Critical Infrastructure Cybersecurity
Written July 25, 2022
Canadian Critical Infrastructure Cybersecurity Posture
The current host of sophisticated, frequent, and evolving cybersecurity threats keep the information security sector on high alert. The world faces ever-more complex and costly cyberattacks involving phishing, malware, and artificial intelligence that place critical infrastructure, government data, corporate information assets, and individual details at constant risk. This trend calls for both the public and private sector security experts to employ an interconnected and collaborative strategy to secure IT assets, particularly the critical infrastructure.
The Government of Canada’s National Strategy for Critical Infrastructure and Supporting Action Plan establishes a collaborative federal, provincial, territorial, and critical infrastructure sector approach for strengthening critical infrastructure resiliency. To keep pace with the rapidly evolving risk environment, a primary element of the national approach is an Action Plan that builds on a central theme of sustainable partnerships and improved information sharing and protection. The government promotes collaboration with sector networks to facilitate private sector initiatives within federal, provincial, and territorial jurisdictions to safeguard critical infrastructure.
At the national level, Canada’s National Strategy for Critical Infrastructure classifies critical infrastructure within energy and utilities, finance, food, transportation, government, information and communication technology, health, safety, water and wastewater, and manufacturing. Cyber threat activities against critical infrastructure can have severe and wide-reaching consequences, including the potential to compromise national security and public safety. The proliferation of malicious cyber tools gives opportunities to both experienced and less sophisticated threat actors targeting critical infrastructure.
How prepared is Canada towards protecting its critical infrastructure? A review of previous attacks shows the importance of protecting these sectors.
The Energy Services Sector
As cyber threats evolve with today’s fast-changing technology, there is a great need to protect the cyber systems underpinning Canada’s energy infrastructure and services to prevent disruption that would affect daily lives or put the national security and economic well-being at risk.
The Canadian Center for Cyber Security’s Cyber Threat Bulletin reports that cyber threats against Canada’s electricity sector involved fraud and ransomware attempts. Besides, the energy sector has suffered espionage and pre-positioning by state-sponsored actors. The report also reveals that low sophistication hacktivists, terrorists, and disgruntled individuals could cause reputational damage to the energy sector. Russian state-sponsored cyber actors conducted extensive cyber espionage campaigns against Canadian energy sector companies between 2014 and 2017. The cybercriminals employed Havex malware to search for ICS components. On April 30, 2020, hackers launched ransomware, encrypting the Northwest Territories Power Corporation’s business systems and website.
In line with the National Strategy for Critical Infrastructure goal, Canada’s Minister of Natural Resources, Seamus O’Regan Jr., announced over $375,000 in funding for the Universite de Sherbrooke to collaborate with Hydro-Sherbrooke to improve Quebec’s second-largest electricity distribution network’s cybersecurity. This initiative asserts the government’s efforts to promote multidisciplinary teams to design and develop methods that leverage cutting-edge technologies, such as machine learning and artificial intelligence, to identify and mitigate potential critical infrastructure cybersecurity threats automatically. Additionally, the Cyber Security and Critical Energy Infrastructure Program (CCEIP) received $2.42 million over five years to enhance domestic and cross-border energy infrastructure cyber resilience.
The Financial Services Sector
The Standing Committee on Public Safety and National Security studied cybersecurity in the financial sector as a national security issue to identify dangers and propose concrete preventive and protective measures to deter cyber threats. According to their report, adherence to sound security practices in the sector is challenging due to significant technological advancements and evolving threats. To make further inroads in domestic and international markets, businesses collaborate with financial institutions and fintech offering secure online payments and mobile transactions. Such an ecosystem constitutes a large attack surface.
Cybercriminals compromised the data of more than 90,000 customers at the Bank of Montreal and the Canadian Imperial Bank of Commerce in one of the significant assaults on financial institutions in the country. The victims believe the attack originated from outside the country. Meanwhile, the Bank of Canada (BoC) is fending off approximately 1 million cyber-attacks per day.
The Health Services Sector
In the last two years, cybercriminals have targeted many Canadian health organizations with ransomware attacks. A case in point is the three Ontario hospitals that were victims of ransomware attacks in 2019. Hackers compromised eHealth Saskatchewan that manages Ontario’s personal and medical records in 2020. They also targeted Nova Scotia and exposed information about patients’ surgeries.
In March 2020, the federal government’s Canadian Center for Cybersecurity issued an alert about the elevated risk of health organizations involved in the COVID-19 pandemic response. Sophisticated threat actors attempt to steal COVID-19-related intellectual property, including research and sensitive data on the country’s response to the virus situation.
The Food and Agriculture Sector
With increased cyberattacks from foreign hackers, it makes one think, is the food industry facing cybersecurity risks? In various ways, cyber threats pose the same safety risks that food companies mitigate every day. The food and agriculture industry is vulnerable to cyber incidents that could result in public health risks.
Some of the security risks in the food and agriculture sector include theft, public exposure, falsification, data loss, and data manipulation. The industry’s threat actors include foreign hackers, disgruntled employees, cybercriminals, competitive spies, or extremist food activists. The potential consequences of an attack on the industrial control systems in the food industry include contaminated food, physical harm to workers, destroyed plants and equipment, environmental damage, and massive financial losses. Therefore, the sector should evaluate various cyber threats, assess the likelihood of occurrences, and establish reliable risk mitigation strategies.
