Canada’s cyber spy agency is warning power companies, banks and other critical parts of Canada’s infrastructure and economy to beef up their defenses against Russia-based cyber threats as the Western world responds to Moscow’s invasion of Ukraine.
In a statement released Thursday, the Communications Security Establishment said that “in light of the ongoing unwarranted Russian military offensive in Ukraine”, it “strongly encourages all Canadian organizations to take immediate action and strengthen their online cyber defenses”.
Dan Rogers, associate chief of the CSE, said the agency monitors cyber threat activity directed against critical infrastructure networks, including those in the financial and energy sectors.
“I don’t know if I would say we expect an increase, but I would say that regardless of the context, we have seen and denounced Russian cyber activity in the past as being reckless,” Rogers said during a Thursday press briefing. afternoon.
“When we have a situation like the one we have now with Russia engaged in a conflict, we want to ensure that Canadian institutions have all the mechanisms possible to help defend themselves.”
His agency said it shares cyber threat intelligence with key partners in Ukraine and works with the Canadian Armed Forces through intelligence sharing, cyber security and cyber operations.
CSE has both active powers—allowing it to disrupt foreign online threats against Canadian systems—and defensive powers allowing it to act online to protect Canadian systems.
“I can’t speak to the specifics of operations or planning,” Rogers said. “I can say CSE is ready. We have cyber capabilities.”
The agency said while it was not aware of any specific threats to Canadian organizations related to events in and around Ukraine, it pointed to a historical pattern of cyberattacks against Ukraine and other countries. .
In 2017, for example, the CSE blamed Russian agents for the NotPetya malware, which primarily aimed to target Ukraine but also attacked finance, energy, government and infrastructure sectors around the world. whole.
Thursday’s warning is the agency’s third this year. It published a threat bulletin in January and another earlier this month for critical infrastructure operators.
Earlier today, Prime Minister Justin Trudeau announced a new round of sanctions against Russian entities after President Vladimir Putin launched a series of unprovoked attacks on Ukraine.
Christian Leuprecht, a security expert at the Royal Military College and Queen’s University, said Russian agents will continue to try to find weak spots.
The CSE statement is “clearly a signal that you need to make sure your employees are working this weekend. You can’t just automate that,” he said.
“The Russians kind of have a habit of attacking critical infrastructure at times when no one is watching. So you know…a Friday night.”
“Mission critical” systems
Ken Barker, professor of computer science at the University of Calgary, said the threat posed by Russia should force Canadian authorities to take cyber defenses more seriously.
“If we feel compelled to do this now, we should have felt compelled to do this two weeks ago,” he said.
“Because at the end of the day, these systems are vulnerable and they’re mission critical to the country, so we really need to make sure that we invest in securing and protecting them as we move forward.”
Barker said one such point of vulnerability is the link between operational and information technology systems.
“It’s endemic to all of our critical infrastructure, whether it’s power, hydro, anything that lights the house or heats it,” he said.
“If no one can physically access it, that’s inherently safe. The problem is what happens then is that information technology is now tied into it to make it work more efficiently… So now you have what is called the IT/OT vulnerability.”
The CSE said carriers should be prepared to isolate critical infrastructure components and services from the Internet and internal networks if those components “could be considered attractive to a hostile threat to disrupt.”
It calls on vulnerable organizations to be more vigilant by monitoring networks to quickly spot any unexpected or unusual network behavior and to have continuity plans in place in case of disruptions.
CSE urges organizations to report any incidents.
He said he would keep Canadian organizations informed of the threat through public alerts and protected channels.
Expected disinformation campaigns
While much of Thursday’s warning relates to IT teams, Leuprecht said Canadians should also be wary of false reports online.
“The average Canadian should be concerned about disinformation, misinformation and information laundering, which the Russians are actively spreading,” he said.
Leuprecht also said the average person needs to be on guard against malware and phishing attempts.
“Many people continue to work from home, making them unwitting conduits for bad actors to try to infiltrate businesses,” he said. “So every Canadian kind of has a role to play here.”