CRIN Logo - White Stacked

    Our Stories

    About CRINOur TeamMembershipOur StoriesFAQContact

    May 23, 2025


    IMG 0232

    Jeff Brown from Fortinet speaks at CRIN's Digital C3 event on May 21 at the Energy Transition Centre in Calgary.

    Bill C-26 & the Industry Shift: Protection, Progress & Possibilities


    CRIN hosted a discussion on May 21 focused on the transformative impact of Bill C-26 on Canada’s critical infrastructure.


    Nannette Ho-Covernton, engineer, sustainability leader, and Executive Director of the ETC Foundation at the Energy Transition Centre, hosted the conversation with Jeff Brown, a solution leader for Fortinet Operational Technology and Critical Infrastructure, a global leader in cybersecurity solutions.


    Bill C-26 – Protecting Canada’s Critical Infrastructure, completed third reading in the previous session of Parliament and is expected to return to the House of Commons for amendments.


    "You’re going to see a lot of changes happening” in terms of cybersecurity regulations once Bill C-26 passes, Brown said. He recommended getting a cybersecurity program in place as soon as possible.


    Some of the impacts of the bill include the fact that legal liability of cybersecurity will fall on executives and directors of governments, public companies, private companies, and corporations. Bill C-26 includes the enactment of the Critical Cyber Systems Protection Act (CCSPA), which will have effects on telecom services, transportation (air, rail, road, and sea), power and pipelines, nuclear energy, banking systems, and clearing systems.


    Brown outlined the following essential controls to secure Operational Technology (OT) environments:


    • Zones and conduits (or segmentation)

    • Secure remote connectivity

    • Deep OT visibility

    • Role-based access control

    • Endpoint security

    • NOC/SOC

    • Advanced persistent threat


    His five-step guide to OT network segmentation is:


    • Build an IT/OT team

    • Map your network

    • Design your segmentation plan

    • Deploy your plan

    • Enhance, maintain, and train


    He also shared some secure remote access best practices:


    • Implement zero trust (never trust, always verify)

    • Update remote access tools

    • Continuous monitoring and network visibility

    • Strong security policies and procedures

    • Enhance user awareness and training


    View the presentation slides here and the recording of the event here.
    Back to Our Stories