#CyberFLASH: Alarming gaps in cyber security identified by a new survey of Canadian energy companies

Alberta-Energy-to-discuss-cyberthreats-on-oil-and-gas-infrastructureOnly one in five Canadian energy companies could respond and recover quickly from a cyberattack, according to Deloitte Canada’s 2015 Cybersecurity survey for Alberta’s auditor general.

This is Deloitte’s first assessment of IT security risks to Alberta’s oil and gas industrial control systems (ICS), which are devices that control pumps and valves, detect leaks in pipeline operations, among other functions. The study found that right now, attacks on industry exploiting unsecured ICS are not common and may not be an immediate risk to Alberta’s oil and gas industry, but that doesn’t mean it should rest easy.

“If those who want to harm Alberta’s oil and gas industry obtain the skills needed to do so, the risks to Alberta increase,” the report authors stated.

In 2010 the world learned that a virus, called Stuxnet, successfully attacked ICS used in Iranian nuclear facilities. The Stuxnet virus attacked programmable logic controllers, a type of ICS which is also readily used in oil and gas operations.

Recently, a German steel mill was attacked by manipulating and disrupting ICS so that a blast furnace could not be shut down, resulting in “massive physical damage.”

Alberta is not immune to security risks targeting ICS. According to the auditor general report, a sophisticated cyber attack was detected against a Calgary-based company that supplies ICS remote administration and monitoring tools and services to the energy sector in Alberta. 

Read more here

Police computer system flaws spark probe by auditor

doyle-jpg

Troubling security flaws within the B.C. government’s justice computer system have prompted the auditor general to probe the province’s massive police computer database.

Auditor general John Doyle said he has started gathering information on the PRIME B.C. computer system, which shares millions of police files, criminal records, aliases and other sensitive data between municipal police departments and RCMP detachments.

Read more here

Auditor General struggles to determine if cyber-security dollars had desired effect

OTTAWA—Auditors were unable to determine whether hundreds of millions of dollars in spending on cyber-security had its intended effect because of a lack of details from departments on how the cash was used, the auditor general says.

Michael Ferguson’s fall report found that of the $780 million in one-time spending approvals — and a further $200 million in ongoing spending — federal departments could only identify $20.9 million that had actually gone towards cyber-security over the last decade.

Read more here

Canada still vulnerable to cyber-attacks, says auditor general

OTTAWA — The federal government’s inability to protect its own networks and critical infrastructure from cyber-threats was laid bare Tuesday, after Canada’s auditor general pointed to holes in the country’s cyber-security strategy despite more than a decade of work and almost $1 billion spent.

The auditor’s fall 2012 report put a renewed focus on cyber-security at the federal level, as governments around the world continue to face cyber-based attacks. With more of the federal government’s business going online, critics argued the report showed how far behind Canada is on cyber-security. Federal officials told the auditor general they feared the “cyber threat environment is evolving more rapidly than the government’s ability to keep pace,” his report said.

Governments are “starting to understand the nature of the threat” they face, said Nart Villeneuve, a senior threat researcher with TrendMicro in Toronto, but he added the federal government still has a way to go to prove it can keep sensitive information secure. It failed to do so, for instance, in a January 2011 cyber-attack on Treasury Board and Department of Finance systems.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.