Saturday 24 May 2014

Cyber threats to critical energy projects up sharply over five years


Cyber threats to critical energy infrastructure in Canada have risen significantly in the past five years, with the most advanced attacks coming via state-sponsored cyber espionage, federal records show.
A briefing memo to the deputy minister of Natural Resources Canada says terrorist use of the Internet and cyber crime by organized groups are also on the rise and that the trend is a major worry for governments and businesses.
Canada, the U.S. and private companies in both countries have partnered to try to meet these threats. However, the memo explains that cyber threats are a “growing concern” to critical energy infrastructure systems in Canada, such as power grids and oil and gas pipelines, and that incidents have risen significantly over the past half-decade.
The Citizen obtained the briefing material using access to information law.
“The most sophisticated cyber threats come from the intelligence and military services of foreign states. In most cases, these attackers are well resourced, patient and persistent. Their purpose is to gain political, economic, commercial or military advantage,” says a presentation to the deputy minister.
“All technologically advanced governments and private businesses are vulnerable to state sponsored cyber espionage. These attacks have succeeded in stealing industrial and state secrets, private data and other valuable information.”
The briefing material, from fall 2013, explains that terrorist networks also are moving to incorporate cyber operations into their own strategic doctrines, and are using the Internet to support recruitment, fundraising and propaganda.
“Terrorists are aware of the potential for using the Western World’s dependence on cyber systems as a vulnerability to be exploited,” says the briefing material.
Earlier this week, the U.S. charged five Chinese military officers with stealing trade secrets from six U.S. nuclear, steel and clean-energy companies. It marks the first time the U.S. has charged specific foreign government officials with criminal cyber hacking. China denies the charges, calling them absurd.
The Canadian Security Intelligence Service (CSIS) has warned that some state-owned foreign companies have been pursuing “opaque agendas” in Canada and that attempts by some state-owned firms to acquire control over strategic sectors of the Canadian economy pose a threat to national security.
Canada remains an attractive target for economic espionage, CSIS has warned, because the country is a world leader in areas including mineral and energy extraction.
“I do believe that cyber espionage is on the same plane today, on the same level of national security threat, as is terrorism and the public safety question,” Ray Boisvert, former assistant director with CSIS, told the Citizen.
“It’s much bigger than we all really knew and understood and now it’s starting to emerge more and more,” added Boisvert, president of I-Sec Integrated Strategies, a company specializing in countering cyber threats.
The federal government is working closely with Canadian energy and utility companies, and with U.S. federal agencies to monitor and address cyber security threats to critical energy infrastructure, says the briefing material.
Canada has created a national cyber security strategy and action plan to protect critical infrastructure. Energy companies also have an agreement with the RCMP to share information through the Suspicious Incident Reporting System.
According to the briefing notes, the most common types of cyber incidents between July and September 2013 were “malicious code/compromise,” which accounted for 55 per cent of the incidents (no total number of incidents is provided), and “phishing/targeted” emails, at 28 per cent.
Boisvert said the charges this week by the U.S. against Chinese officials are meant to help fight state-sponsored cyber attacks by publicly shaming countries. The number of cyber threats has been dramatically rising because hostile countries have realized how valuable cyber attacks are in obtaining economic advantages, he said.
“The West really had its guard down and we were very much focused on terrorism because that was the issue, and companies as well were not thinking about cyber (security),” he said.
jfekete@ottawacitizen.com
Twitter.com/jasonfekete

Canada’s cyber security strategy focuses on three areas:

1. Securing government systems.
2. Partnering with the private sector to secure vital cyber systems outside government.
3. Helping Canadians be secure online

Types of cyber threats to Canada’s critical energy infrastructure

1. State sponsored cyber espionage and military activities:
“The most sophisticated cyber threats come from the intelligence and military services of foreign states,” according to Natural Resources Canada. “Their purpose is to gain political, economic, commercial or military advantage.”
2. Terrorist use of the Internet:
“Terrorist networks also are moving to incorporate cyber operations into their strategic doctrines. Among many activities, they are using the Internet to support their recruitment, fundraising and propaganda activities.”
3. Cybercrime:
“Organized criminals have expanded their operations into cyberspace. The more sophisticated among them are turning to skilled cyber attackers to pursue many of their traditional activities, such as identity theft, money laundering and extortion.”

No comments:

Post a Comment