Ontario Critical Infrastructure Assurance Program Strategy

Acknowledgements

Ontario’s Critical Infrastructure Assurance Program (CIAP) would like to acknowledge the support provided by Public Safety Canada, and in particular the Ontario Region Office, for their assistance and support in the development of the CIAP

Vision

Ontario’s critical infrastructure will become disaster resilient and sustainable during threats from all hazards through the collaborative effort of government and the private sector.

Background

During emergencies, the people of Ontario expect that Ontario’s critical infrastructure will continue to function, regardless of which organizations own or operate the component parts. They expect government to play a leadership role and to collaborate with the private sector to assure the continuity of services on which they depend.

To meet the challenge of these expectations, the Province of Ontario has developed the Ontario Critical Infrastructure Assurance Program (OCIAP), a province-wide program that identifies and assesses Ontario’s key facilities, systems and networks, and their inter-dependencies, and provides a strategy to assure their continuance during threats from all hazards.

Aim and objectives

The aim of the OCIAP is to increase the resiliency of the province’s critical infrastructure, so that it is more sustainable during an adverse event.

Objectives

The central objectives of the OCIAP are to:

• engage the owners and operators of critical infrastructure (public and private) in a comprehensive provincial approach
• focus efforts to assure infrastructure assets of the greatest criticality and vulnerability
• increase communication and collaboration within and between sectors to share information on critical infrastructure risks and interdependencies and to address threats and hazards
• collaborate with all levels of government and the private sector to develop and promote best practices to assure critical infrastructure

Definitions

Critical infrastructure (CI) is defined as interdependent, interactive, interconnected networks of institutions, services, systems and processes that meet vital human needs, sustain the economy, protect public health, safety and security, and maintain continuity of and confidence in government.

Critical Infrastructure Assurance is defined as the application of risk management and business continuity processes for the purpose of reducing the vulnerabilities of critical infrastructure by decreasing the frequency, duration, and scope of disruption and facilitating preparedness, response and recovery.

Key principles

The OCIAP incorporates the key principles of risk management, business continuity, and collaboration.

The program is part of comprehensive emergency management and is integral to the five components of emergency management: prevention, mitigation, preparedness, response and recovery. However, the majority of work in critical infrastructure assurance occurs prior to an event, and is addressed in the prevention and mitigation components.

Approach

Assuring Ontario’s critical infrastructure is not — and cannot be — solely the responsibility of the Ontario Government. Since the majority of the province’s critical infrastructure is owned or operated by the private sector, and regulatory, licensing and inspection authorities are shared amongst all levels of government; government and the private sector must work collaboratively to undertake this task.

The goal of collaboration is to develop an open and trusting communication network to permit the sharing of information amongst participants.

Critical infrastructure can be damaged, destroyed or disrupted by natural hazards and humans, and technology caused activity accordingly, the program assesses the potential likelihood and impact for all three categories.

Reporting structure

Consistency of the OCIAP with a comprehensive provincial emergency management program will be ensured through a formal structure.

There will be a sector working group for each of the identified critical infrastructure sectors. Sector working groups will report to the Critical Infrastructure Assurance Steering Committee (CIASC), which oversees the coordination and development of the OCIAP. The CIASC reports to the Emergency Management Coordinating Committee (EMCC), which is tasked with the coordination and development of emergency management programs, policies, plans and procedures in Ontario.

Core Activities

The OCIAP is comprised of the following core activities:

Activity 1: Form sector working groups

The program will be delivered through sector working groups, one for each of the identified critical infrastructure sectors. Sector working groups will be led by provincial ministry representatives and will consist of appropriate representatives from all levels of government and the private sector.

Activity 2: Identify and assess critical infrastructures - their dependencies & interdependencies

This activity will be achieved through the sector working groups, who will: identify the key elements of their sector, identify critical elements, determine critical element dependencies and interdependencies, and assess the vulnerabilities, threats and ensuing risks to the critical elements. The OCIAP interdependencies modelling software will assist sector working groups in identifying and analyzing sector interdependencies and consequences of cascading critical infrastructure failure.

Activity 3: Identify assurance solutions to mitigate risks to critical infrastructure

This activity will be achieved through the sector working groups. Sector vulnerabilities identified and assessed will be the basis for determining best practices to prevent and/or mitigate threats to sector critical elements.

Activity 4: Refine, enhance and promote best practice in critical infrastructure assurance

This activity will be achieved through the sector working groups providing critical infrastructure owners and operators with information produced by the respective groups; the Critical Infrastructure Assurance Steering Committee facilitating research and development; and through the Critical Infrastructure Program Staff of Emergency Management Ontario (EMO) producing program awareness information and tools to address risk management and critical infrastructure assurance.