DATE ISSUED: Feb. 4, 2021
EFFECTIVE DATE: Feb. 4, 2021
During the latter part of 2020, a number of critical sectors in the U.S. experienced significant challenges to their cyber systems. As many Canadian operators use similar computer software and hardware products, the BC Energy Regulator (Regulator) is strongly recommending all industry operators review the recommendations contained within the following key documents:
- CSA Z246.1, Security Management for Petroleum and Natural Gas Industry Systems;
- The NIST (National Institute of Standards and Technology) Guide to Industrial Control Systems (ICS) Security, and
- ANSI/CAN/UL 2900-1:2017, Software Cybersecurity for Network-Connectable Products
Operators should also consider the physical and other security processes noted within CSA Z246.1, and review their current practices against the best practices outlined in the standard.
Security management is an important aspect in both protecting the public, and permit holder assets from harms that may lead to dangerous conditions, release of product and associated risks to the public and environment. These risks can range from petty thefts, such as copper grounding cables, to malware affecting operational IT/IS systems.
To assist in supporting awareness of risks and best practices, companies who wish to be placed on the distribution list for National Critical Infrastructure or Cyber Security bulletins available from federal agencies, may forward requests to EMP@BCOGC.CA with “bulletins” in the subject line.
If you have any questions regarding this Industry Bulletin, please contact:
Peter Dalton
Director, Security and Emergency Management
BC Energy Regulator
250-794-5231