Advertisement

Canadian Centre for Cyber Security warns infrastructure at risk from cyber attacks

Click to play video 'Gov’t agency warns infrastructure at risk from cyberattacks' Gov’t agency warns infrastructure at risk from cyberattacks
WATCH: The Canadian Centre for Cyber Security’s new report says the most pressing threat to Canadians is from hacked infrastructure – Nov 20, 2020

A new report from the Canadian Centre for Cyber Security warns state-sponsored actors are likely developing the ability to launch cyberattacks against the country’s infrastructure and that hacked systems presents the most pressing threat to Canadians’ physical health.

The report, which is called the “National Cyber Threat Assessment 2020,” states that “(s)tate-sponsored actors are very likely attempting to develop cyber capabilities to disrupt Canadian critical infrastructure, such as the supply of electricity, to further their goals.”

Read more: ‘State-sponsored actors’ could target Canada’s power grid, intelligence agency warns

The report states the fusion of information technology (IT) with operational technology (OT), which it defines as “a broad term that refers to technology used to control physical processes such as dam openings, boiler activities, electricity conduction, and pipeline operations,” creates new vulnerabilities.

Story continues below advertisement

Exposing utilities, like water systems of the power grid, to the internet could make it accessible to attacks.

“The most pressing threats to the physical safety of Canadians are to OT and critical infrastructure,” it states.

Tom Keenan, a computer systems professor at the University of Calgary, said that risk extends to the whole of the country.

“I think it’s a 100 per cent likely that bad guys somewhere in the world are looking at critical infrastructure in Saskatchewan,” he said, speaking over Zoom from Calgary.

“We know this because they look at everything.”

Click to play video 'Cyberattack shuts down Saskatchewan Polytechnic' Cyberattack shuts down Saskatchewan Polytechnic
Cyberattack shuts down Saskatchewan Polytechnic – Nov 3, 2020

The report identifies Russia, Iran, North Korea and China as the likely suspects to commit an attack and also notes the likelihood of one occurring is low.

Story continues below advertisement

Keenan concurs but says Canadians and Canada’s companies must prepare regardless.

“Your lights go off, your freezer doesn’t freeze anymore, it’s the middle of the winter and you can’t pump any gas at the gas station, if you shut down the power grid, the potential is there to bring your country to its knees in a couple of hours.”

Read more: Canadian ambassador granted virtual visits to 2 Michaels detained in China

He added that Canada’s ongoing diplomatic spat over China’s detention of Canadian citizens Michael Kovrig and Michael Spavor – an apparent act of retaliation for Canada arresting a high-profile Chinese national on a U.S. extradition warrant – could worsen and become the inciting incident for a cyber attack.

“What the (Communications Security Establishment, the body that oversees the cybersecurity centre) is suggesting in their report, if things got sufficiently worse, this might be one of the things that could be used as a lever against the country,” he said.

The anonymity of a cyberattack makes it appealing for states, he added.

“It’s just another weapon and it’s a good weapon to use in some ways because it’s often hard to prove who did it.”

When asked by Global News, spokespeople for SaskTel, SaskWater, SaskPower and SaskEnergy all said their systems are secure — but did not answer a question about whether they had experienced a cyberattack.

Story continues below advertisement

Keenan said they should be prepared for one and noting previous hacks in the international arena.

Read more: Cyberattack shuts down Saskatchewan Polytechnic

He need not look so far away. Sask PolyTech was hacked at the start of November.

He said Canadian cybersecurity requires stringent defence, national coordination and for the integration of IT and OT to be done properly, not cheaply.

“This common, off-the-shelf technology (used to make infrastructure accessible to the internet) that we’re talking about, it’s based on Eunix and other operating systems that lots of people know about, so there’s a security risk.”