#CyberFLASH: Canada’s energy sector braces for rising threat from activists


Canadian security experts are increasing their vigilance against activists’ threats to the country’s energy infrastructure, as civil-liberties advocates worry about the use of improper surveillance on peaceful opponents to major projects.

In what is billed as a training workshop, Carleton University’s Infrastructure Resilience Research Group is playing host to a closed-door conference on Monday and Tuesday for lawyers, police, regulators and industry representatives on “the challenges of dealing with natural resource development projects and activism.”

One of the organizers, professor emeritus Martin Rudner, said there are significant threats from “domestic extremists” to Canada’s energy infrastructure, including pipelines, generating stations and transmission lines. Prof. Rudner is active on several industry-government-academic networks that consult on protection of critical infrastructure, including the energy and utilities-sector network managed by Natural Resources Canada.

“A lot of these concerns are overblown,” Ottawa lawyer Paul Champ said. He is a board member of the British Columbia Civil Liberties Association that has alleged RCMP and the Canadian Security Intelligence Service (CSIS) engaged in illegal surveillance of Canadians protesting against Enbridge Inc.’s proposed Northern Gateway pipeline.

The lawyer acknowledged there can be serious threats to existing critical infrastructure – both physical and cyber, from both domestic sources and foreign ones – and that they must be monitored and dealt with. But he said police and security agencies should not be involved in gathering intelligence against opponents of specific resource projects.

Read more here

#CyberFLASH: Infrastructure sectors face potentially crippling ‘insider’ cyberthreat, feds warn

electrical-grids-jpg-size-custom-crop-1086x706OTTAWA—Federal officials have quietly warned operators of electrical grids, transportation hubs and other key infrastructure of the cyberthreat from insiders who could unleash devastating viruses and cripple systems, internal government notes reveal.

Crucial networks that Canadians rely on for everyday needs face a “substantial threat” from rogue employees out to wreak digital havoc, warn the Public Safety Canada briefing notes.

“The insider threat is difficult to detect and can cause real damage.”

No special hacking skills are required, just a portable memory key loaded with a malicious code. As a result, it is important that organizations have the right security protocols and procedures, “for example by limiting access to systems only to those who genuinely need it.”

A federal briefing on the insider threat was delivered last December to leaders of the 10 most crucial infrastructure sectors, the notes say.

They point out that over 90 per cent of critical infrastructure — key to delivering everything from food and clean water to banking and health services — is controlled by the private sector and all of it is dependent in one way or another on information technology to operate. Many critical infrastructure sectors are interdependent, meaning a problem in one could have a “cascading impact” in others.

The notes, prepared earlier this year for Monik Beauregard, a senior assistant deputy minister at Public Safety Canada, were obtained by The Canadian Press under the Access to Information Act.

Read more here

#CyberFLASH: Cybersecurity threat ‘keeps us up at night,’ says Hydro Ottawa CEO

hydro-commandAs the electricity grid becomes more and more connected to the internet, Hydro Ottawa says it’s investing heavily to protect the system from cyber attacks.

“It’s huge,” said Hydro Ottawa CEO Bryce Conrad of cybersecurity. “It keeps us up at night.”

Conrad described how someone sitting in a bedroom at a computer on the other side of the world can try to hack into a utility’s information systems and do damaging things — like take down a grid.

“There are lots of examples out there where this has come true.”

And Conrad says he doesn’t pretend it can’t happen in Ottawa.

“We’re a G7 capital, so we’re not just Hydro Ottawa, we’re the provider of electricity to a G7 capital. If you don’t have electricity in the morning, you’re not doing a whole lot,” he added.

Connecting customers while preventing attacks

Cybersecurity is detailed as a risk facing the utility in the five-year strategy document that Hydro Ottawa tabled earlier this week at an Ottawa city council meeting.

The strategy describes an industry in the midst of transformation in which electricity systems are converging with, and are increasingly dependent on, information technology.

Read more here

#CyberFLASH: Critical Infrastructure And Cyber Threats

Q9DataCentreCritical infrastructure, such as the energy sector, financial systems, government operations, national security, transportation networks, water supply, blood supply and the health system, is fundamental to our daily life. It is also heavily dependent on cyber networks. Threats to cyber networks are increasing in number, frequency and impact. Cyber attacks originate from various persons including financial opportunists, activists or government, and the motives for such attacks are equally varied. Motivation for cyber attacks include financial gains, political statements, destructive intentions and power. The nature of the attacks and their targets correspond with the motives of the attacks.

A cyber attack that shuts down, disrupts or manipulates operations relating to electricity, power, water supply, blood supply or financial systems, for even a few hours, can have wide-ranging and significant results.

Threats to cyber networks and the corresponding cyber security has become a critical issue among government leaders from industrialized nations, as well as within the international economic unions and community, often resulting in cyber threats and cyber security being an agenda item during their summits. The Canadian government has also declared that cyber security is a key threat to its economy and critical infrastructure. The United States has declared that cyber security is one of the most serious economic and national security challenges it faces, which has resulted in both domestic and international cyber security initiatives. The European Union has pushed for directives that would require harmonized rules on cyber security among member states.

At this point, all critical infrastructure operations and industries must have cyber threats as one of their key risks to manage with the corresponding cyber security measures as an integral and pervasive part of their operations. The approach to preventing and reacting to cyber security threats should be informed, without ego, built into the fabric of all of the business operations and ongoing.

Read more here

#CyberFLASH: Carleton professor fights cyberattacks from Orléans

tony-bailetti-cybersecurityBehind locked doors at a municipal building in the Ottawa suburb of Orléans, Tony Bailetti is quietly working on a plan to turn Canada into a global powerhouse for fighting cyberattacks.

