The recent revelation of leaked U.S. intelligence documents suggesting that Russian-backed hackers gained access to Canada's natural gas distribution network has raised concerns about the vulnerability of critical infrastructure. While cybersecurity experts acknowledge the ongoing targeting of energy sectors worldwide, they emphasize the contrast between accessing a network and causing physical harm or disrupting energy supply
The Disconnect between Access and Impact:
Lesley Carhart, Director of Incident Response at industrial cybersecurity firm Dragos Inc., emphasizes the disparity between gaining access to a computer network and orchestrating meaningful physical consequences. She claims that, while cybercriminals frequently infiltrate industrial facilities, the mere act of manipulating systems does not necessarily lead to significant outcomes. Industrial sites are designed with multiple layers of safety protocols and equipment, enabling them to withstand human error and equipment failures. Therefore, gaining access to a computer server does not guarantee the capability to cause a significant impact on the infrastructure.
Ongoing Cyber Threats:
Geoffrey Cann, an author and speaker specializing in digital issues affecting the oil and gas industry, emphasizes that Canada's energy sector is frequently targeted by cybercriminals seeking financial gain and state-sponsored hackers aiming to create chaos. Given the routine targeting of energy infrastructure globally, it is unsurprising that Canada is also a prime focus. Cann stresses that the issue of cybersecurity is a board-level topic within the industry, highlighting the awareness of the risks faced by oil and gas companies.
Lessons from the Colonial Pipeline Attack:
The 2021 ransomware attack on the Colonial Pipeline in the United States, which temporarily halted pipeline operations, serves as a pertinent example of a cyberattack on oil infrastructure. This incident revealed the potential vulnerabilities within critical energy infrastructure and the significant disruptions that can occur. However, it is essential to note that the incident required a specific set of circumstances to achieve its impact. Industrial facilities have robust safety measures in place, making it difficult for cybercriminals to cause immediate and severe consequences.
Layers of Protection and Low Probability:
Carhart emphasizes that industrial facilities are built to be highly secure, with numerous safety measures and redundant systems. It would take extensive knowledge of a company's internal processes and equipment, which may require years to acquire, to orchestrate a successful cyberattack. Moreover, the probability of a hacker significantly disrupting Canada's energy supply for an extended period is considered extremely low. The vastness of the infrastructure and the comprehensive safeguards in place make a large-scale and sustained disruption highly improbable.
While the revelation of Russian-backed hackers gaining access to Canada's natural gas distribution network is concerning, cybersecurity experts stress the distinction between network access and the ability to cause substantial physical damage or disrupt energy supply. Industrial facilities are designed with multiple layers of protection, making it challenging for cybercriminals to orchestrate impactful incidents without extensive knowledge and preparation. While the risks of cyberattacks on Canada's energy infrastructure cannot be ignored, the probability of a significant and sustained disruption remains low. Vigilance, investment in robust cybersecurity measures, and ongoing collaboration between industry and security agencies are key to safeguarding critical infrastructure in an increasingly digital world.
This blog was written by the Activated Solutions team. If you are a business owner or an individual concerned about your cybersecurity, it's time to take action. Activated Solutions can help you to protect your business and personal data from potential cyber threats.
Contact Activated Solutions today to learn more about how they can help you protect your business. With our expertise and commitment to cybersecurity, you can have peace of mind knowing that you are taking proactive steps to protect yourself and your business from potential data breaches.
For more information, please visit: activatedsolutions.ca.
Sources
Stephenson, Amanda, and Max Fawcett. “Energy industry routinely targeted by cyberattacks, experts say.” National Observer, 10 April 2023, https://www.nationalobserver.com/2023/04/10/news/energy-industry-cyberattacks-experts.
Comments