n its first public report of 2016, the Office of the Auditor General of Alberta reviewed, among other things, IT security for industrial control systems used in Alberta’s oil and gas industries (Report of the Auditor General of Alberta (PDF) from www.oag.ab.ca). Forming part of the industry’s critical infrastructure, these systems consist of hardware and software technologies that facilitate the production and delivery of energy produced in Alberta (e.g., flow measurement and control products, pipeline leak detection solutions, etc.).
The Auditor General’s rationale for its audit: “we believe Albertans may be at risk if [control standards] are unsecured or do not meet minimum IT security standards”.
Given that no entity within the Government of Alberta has assessed the threats, risks and impacts of cyberattacks on control systems used in the Alberta oil and gas industry, the Alberta Auditor General recommended that the Department of Energy and Alberta Energy Regulator work together to determine whether an assessment of such threats, risks and impacts should be undertaken.
It is currently unclear what impacts, if any, the forgoing recommendation may have on the regulatory regime affecting Alberta oil and gas operators. Nevertheless, the industry should be aware of the government’s interest in possibly implementing cybersecurity standards for oil and gas critical infrastructure in the province.