A new study points to concerns about the security of Canadian infrastructure, corporations and individuals from foreign hackers.
The Canadian Centre for Cyber Security, is a division of the Communications Security Establishment, one of Canada’s security agencies.
In the CCCS’s latest report on national threats, it identifies four nations as posing ‘state-sponsored’ threats in hacking computerised infrastructure. The report names China, Russia, Iran and North Korea.
In the second ever National Cyber Threat Assessment Report (NCTA) published Wednesday, the countries are named for the first time noting those countries “pose the greatest strategic threats to Canada”, adding, “state-sponsored cyber activity is generally the most sophisticated threat to Canadians and Canadian organizations”.
Though the threats are similar to those in the 2018 report, this one notes the difference now is in the “intensity and level of sophistication” of the attacks.
It says cybercrime is the greatest issue to individual Canadians through ransomware and fraud but notes that ransomware targetting corporations and critical infrastructure providers will continue as disruption of service or rebuilding networks may be more costly and time consuming than paying the ransom.
It also warns that State-sponsored actors will almost certainly continue to conduct commercial espionage against Canadian businesses, academia, and governments to steal Canadian intellectual property and proprietary information including intellectual property related to combatting COVID-19 and that the threat is even greater for Canadian organizations that operating abroad or working directly with foreign state-owned enterprises.
Another concern is online foreign influence in domestic affairs, not limited to elections.
An increasing concern involves attacks on physical infrastructure and processes which continue to be connected to the internet. As an example the report states, “We judge that state-sponsored actors are very likely attempting to develop the additional cyber capabilities required to disrupt the supply of electricity in Canada.”
The report states that previously, critical infrastructure like operating technology for dams, electricity delivery, municipal water supply, pipelines etc were largely protected from hacking as they were not generally connected to the internet. That however is changing
” The safety of Canadians depends on critical infrastructure (e.g., energy, water), as well as consumer and medical goods (e.g., cars, home security systems, pacemakers, etc.), many of which are controlled by computers embedded within them. Increasingly, these computers are being connected to the Internet by their manufacturers, sometimes unbeknownst to consumers, to enable new features or provide data to a third party. However, once connected, these infrastructure and goods are susceptible to cyber threat activity, and maintaining their security requires investments over time from manufacturers and owners that can be difficult to sustain.
The paper suggests the risk is low right now, but that awareness of the potential needs to increase and the issues should be dealt with now before they become a major threat.
- Canadian Centre for Cyber Security: National Cyber Threat Assessment 2020
- CBC: C Tunney: Nov 18/20: State-sponsored actors ‘very likely’ looking to attack electricity supply, says intelligence agency
- PostMedia: C Nardi: Nov 18/20: China, Russia, Iran, North Korea are Canada’s ‘greatest strategic threat’: CSE report
- CTV: R Aiello: Nov 18/20: Cybersecurity agency calls out four countries as the ‘greatest strategic threats’ to Canada