Hydro Ottawa integrates cybersecurity into practices to guard against emerging threats

A graphic of a lock highlighted by blue lights.

Preventing outages and restoring power usually invokes images of work crews clearing fallen trees and connecting wires atop utility poles. But behind the scenes, Hydro Ottawa has a highly skilled cybersecurity team protecting the city’s electricity grid.

“It used to be that physical security was the big thing, where it’s a lot easier now to look at it from a cyber perspective,” says Jojo Maalouf, Hydro Ottawa’s Manager IT Security. “Because all a hacker needs, basically, is a computer and access to the internet to do damage.”

While the odds of an attack on the city’s power supply may seem remote, hackers have previously targeted utilities in other parts of the world. Earlier this year in Ukraine, a malicious strain of software crippled networks, affecting a number of government offices, a major airport and several energy companies. The software also made its way to Russia, Germany and, to a lesser extent, the U.S. It’s attacks like these that Mr. Maalouf and his team work to defend Ottawa, and Canada more broadly, against.

“Of all the critical infrastructure programs or businesses, electricity is probably the most important,” says Mr. Maalouf. “Maybe people take it for granted because, in our day and age, we always have electricity. Just think about the repercussions if something were to happen, maybe a cyber hack or something similar, where we don’t have power.”

He points out that Ottawa, as home to many of the nation’s sensitive government agencies, is in especial need of protection. To ensure this, Hydro Ottawa has had a cybersecurity program in place since 2011.

“We’re very much on the preventive and detective side of things,” explains Mr. Maalouf. Hydro Ottawa’s program integrates cybersecurity into all of its operations including: people, process and technology.

One way Hydro Ottawa works to prevent cyber attacks is to have employees complete security awareness training. Mr. Maalouf points to phishing as a very real threat to their network. Phishing refers to an attempt to glean sensitive information from a user by posing as a trustworthy organization, most often through email. In many cases, simply clicking a link can grant malicious software access to an organization’s network. “These types of attacks now are just the cost of doing business,” says Mr. Maalouf. “You'd have to be naive to think that these things aren’t occurring.”

Hydro Ottawa has staked its claim as a leader in the Canadian energy sector’s cybersecurity front through engagement with both industry and government agencies.