The Canadian government is on “high alert” for cyberattacks by Russia and others amid a global threat environment that continues to shake the foundations of the post-second World War international order.
Public Safety Minister Marco Mendicino issued the warning during an appearance at the House of Commons public safety committee on Thursday morning. He told members of the committee that the threat is not just to the federal government but also to provinces and critical infrastructure.
“I cannot emphasize enough how important it is that, in the current geopolitical environment in which we find ourselves, that we are very much on high alert for potential attacks from hostile state actors like Russia,” said Mendicino.
He described those attacks as potentially coming in the form of cyberattacks and ransomware “which look to identify potentially valuable targets to Canadian interests like critical infrastructure but equally, to sub-national targets, different orders of government, different sectors to the economy.”
His comments come as the committee studies the nature of the threats posed by Russia to Canada.
Those threats have sharpened over recent months following Russia’s bloody and unprovoked invasion of Ukraine, a sovereign democracy, during which the Kremlin and its actors have targeted Ukrainian infrastructure using cyberattacks.
Global Affairs Canada was also hit with a cyberattack in January, just as tensions with Russia over fears of an imminent invasion were peaking.
In April, the Canadian Centre for Cyber Security issued a public advisory in coordination with counterparts in allied countries warning Canadians of an “increased risk to critical infrastructure organizations globally” from Russian state-sponsored actors as well as those working with them.
But under Canadian law, there is no obligation on companies or service providers to report if they are the target of a cyberattack, including ransomware.
Mendicino said that could change.
“I absolutely think it’s something that we need to be considering, for sure,” he said in response to a question about whether it should be mandatory to report cyber attacks.
“It’s an option that we are considering very carefully.”
Canadian critical infrastructure and governments have been hit with repeated cyberattacks over recent years. Among those are Toronto’s Humber River Hospital, the Toronto Transit Commission, beef producer JBS Canada, the City of Saint John in New Brunswick, and multiple small municipalities and towns.