The professor is known for nurturing more than 200 companies in his job straddling Carleton University’s business and engineering departments.

These days, he jokes that he practically sleeps at VENUS Cybersecurity, a non-profit hub he created in a former town council office.

Bailetti is preoccupied by much more than malicious software nabbing credit card data from retailers like Target.

His eye is on big intrusions — the idea that cyberattackers could take down power grids and water systems, or remotely take over control of cars from their drivers.

And his goal is to have Canada “playing with the bigger boys and girls” to tackle the global problem of cybersecurity in fewer than five years.

“The people who have investments in critical infrastructure — we will be the go-to guys,” Bailetti said.

‘Bell-Northern Research of cybersecurity’

VENUS Cybersecurity was announced to great fanfare at a press conference at Ottawa’s City Hall in November 2013.

Politicians boasted that VENUS would create much needed jobs in the eastern suburb — and Bailetti has done that, though these are no run-of-the-mill jobs.

He has assembled some two dozen bright minds, many who have PhDs or are graduates of Carleton’s technology innovation management program. Some do research and development. Others conduct tests offsite.

Read more here

#CyberFLASH: Alarming gaps in cyber security identified by a new survey of Canadian energy companies

Alberta-Energy-to-discuss-cyberthreats-on-oil-and-gas-infrastructureOnly one in five Canadian energy companies could respond and recover quickly from a cyberattack, according to Deloitte Canada’s 2015 Cybersecurity survey for Alberta’s auditor general.

This is Deloitte’s first assessment of IT security risks to Alberta’s oil and gas industrial control systems (ICS), which are devices that control pumps and valves, detect leaks in pipeline operations, among other functions. The study found that right now, attacks on industry exploiting unsecured ICS are not common and may not be an immediate risk to Alberta’s oil and gas industry, but that doesn’t mean it should rest easy.

“If those who want to harm Alberta’s oil and gas industry obtain the skills needed to do so, the risks to Alberta increase,” the report authors stated.

In 2010 the world learned that a virus, called Stuxnet, successfully attacked ICS used in Iranian nuclear facilities. The Stuxnet virus attacked programmable logic controllers, a type of ICS which is also readily used in oil and gas operations.

Recently, a German steel mill was attacked by manipulating and disrupting ICS so that a blast furnace could not be shut down, resulting in “massive physical damage.”

Alberta is not immune to security risks targeting ICS. According to the auditor general report, a sophisticated cyber attack was detected against a Calgary-based company that supplies ICS remote administration and monitoring tools and services to the energy sector in Alberta. 

Read more here

#CyberFLASH: Cyber security review still in early days, Public Security officials tell Senate

ralph-goodale.jpg.size.xxlarge.letterboxSpeaking before a Senate committee on national defence Monday, Monik Beauregard said that the department is under a tight timeline to review its efforts and get a report to cabinet.

But Beauregard said the department is still trying to figure out how wide or narrow the review will be.

“At this point, we’re all looking at the scope of the reviews and thinking about how to carry it out,” Beauregard told senators Monday evening.

In his mandate from the prime minister, Public Safety Minister Ralph Goodale was asked to lead the review into critical infrastructure protection, in co-ordination with five of his cabinet colleagues.

“Critical infrastructure” has a broad definition, but is typically thought of as systems, networks, facilities and assets essential to public safety, national security, and economic interests of Canada. That includes everything from bridges to roads, but also data centres, financial networks, and natural resources projects.

The new Liberal administration promised to revisit a number of controversial public safety measures introduced by the previous Conservative government, including plans to protect those pieces of critical infrastructure.

Read more here

#CyberFLASH: IoT holds great promise for cities, but don’t spy on people

IMG_0397-e1449500476571-620x250Today’s urban centres face myriad problems; strained and dated infrastructure (roads, sewers, and transportation, electrical and communication systems) are further taxed by the escalating demands placed upon them by ever-increasing populations. While cities are looking to deliver more services and new, better infrastructure, they are constrained by limited funding and dealing with citizens who “want what they want, and they want it now.”

That’s according to Kathryn Willson, program director of Microsoft CityNext. Speaking at Technicity, an event co-hosted by IT World Canada and the City of Toronto last week, Willson provided concrete examples of how the Internet of Things has been put to use in cities around the globe – reducing dependencies on resources, creating efficiencies, and saving costs. IoT is providing viable, sustainable solutions that will help municipalities meet the needs of its citizens – and save the environment, she told the audience.

Take for example the city of Helsinki, Finland, which reduced the fuel consumption of its bus network. While GPS devices were already in use and the city had a good handle on where buses were, city officials sought to answer the question of ‘how’ buses were moving, looking specifically for areas of high-fuel consumption. Additional sensors were added to the accelerators, brakes and inside the engine compartment to measure temperature. Two actionable items were identified from the data, the first being a driver-training program. The second item related to construction of roads. The outcome: Helsinki reduced fuel consumption of its bus fleet by five per cent – saving millions of Euros as a result, she said.

Then there’s Paris, which has an electric-car-sharing program with 4,300 charging stations and 2,300 vehicles. People in the community subscribe to this service. The city’s goal is to have 25,000 gasoline cars off the road by 2023, reducing carbon emissions by 75,0000 metric tons. In addition, with improved customer satisfaction and fewer cars on the road, this new optional mode of transportation is benefitting citizens as owning a car in Paris costs about 5,000 Euros a year, while this program costs about 900 Euros.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.