contains links to websites not under the control of the Government of Canada and are provided solely for the convenience of our website visitors. We are not responsible for the accuracy, currency or reliability of the content of such websites. The Government of Canada does not offer any guarantee in that regard and is not responsible for the information found through these links, nor does it endorse the sites and their content. For more information read the Terms and Conditions.
Websites not under the control of the Government of Canada may not be available in both official languages, indicated in table.
Page details
- Date modified: