Blue Flame Program
Cyber Security – A top priority for the Canadian Gas Association
Cyber security is a priority for CGA members and is part of the industry’s commitment to safety and resiliency. CGA’s members employ strong security programs to protect their systems and work closely with government partners to share information and best practices.
What is it? – A right-sized, Canadian community of trust
The Blue Flame Program (BFP) is a natural extension of CGA’s growing cyber security program. It is not another data feed — it is a sector-specific community of trust geared towards action. Members utilize a legal framework and an operational capacity to reduce cyber security risk and have facilitated access to an enhanced set of Canadian Centre for Cyber Security (Cyber Centre) services.
BFP brings together the Canadian natural gas industry and the Cyber Centre to share near real-time threat information and analysis. The two-way sharing increases the Cyber Centre’s visibility of the Canadian threat landscape, while providing specific actionable guidance to participating member companies, which will help reduce cyber vulnerabilities through more timely action and response to threats. Any one organization hit by a significant cyber-attack inevitably impacts others in the same sector. Full participation in the Blue Flame Program will increase security for all organizations, both large and small.
Overview – A service for CGA members and their supply chains (small/medium/large organizations)
- Member-specific tailored analysis
- Leveraging industry peers for efficiency
- Resource-light, cooperatively managed
- An industry/government trusted community
- Direct information sharing – connecting industry with Cyber Centre/Downstream Natural Gas Information Sharing and Analysis Centre
- Member-driven priorities and future development
Trust – Together, CGA and the Cyber Centre have developed the legal framework, including:
- NDA and Letter of Assistance agreements between member and Cyber Centre
- Sharing Agreement signed between member, the CGA and Cyber Centre to ensure privacy and manage information sharing
- Participants share, at their discretion, with Cyber Centre (no regulatory/law enforcement involvement)
- This is the first program of its kind in Canada’s oil and gas sector — cross-jurisdiction, association-based, full supply chain.
- Early participants will shape the future direction of this initiative and influence the Cyber Centre’s approach towards industry outreach.
- More cross-sector collaboration and participation will increase the baseline cyber security posture.
How can my organization participate?
To participate, CGA members must designate a BFP lead and sign the required legal agreements. Participants will complete the Canadian Cyber Security Tool (CSST) assessment managed by Public Safety Canada to identify goals. Contact firstname.lastname@example.org for more details.