Article content
Alberta has raised the bar. As of May 31, its new Security Management for Critical Infrastructure Regulation mandates operational technology (OT)-focused protections aligned with CSA Z246.1 (the federal standard that specifies criteria for establishing a security management program for petroleum and natural gas industry systems). Operators must inventory and segment control systems, minimize attack surfaces and implement intrusion detection. Most critically, Alberta regulators have enforcement power.
THIS CONTENT IS RESERVED FOR SUBSCRIBERS ONLY
Subscribe now to read the latest news in your city and across Canada.
- Exclusive articles from Barbara Shecter, Joe O’Connor, Gabriel Friedman, and others.
- Daily content from Financial Times, the world’s leading global business publication.
- Unlimited online access to read articles from Financial Post, National Post and 15 news sites across Canada with one account.
- National Post ePaper, an electronic replica of the print edition to view on any device, share and comment on.
- Daily puzzles, including the New York Times Crossword.
SUBSCRIBE TO UNLOCK MORE ARTICLES
Subscribe now to read the latest news in your city and across Canada.
- Exclusive articles from Barbara Shecter, Joe O’Connor, Gabriel Friedman and others.
- Daily content from Financial Times, the world’s leading global business publication.
- Unlimited online access to read articles from Financial Post, National Post and 15 news sites across Canada with one account.
- National Post ePaper, an electronic replica of the print edition to view on any device, share and comment on.
- Daily puzzles, including the New York Times Crossword.
REGISTER / SIGN IN TO UNLOCK MORE ARTICLES
Create an account or sign in to continue with your reading experience.
- Access articles from across Canada with one account.
- Share your thoughts and join the conversation in the comments.
- Enjoy additional articles per month.
- Get email updates from your favourite authors.
THIS ARTICLE IS FREE TO READ REGISTER TO UNLOCK.
Create an account or sign in to continue with your reading experience.
- Access articles from across Canada with one account
- Share your thoughts and join the conversation in the comments
- Enjoy additional articles per month
- Get email updates from your favourite authors
Sign In or Create an Account
or
Article content
Article content
“Alberta’s bold move sets a new standard for protecting what powers our nation. This isn’t just regulation; it’s a wake-up call to embed cybersecurity into the DNA of critical infrastructure,” says Denrich Sananda, managing partner at Arista Cyber in Richmond Hill, Ont.
Article content
Article content
By signing up you consent to receive the above newsletter from Postmedia Network Inc.
Article content
At the federal level, Bill C-26’s Critical Cyber Systems Protection Act (CCSPA) promises long-overdue OT security requirements for sectors like telecom, banking and energy. It mandates risk management programs, incident reporting and compliance with government directives. But gaps remain: oversight is weak, its scope is narrow and it omits ransomware and safe harbour provisions.
Article content
“Canada must lead in OT cyber security policy to protect our national interests, as our critical infrastructure supports the essential services Canadians rely on every day,” urges Ashif Samnani, national cybersecurity practice leader at Dartmouth, N.S.-based Mobia Technology Innovations.
Article content
“This protection requires a national mandate, prioritizing and resurrecting bills such as Bill C-26 tied to a larger scope over provincial approaches such as Alberta Legislation 84/2024, to ensure a unified and resilient defense against evolving cyber threats.”
Article content
Article content
There are four priorities federal authorities should initiate:
Article content
- Mandate national OT standards – Build on CSA and IEC 62443 (the series of international standards that focus on cybersecurity for industrial automation and control systems) to create a common, enforceable baseline across sectors. Alberta’s model shows that this is feasible.
- Coordinate across jurisdictions – Align provincial and federal efforts with shared threat data, playbooks and regulatory expectations.
- Fund modernization – Many systems are outdated and expensive to secure. Support upgrades, especially for small operators and municipalities.
- Enable real-time threat sharing – Expand Canada’s cyber incident response infrastructure to include OT-specific intelligence and exercises.
Article content
Globally, allies are acting decisively. The U.S. now mandates cyber incident reporting and sector-specific controls. Europe’s NIS2 directive imposes strict OT requirements and executive accountability. Australia, too, is prioritizing OT risk management.
Article content
Meanwhile, ransomware attacks on industrial systems have surged 87 per cent. New malware like Pipedream targets control systems directly. CISA and CCCS warn that Canada’s OT environment, including water, transportation and power systems, remains dangerously exposed.
