On May 31, 2025, Alberta’s new Security Management for Critical Infrastructure Regulation will come into effect. This Regulation is aimed at protecting essential facilities, such as pipelines and processing plants, from rising cybersecurity threats that can lead to significant operational disruptions and losses. Here’s the scoop on what to expect.
Key Points
- The Regulation targets critical infrastructure facilities as determined by the Alberta Energy Regulator (AER).
- Facilities must comply with security and cybersecurity measures outlined in the CSA Z246.1 standard.
- Organisations will need to develop incident management programs and name individuals responsible for security governance.
- The AER has the authority to demand compliance and can order shut downs of non-compliant facilities.
- Preparation involves reviewing and enhancing current cybersecurity protocols and fostering collaboration between IT and OT teams.
Why should I read this?
If you’re involved in energy sector operations or manage critical infrastructure, this article is a must-read! The new regulations could significantly impact how your organisation handles cybersecurity—big changes are coming, and being informed can save you from potential upheavals down the line. We’ve distilled the essentials so you don’t have to wade through legal jargon; keep your business ahead of the curve with our handy breakdown.
