Absolutely.
We have two programs. One that I mentioned is the regional resilience assessment program, or RRAP, as we call it. There is a physical security and a cybersecurity component to that. These are programs that, in the case of the RRAP, go out to all 10 CI sectors across the country in all regions of the country. It has done, as I mentioned, a number of assessments at various CI facilities. There is a very robust physical security assessment, which looks at the typical “guards, gates and guns” type of approach. It's a 1,500-question set that we use to sit down with CI owners and operators.
That is supplemented by what we call the Canadian cyber-resilience review. It's a cyber-based question set focusing on cyber hygiene and cybersecurity posture. In addition to that, we've onboarded a new tool this year called the network security resilience assessment, which is able to plug into the facility's networks and look for weaknesses and vulnerabilities. That's also being used by the Canadian Centre for Cyber Security. We are collaborating and liaising in that respect.
In addition to that, we undertake critical infrastructure impact assessments that look at cascading impacts across sectors. Again, we take an all-hazards approach to our work. If there is an earthquake, a flood or some other type of disruption—blockades are a good example from the last few weeks—we will look at the nature of the threat or the hazard and then look at other sectors where there will be a domino effect, if you will, in terms of interdependencies and impacts that might happen in other sectors with ultimately impacts on Canadians resulting from the disruptions to CI that deliver services to them.