#CyberFLASH: Alarming gaps in cyber security identified by a new survey of Canadian energy companies

Alberta-Energy-to-discuss-cyberthreats-on-oil-and-gas-infrastructureOnly one in five Canadian energy companies could respond and recover quickly from a cyberattack, according to Deloitte Canada’s 2015 Cybersecurity survey for Alberta’s auditor general.

This is Deloitte’s first assessment of IT security risks to Alberta’s oil and gas industrial control systems (ICS), which are devices that control pumps and valves, detect leaks in pipeline operations, among other functions. The study found that right now, attacks on industry exploiting unsecured ICS are not common and may not be an immediate risk to Alberta’s oil and gas industry, but that doesn’t mean it should rest easy.

“If those who want to harm Alberta’s oil and gas industry obtain the skills needed to do so, the risks to Alberta increase,” the report authors stated.

In 2010 the world learned that a virus, called Stuxnet, successfully attacked ICS used in Iranian nuclear facilities. The Stuxnet virus attacked programmable logic controllers, a type of ICS which is also readily used in oil and gas operations.

Recently, a German steel mill was attacked by manipulating and disrupting ICS so that a blast furnace could not be shut down, resulting in “massive physical damage.”

Alberta is not immune to security risks targeting ICS. According to the auditor general report, a sophisticated cyber attack was detected against a Calgary-based company that supplies ICS remote administration and monitoring tools and services to the energy sector in Alberta. 

Read more here

#CyberFLASH: Halifax International Security Forum cyberattack just a “server issue”

n-ONLINE-SPYING-largeThe website of the Halifax International Security Forum was offline for hours Saturday morning, prompting officials to call it an “attack by an external threat.”

However, that claim was later revised by a statement that read: “rumours of our being under some form of cyberattack turn out to have been a miscommunication about an internal server issue.”

Last year’s security forum saw a true online attack. Members of ISIS began sending tweets with their promotional videos alongside the security forum’s official hashtag “#HISF2014.” The hashtag was rendered essentially unusable by officials after ISIS flooded it with so much content that was contrary to the messaging of the conference.

Throughout this year’s online outage, users were unable to access the forum’s website. However, the live video feed remained online for most of the morning, except for a brief outage around noon.

Read more here

#CyberFLASH: CSE says Snowden leaks eroding spy agency’s long-term advantage over terrorists

snowden-onlinedatabase-20150304Canada’s electronic spy agency says leaks by former U.S. intelligence contractor Edward Snowden have “diminished the advantage” it enjoyed over terrorists and other targets, both in the short term and — of more concern — well into the future.

In newly released briefing notes, the Communications Security Establishment says Snowden’s disclosures about CSE’s intelligence capabilities and those of its allies “have a cumulative detrimental effect” on its operations.

The Ottawa-based CSE monitors foreign communications of intelligence interest to Canada, and exchanges a large amount of information with partner agencies in the United States, Britain, Australia and New Zealand.

The notes, obtained by The Canadian Press under the Access to Information Act, were among the briefing materials prepared for CSE chief Greta Bossenmaier’s March 25 appearance before the House of Commons committee on national defence.

Canada spying

Documents Snowden handed to the media revealed the U.S. National Security Agency — the CSE’s American counterpart — had quietly obtained access to a huge volume of emails, chat logs and other information from major Internet companies, as well as massive amounts of data about telephone calls.

The documents also suggest Canada helped the United States and Britain spy on participants at a London G20 summit and that the CSE devised a sophisticated spy operation against Brazil’s ministry of mines and energy.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.