The Energy Security Technical Advisory Committee (E-STAC) is an industry-based all-hazards information sharing group, which operates as the key hub for energy industry collaboration and strategic coordination with the Canadian federal government on energy sector-related security matters.
With an emphasis on cyber security issues, E-STAC provides a trusted forum for information exchange, enhancing cyber security maturity through the building of operational technical capacity, the development of human resources, policy development, and through collaboration across other critical infrastructure sectors.
The Canadian Gas Association spearheaded E-STAC in late 2023 in light of the accelerating rise of cyber incidents impacting the energy sector and in lock-step with the federal government’s intent to focus on the energy sector the way it has historically done with the telecom and finance sectors.
Leadership
Industry Chair: Enbridge Inc. (November 2023 – November 2026)
Pillars
E-STAC is built on four pillars which serve to direct the various activities of focus and to guide the way in which it conducts its business. These pillars are:
- Community
- Policy
- Technical
- Resourcing
Objectives
In regard to security and risk management issues affecting the energy sector, E-STAC operates with the following key objectives, organized along each of the four pillars:
| Pillar | Objective |
| Community | Exchange information among industry stakeholders |
| Community | Exchange information and advice between industry and Government of Canada |
| Technical | Enhance situational awareness of all-hazards |
| Resourcing | Ensure verified, skilled, and abundant resources are available |
| Community | Collaborate with other critical infrastructure sectors |
| Technical | Grow and build operational and tactical support initiatives and research |
| Policy | Identify and provide advice on remediating strategic gaps |
Membership
E-STAC industry membership is by invitation-only and includes organizations which produce, transmit, and distribute energy to meet the needs of the Canadian economy and public. Member organizations are represented by senior executives, such as Chief Technology Officers (CTO) and Chief Information Security Officers (CISO).
Government members
- Canadian Centre for Cyber Security
- Natural Resources Canada
- Public Safety Canada
- Canadian Security Intelligence Service (CSIS)
Industry members
- Canadian Gas Association
- CGA Enterprises Inc.
- Electricity Canada
- Enbridge Inc.
- Cenovus Energy Inc.
- Ovintiv Canada
- Tourmaline Oil Corp.
- Pembina Pipeline
- Baytex Energy Ltd.
- Vermilion Energy Inc.
- FortisBC Energy Inc.
- County of Vermilion River – Gas Co-op
- AltaGas Ltd.
- SaskEnergy
- Paramount Resources
- Keyera Corp.
- Kitchener Utilities
- Ontario Power Generation
- Irving Oil
- Suncor Energy Services Inc.
- ATCO
- Utilities Kingston
- Parkland Corporation
- TC Energy
- TriSummit Utilities
- ARC Resources Ltd.
- Cardinal Energy Ltd.
- Teine Energy
- Bruce Power
- Gibson Energy
- Whitecap ResourcesTM
- Rockpoint Gas Storage
- InPlay Oil
- NorthRiver Midstream
- Manitoba Hydro
- E-ISAC
TM Trademark of Whitecap Resources
Industry Associations
- Canadian Gas Association
- Electricity Canada
ISAC and Information Sharing Hubs
- DNG ISAC
- E ISAC
- IESO
Sector-Wide Cyber Security Benchmarking
Energy Sector Phishing (ESP) Barometer
Cornerstone Initiative:
The ESP Barometer is a leading initiative for cybersecurity awareness in the energy sector, rapidly expanding and recognized for its impact.
Collaborative Benchmarking:
It enables organizations to measure and compare their phishing susceptibility using standardized tests, ensuring fair and actionable benchmarking.
Actionable Insights:
Participants gain sector-wide visibility into key cybersecurity metrics, helping them identify gaps, prioritize improvements, and demonstrate program effectiveness.
Best Practice Sharing:
The program fosters best practice sharing, with top performers contributing strategies that help raise the bar for all participants.
Continuous Improvement:
Year-over-year trends reveal meaningful progress, supporting continuous improvement in awareness programs.
Strategic Value:
By joining, companies gain comparative insights, access to emerging best practices, and a role in shaping continental standards for cybersecurity awareness.
Future Expansion:
The program is expanding to include more industry associations, aiming to create a North American platform for cyber resilience. Contact us at Cyber@cga.ca to learn how to participate.
Cybersecurity Yearly Benchmarking Excellence “CYBEX”
CYBEX is an annual benchmarking project under the E-STAC program, designed to measure cybersecurity maturity across energy sector organizations. It evaluates staffing, budgets, frameworks, operational technology (OT) accountability, patching practices, and risk management.
Our annual CYBEX benchmarking project helps organizations measure and improve cybersecurity maturity across IT and OT environments. It’s a chance to see where you stand and learn from industry peers.
A sneak peek from this year’s results:
- Most participants are tightening patching timelines for critical systems.
- Budgets and staffing ratios show interesting trends—some organizations are investing heavily in OT security.
Your input shapes these insights. The more voices we have, the stronger the benchmark becomes. Join us in the next round and help raise the bar for cybersecurity excellence. Contact Cyber@cga.ca for more info.
Cyber Security Task Force
E-STAC has a Cyber Security Task Force (CS TF) at its disposal to action various cyber security focused initiatives. The CS TF has existed under CGA’s leadership since about 2013 and has conducted many cyber security-focused initiatives over the years, including the development of industrial control system cyber security guidance, C2M2 workshops, various webinars, the development of a technical information sharing initiative referred to as the Blue Flame Program, and others.
Publications
Members of E-STAC have either separately or collectively developed various resources for the sector. Some of these include:
- CGA Guidance for Cyber Security of Industrial Control Systems (March 2019)
- Quantum-Safe Playbook for CGA Members
Contact the E-STAC Secretariat.