Canada's operational technology infrastructure faces an evolving regulatory landscape where federal and provincial jurisdictions create complex oversight challenges for critical infrastructure operators. Bill C-26 represents the federal government's first comprehensive attempt to establish cybersecurity obligations for essential services sectors, introducing accountability requirements for telecommunications, transportation, financial services and energy operators. The legislation creates new powers for government intervention while establishing incident reporting frameworks designed to enable centralized threat analysis and response coordination.

The panelists will cover the following discussion points in the session:

• Bill C-26's current status following parliamentary prorogation and its core provisions for critical cyber system protection across federally regulated sectors;
• Learning from NERC CIP and TSA approaches to create bottom-up regulatory frameworks that reflect operational realities and technological evolution;
• Defining OT scope, establishing criticality assessments and balancing compliance requirements with risk-based security approaches.