Enhancing cybersecurity protects our customers

This article was published in September 2022 and may be outdated.

The internet can seem like a window to the rest of the world, but it’s more like a door.

We’re connected to the internet all the time. At work. At school. At home. So much so it’s easy to forget about the door and why we need to keep it tightly closed.

Any business — especially a utility like Manitoba Hydro — needs to make sure it’s closely monitoring who’s coming through.

We have thousands of kilometres of transmission and distribution lines crisscrossing the province, plus our hydroelectric generating stations, converter stations, and numerous substations. Each of these critical parts are connected to our telecommunications system, which lets us manage and maintain them to ensure reliability.

In other words, we have many doors to keep closed.

“The integration of new technologies with Manitoba Hydro’s electric grid — and others we are connected to — will continue to create new opportunities and capabilities, but it also means increased risk because it creates more points of entry for cyber attackers,” said Matthew Szyda, who leads Manitoba Hydro’s Industrial Control Systems Cyber Security Risk Management Program (ICS CSRM). “Our cybersecurity measures — like all utilities across North America — need to be that much stronger to protect us from bad actors and cyber threats.”

Formed in 2017, the ICS CSRM team’s main objective is to reduce the chance of a cyberattack on Manitoba Hydro’s critical control systems. Manitoba Hydro’s Cyber Security Department focuses on preventing loss of corporate information or assets, prolonged outages, and costly recovery efforts that could occur because of a cyberattack.

This effort has led to a few significant security improvements:

  • Remote logins from certain countries have been blocked. Only Manitoba Hydro issued and managed devices are allowed to connect to our corporate network.
  • In the event we see an increase in cyber risks, we can immediately deactivate remote connections.
  • We’re enhancing cybersecurity awareness and training and making it easier for employees to recognize and report suspicious activity, spam, or phishing attempts to our Cyber Security Office.
  • We’re continually reviewing what the impact could be of a significant cyber incident.

Manitoba Hydro also complies with the North American Reliability Corporation Critical Infrastructure Protection requirements for cybersecurity, as monitored by the Midwest Reliability Organization, to help ensure the reliability and security of North America’s bulk power system.

As part of these requirements, we and independent third parties regularly assess the effectiveness of our cybersecurity controls.

It can’t — and won’t — stop there. One of Manitoba Hydro’s core mandates is electrical reliability and keeping a steady flow of electricity to all our customers.

For us, reliability in what we provide to you now means making sure no one ever sneaks through that door, each minute of every day.

Protect yourself

  • Watch out for urgent-looking messages that pop up while you’re browsing online. Don’t click on them or call the number they provide.
  • No legitimate company will call and claim your device is infected with a virus.
  • Some websites, such as music, game, movie, and adult sites, may try to install viruses or malware without your knowledge. Watch out for emails with spelling and formatting errors and be wary of clicking on any attachments or links. They may contain viruses or spyware.
  • Make sure you have anti-virus software installed and keep your operating system and smartphone up to date.
  • Never give anyone remote access to your computer. If you are having problems with your device, bring it to a local technician.

— Canadian Anti-Fraud Centre