Utility Safety Partners Completes Cybersecurity Journey

Sher Kirk - Operations Director

USP began its cybersecurity plan four years ago in collaboration with our IT partner, Shing Digital. We knew that legislative changes would be on the horizon that put digital asset protection requirements on stakeholders in our industry. The Critical Cyber Systems Protection Act (CCSPA) and incoming Bill C226 lay out those requirements for Canadian critical infrastructure owners, and telecommunications providers.

As a service provider to critical infrastructure owners and telecommunications providers, USP set a goal to increase our cybersecurity and to implement systems, policies, and procedures to assist our members in meeting these new requirements.

We identified the critical elements of protection and implemented each piece and policy over the next four years. Last week, we completed the last piece of that plan and have published the USP Cybersecurity Policy that summarizes our digital asset protection. The key elements of our policy are:

• Hardware Protection
  • Physical elements and programs implemented to safeguard digital assets from external and internal access
  • Services we have engaged to proactively search the internet for potential threats
•  Access Control
  • Policies, programs, and procedures to ensure that digital assets are only accessible to authorized persons.
  • Annual employee training in cybersecurity to help USP recognize threats via email, shared files, etc.
• Third Party SaaS Vendor Controls
  • Requirements USP has in its agreements with third party vendors to protect assets and access to the system
• Cyber Incident Response
  • Identifies potential threats, responsible parties, and actions taken in the event of a security breach
  • Cybersecurity insurance
• Effectiveness Review
  • Penetration testing
  • Cybersecurity drills
  • Annual review and identification of gaps or new requirements

In four years, USP’s cybersecurity system has gone from “bare minimum” to “proactive” on the cybersecurity maturity scale. We will continue to evolve and grow to maintain our status as a trusted service provider to our stakeholders.

If you have questions about USP’s cybersecurity, reach out to us at info@utilitysafety.ca