Edmonton sits at the operational centre of Canada's energy industry. Alberta's Industrial Heartland, located immediately northeast of Edmonton in Strathcona County, is Canada's largest hydrocarbon processing region. More than 40 major industrial facilities operate here, including upgraders, refineries, petrochemical plants, fertiliser production facilities, and speciality chemical manufacturers. Combined with the refinery and industrial operations in the greater Edmonton area, this region represents one of the highest concentrations of complex OT environments in the country.
The operational technology running these facilities, from DCS platforms managing continuous upgrading processes to safety instrumented systems protecting against hazardous chemical releases, faces a growing cybersecurity threat environment. The Canadian Centre for Cyber Security has identified nation-state actors actively conducting reconnaissance against Canadian industrial infrastructure, and ransomware groups that previously targeted IT environments are now deploying OT-capable tools designed to reach process control systems.
We provide OT cybersecurity assessments, IEC 62443 alignment, and OT security program development for industrial operators in Edmonton and Alberta's Industrial Heartland, delivered remotely and on-site.
The OT Cybersecurity Risk Landscape in Edmonton and Alberta's Industrial Heartland
Upgraders and Heavy Oil Processing
Alberta's bitumen upgraders convert oil sands bitumen into synthetic crude and refined products through high-temperature, high-pressure processes managed by distributed control systems. These are continuous operations running 24 hours a day with planned shutdown windows occurring annually or less frequently. The combination of continuous operations, process-critical control systems, and legacy DCS platforms running firmware that cannot be patched without extended shutdown creates a security environment where compensating controls at the network and access layer are the primary available mitigation.
Petrochemical and Chemical Manufacturing
Petrochemical facilities in the Industrial Heartland produce ethylene, polyethene, ammonia, urea, and a range of speciality chemicals. The control systems managing these processes include both continuous DCS control for core production units and batch control systems for downstream processing. Many facilities also operate safety instrumented systems with SIL-rated functions protecting against hazardous material releases, over-pressurisation, and runaway reactions.
Refining Operations
The Edmonton area's refinery complex processes Alberta crude into transportation fuels and petrochemical feedstocks. Refinery OT environments include both ageing legacy control systems that have been in service for decades and newer DCS platforms managing recently expanded units. The heterogeneous OT environment that results creates a segmentation challenge: different vendors, different patching cycles, and different security capabilities across a single facility's control network.
Compliance Framework for Edmonton and Industrial Heartland Operators
| Standard / Regulation | Applies To | Key Requirement |
|---|---|---|
| CCCS Industrial Control Systems Security Guidelines | All Canadian critical infrastructure operators | Network segmentation, asset inventory, detection and response capability |
| IEC 62443 | Industrial automation and control system operators | Zone and conduit architecture, Security Levels, patch and access management |
| Alberta Energy Regulator (AER) operational security requirements | Alberta oil and gas and industrial operators | Control system integrity, operational data protection |
| EPA-equivalent Canadian Environmental Protection Act (CEPA) | Chemical manufacturers above reporting thresholds | Hazardous material handling, release prevention, and emergency response |
| Responsible Care (Chemistry Industry Association of Canada) | Chemical manufacturers | Process security, emergency preparedness, and community awareness |
Industries We Serve in Houston and the Texas Energy Corridor
OT Cybersecurity Services for Edmonton and Industrial Heartland Operators
OT Risk Assessment and Gap Analysis
A structured gap assessment maps your current OT security controls against IEC 62443, CCCS guidelines, and Alberta-specific operational requirements. For Industrial Heartland facilities running continuous processes, the assessment accounts for the specific constraints of operations that cannot be paused for security testing. The deliverable is a risk-prioritised remediation roadmap with action items sequenced by operational impact and remediation urgency.
Safety Instrumented System Security
SIS security is a specific competency that requires understanding both the functional safety requirements of IEC 61511 and the cybersecurity requirements of IEC 62443. For Edmonton-area petrochemical and chemical operators, we assess the security of safety system networks and implement compensating controls that protect SIS integrity without interfering with safety function performance. This is the intersection of functional safety and cybersecurity that distinguishes industrial OT security from generic IT security.
IEC 62443 Zone and Conduit Architecture
Upgrader and petrochemical facilities in the Industrial Heartland typically run multiple distinct process units, each with its own control system, connected through a facility-wide historian and operations network. IEC 62443 zone and conduit design provides a structured method for segmenting these units, limiting lateral movement between process areas, and controlling data flow between the OT network and corporate IT systems.
OT Vulnerability Assessment
Passive vulnerability assessment identifies security gaps across your OT asset base without disrupting live process operations. For Edmonton-area facilities running Emerson DeltaV, Honeywell Experion, ABB System 800xA, or Yokogawa CENTUM platforms, we cross-reference installed versions against current vendor security bulletins and CCCS advisories to identify which CVEs are present and which are exploitable given your network architecture.
Network Segmentation and IT/OT Integration Security
Industrial Heartland facilities increasingly integrate OT data with corporate business systems for production reporting, energy management, and asset optimisation. Each integration point between the OT network and the IT network is a potential lateral movement pathway. We review and design IT/OT integration architecture that uses DMZ design, data diodes, and one-way gateway technology to provide data flow without creating a bidirectional attack pathway.
Frequently Asked Questions
OT assessments at continuous process facilities are conducted using passive methods that do not interact with live control system devices. Network traffic analysis, documentation review, configuration review via engineering workstations, and architecture interviews with OT engineers and operations personnel allow us to develop a comprehensive security picture without introducing any risk to process operations. On-site work is scheduled around shift handovers and planned activities to minimise disruption.
Unpatched OT systems are common in continuous process environments, and the risk varies significantly based on network architecture. If your Experion network is properly segmented from both the IT network and from vendor remote access pathways, the exploitability of known CVEs is lower. If there are unsegmented connections between the Experion network and other networks, the risk of those CVEs being reachable is substantially higher. The right first step is an architecture review that determines exploitability before concluding on remediation urgency.
IEC 61511 defines the functional safety requirements for safety instrumented systems: how they are designed, what SIL rating they need to achieve, and how their safety function integrity is maintained. IEC 62443 defines the cybersecurity requirements for the same systems: how the SIS network is segmented, how access is controlled, and how the integrity of the safety logic is protected from unauthorised modification. Both apply to petrochemical SIS installations. An SIS that meets its IEC 61511 SIL requirements but lacks IEC 62443-aligned cybersecurity controls is protected against process hazards but not against deliberate cyberattack.
Yes, and smaller operators are often more exposed, not less. Larger operators typically have dedicated OT security teams and regulatory pressure that drives investment. Smaller operators frequently have the same OT connectivity vulnerabilities with fewer resources to manage them. The threat actors targeting industrial infrastructure use automated scanning to identify exposed OT assets regardless of company size. A gap assessment is a practical starting point that scales to your operation size and risk profile.
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}
.png){kind=logo}