The Water and Wastewater Systems Sector
Cybersecurity experts in North America are on high alert after a threat actor compromised the water treatment plant in a city near Tampa. The attacker modified the chemical balance used to treat drinking water in the plant serving more than 15,000 area residents. The post-attack analysis reveals the hackers’ ability to access computers controlling water treatment systems remotely and make changes that pose risks to public safety. Canadian water and wastewater treatment facilities are aware of such hazards, risks, and threats since they have diligently shared knowledge with other stakeholders.
The Transport Systems Sector
A hacking group published information stolen from Manitoulin Transport, one of Canada’s largest trucking companies. The victim is the sixth Canadian supply chain company to see its information posted by ransomware threat actors. A different hacking group leaked data from TFI International’s Canpar Express in an attack that targeted the company’s parcel and courier subsidiaries. In other incidents, cybercriminals have compromised data from carriers Fuel Transport and Indian River Express.
The Government Facilities Sector
Cybercriminals targeted the Canadian government in 2020, disabling several government services. The Treasury Board Secretariat revealed that approximately 11,000 online government services accounts belonging to the Government of Canada Key Services (GCKey) and Canada Revenue Agency (CRA) were victims of cyberattacks last year. CRA discovered signs of credential-stuffing attacks on their website, where hackers attempted to use previously stolen credentials to access victims’ accounts.
Cyber threat actors struck Ontario municipal government’s 11 servers with ransomware compromise two years ago. The hackers used encryption malware that prevented officials from access the organization’s data and disrupted local authorities’ operations. After more than a month of consultations and negotiations, municipal authorities paid the malicious actors three bitcoins valued at $34,950 back then to regain access to four servers holding confidential information.
Canadian Telecommunication Services
Canadians rely on telecommunication services to conduct business and communicate with each other. The sector plays an essential role in helping build a safer, more secure, and resilient Canada. Telecommunication service providers enable communication among other critical sectors, placing them in a unique position for both the country and cybercriminals. Uninterrupted communication is essential to conduct government operations, commerce, and emergency services.
Therefore, disruption of telecommunication services could result in adverse economic effects and significant harm to public confidence. As the country increasingly depends on telecommunication services, hackers devise new and sophisticated attacks, targeting physical and cyber components. The sector should invest in cybersecurity measures that reduce the risk of unplanned disruption and financial loss caused by cyberattacks.
The impact of a cyber incident on manufacturing operations is significant since it can result in unplanned downtime, unauthorized system use, loss of confidential information and intellectual property, reputational damage, and financial loss. More and more companies are not immune to cyberattacks, including manufacturers.
Although the national cybersecurity strategy encourages organizations to improve cybersecurity readiness, a recent survey shows that only 60 percent of firms have a written cybersecurity program. Besides, just 57 percent have appointed a cybersecurity official to lead security efforts. According to the research, other critical infrastructure firms are in better shape since they have bigger cybersecurity budgets and are often regulated than manufacturing companies. Organizations should invest in measures and solutions that secure industrial control systems to protect manufacturing plants from frequent and sophisticated cyber threats. Physical safety and cybersecurity are crucial for industry 4.0 manufacturing firms with network integration and production automation.
Enhancing Critical Infrastructure Cybersecurity
As cyberattacks continue to evolve and increase, Canada requires a collaborative effort among private and public sectors to achieve resilience in critical infrastructure cybersecurity. Critical infrastructure stakeholders can implement security best practices to mitigate cyberthreats. For instance, they can ensure proper configuration and patch management, reduce attack surface areas, whitelist applications, deploy a layered network, implement strong authentication, employ secure remote access, and monitor systems to detect attacks. Besides, such organizations should maintain an updated incident response strategy to respond to attacks.
One security measure that stands out in critical infrastructure protection is identity access management (IAM). As cybersecurity threats increase and become sophisticated, and as compliance mandates and regulations evolve, there is increased pressure for critical infrastructure services to update their legacy systems and networks. Fortunately, an integrated and access governance management strategy is at the core of a robust cybersecurity program for critical infrastructure.
As critical infrastructure organizations experience rapid digital transformation, they require changes in managing their workforce and delivering access to critical networks, applications, and data. Implementing an integrated IAM strategy responds to this need. The security measure also handles security requirements for a gradually developing workforce that includes employees, vendors, partners, and contractors, each with their own set of access requirements and restrictions.
KeyData’s Integrated Identity and Access Governance Management Strategy for CIs
Building on the collaborative work among partners to strengthen critical infrastructure resilience, KeyData Associates offers integration and management of critical infrastructure’s identity and access management and operational risk management. We provide a risk-based framework and unique methodology, along with our in-depth expertise and experience in the areas of identity and access management (IAM), privileged account management (PAM), enterprise and cloud security management (ECSM), and customer identity and access management (CIAM). KeyData offers a complete set of services for IAM, PAM, ECSM, and CIAM, including consulting and advisory, systems integration (design, development, implementation), and fully managed services (on-prem, off-prem, and cloud), to help critical infrastructure services to achieve operational efficiency, risk mitigation, and continuous compliance.