#CyberFLASH: Alarming gaps in cyber security identified by a new survey of Canadian energy companies

Alberta-Energy-to-discuss-cyberthreats-on-oil-and-gas-infrastructureOnly one in five Canadian energy companies could respond and recover quickly from a cyberattack, according to Deloitte Canada’s 2015 Cybersecurity survey for Alberta’s auditor general.

This is Deloitte’s first assessment of IT security risks to Alberta’s oil and gas industrial control systems (ICS), which are devices that control pumps and valves, detect leaks in pipeline operations, among other functions. The study found that right now, attacks on industry exploiting unsecured ICS are not common and may not be an immediate risk to Alberta’s oil and gas industry, but that doesn’t mean it should rest easy.

“If those who want to harm Alberta’s oil and gas industry obtain the skills needed to do so, the risks to Alberta increase,” the report authors stated.

In 2010 the world learned that a virus, called Stuxnet, successfully attacked ICS used in Iranian nuclear facilities. The Stuxnet virus attacked programmable logic controllers, a type of ICS which is also readily used in oil and gas operations.

Recently, a German steel mill was attacked by manipulating and disrupting ICS so that a blast furnace could not be shut down, resulting in “massive physical damage.”

Alberta is not immune to security risks targeting ICS. According to the auditor general report, a sophisticated cyber attack was detected against a Calgary-based company that supplies ICS remote administration and monitoring tools and services to the energy sector in Alberta. 

Read more here

#CyberFLASH: Spy agency consulted regularly with energy firms

9020272

The chief of Communications Security Establishment Canada, the agency behind alleged industrial espionage against Brazil, insists all of its activities are legal, as details emerged Wednesday that CSEC had participated in private meetings between Canadian security agencies and energy companies.

Canadian Energy corporations acknowledged Wednesday they do, indeed, meet with security officials from CSEC and other departments, but said these are only to identify security threats and find ways to develop counter-measures to protect their operations.

Citing documents obtained under access to information laws, The Guardian newspaper in London reports federal government ministries, spy agencies – including CSEC – the RCMP and representatives from several energy companies, who were granted high-level security clearance, have met twice a year since 2005.

The federal meetings with energy industry officials were to discuss “threats” to energy infrastructure and “challenges to energy projects from environmental groups,” as well as “cybersecurity initiatives” and “economic and corporate espionage.”

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.