U.S. grid-security measures may hurt Canadian companies

Published 25 November 2009

The growing concern in the United States over the security of the national grid has lead to security measures — and proposed legislation — aiming to make the security of the grid more robust; trouble is, much of the U.S. electricity comes from Canada, and some of the contemplated security measures my disrupt transmission of power from across the border

Canada’s electricity industry is concerned unilateral U.S. action to protect the North American power grid from an imminent cyber threat could upset the power supply in Canada. Four cyber-security bills before Congress contain either weak or no provisions requiring U.S. authorities to consult Canada before taking action to confront an imminent cyber threat to the continental network. “They’ve got to recognize that the North American grid is international, it’s interconnected, it’s integrated. Consultations, co-operation between governmental authorities on both sides of the border is going to be imperative, otherwise you won’t be able to ensure system reliability and you’ll probably undermine system reliability,” said Francis Bradley, of the Canadian Electricity Association (CEA), representing power generators, utilities and other industry players.

Ian MacLeod writes that as it stands, where international consultation on an imminent cyber emergency is addressed at all in the draft bills, the language is qualified. For example, the proposed Bulk Power Protection Act in the House of Representatives recommends consultation with Canada and Mexico “to the extent feasible, taking into account the nature of the threat and urgency of need for action … subject to adequate protections against inappropriate disclosure of security-sensitive information.”

Said Bradley: “There has to be very clear and explicit language that makes it critical that there is consultation and co-operation with whoever (in the U.S.) is going to be making orders that will impact the grid.”

The complexity of balancing the system, especially if somebody alters something in one portion of the system without co-ordinating with another portion, can mean the power goes out “even if what they’re proposing is the right thing to do,” he said. “The right thing to do still has to be done in a co-ordinated fashion.”

Canada’s Public Safety minister Peter Van Loan dismissed the association’s concern in an interview Friday. “Frankly, if somebody launches an attack and you haven’t made yourself technically resilient, it really doesn’t matter whether or not the (the U.S.) is consulting with Canadians or not,” he said. “The system is either going to survive or go down in a hurry. What matters more is what is done in advance to prevent that from ever happening,” he said.

Successive federal governments in Canada have promised a national cybersecurity strategy since 2004. Van Loan said “fairly advanced work” is underway but would not say when the strategy might be unveiled, only that it will