Public Safety committee  Yes, as my colleague mentioned, the majority of attacks are on IT networks; they're ransomware, typically by cybercriminals and nation-states. We don't have all of that information at our fingertips, but that is the kind of information that we work closely on with the Canadian Centre for Cyber Security, which does collect that information.

Public Safety committee  That's a pipeline that was in the United States, so non-officially but certainly through various working relationships that we have with our staff in different departments, we've learned about that incident. However, I'm not prepared to comment on the details of that.

Public Safety committee  Yes, certainly, I can clarify my remarks. The energy sector is a target; there's no question. In answering the question, generally, there is no reporting requirement on cybersecurity incidents currently to the Canada Energy Regulator. What we do is work closely with regulated companies and the cyber centre, and we encourage voluntary reporting between our company and the cyber centre, and they create non-disclosure agreements.

Public Safety committee  I think the way the situation is now, in terms of reporting to the CER, there is no mandatory cybersecurity reporting, unless it meets a definition in the onshore pipeline regulations for another type of incident, such as operation beyond design, or something more significant. That information is reported voluntarily to the cyber centre, and again, they produce reports.

Public Safety committee  I certainly think that, through the bill, it could be more structured and more formalized. Then those mechanisms would be in place to share that information officially. As you can appreciate, some of this information comes with some cautions in terms of how widely it can be shared due to confidentiality.

Public Safety committee  Thank you. We work closely with the Transportation Security Administration and the PHMSA—the Pipeline and Hazardous Materials Safety Administration. Primarily, within Canada, we work very closely with the Communications Security Establishment and their cyber centre to make sure we're in alignment internally.

Public Safety committee  Thank you for the question. To date, the Canada Energy Regulator has no evidence of any cybersecurity incidents suffered by regulated companies that have affected the operation of a pipeline—in other words, their operational technology network. Admittedly, we also have had no reported incidents that have caused a cybersecurity event.