Skip to content

Attack that held U.S. pipeline hostage could happen in Canada: cyberprotection chief

Health-sector organizations are popular ransomware targets because they have significant financial resources
25273483_web1_2021052419050-60ac308c6626820c274537fcjpeg
A computer wrapped in padlocked chains is seen in Montreal in a Dec. 14, 2012, photo illustration. The sort of brazen digital attack that recently shut down a key U.S. energy pipeline could strike Canada, says the head of the federal cyberprotection agency. THE CANADIAN PRESS/Ryan Remiorz

The sort of brazen digital attack that recently shut down a key U.S. energy pipeline could strike Canada, says the head of the federal cyberprotection agency.

“The fact is, it can happen anywhere,” said Scott Jones of the Canadian Centre for Cyber Security. “I’d be lying if I said something other than that, but I’m not gonna lie.”

The operator of a major pipeline in the United States took its system offline this month after hackers infiltrated its computer systems. The company paid US$4.4 million to the criminals so it could quickly restore the vital fuel link.

In its most recent report on the threat landscape, the Centre for Cyber Security underscored concerns about ransomware attacks, in which swindlers hold data or computer systems hostage in exchange for payment.

It noted that three Ontario hospitals and a Canadian diagnostic and specialty testing company were victims of ransomware attacks in late 2019, as well as a medical company in Saskatchewan early last year.

Health-sector organizations are popular ransomware targets because they have significant financial resources and network downtime can have life-threatening consequences for patients, increasing the likelihood that victims will pay the ransom, said the centre’s report, released last November.

It predicted ransomware attacks directed against Canada would almost certainly continue to target large enterprises and critical infrastructure providers.

For Jones, taking steps to ward off these attacks is crucial.

“How do we prevent that compromise from reaching that level? How do we get to the information-sharing level we need to so that we catch it early?” he said.

“If we can make it more expensive and risky for the cybercriminals to go after an organization, they’ll move on to something else that’s less risky.”

Jones and John Lambert, vice-president of the Microsoft Threat Intelligence Center, recently spoke to The Canadian Press about their collaborative efforts to ensure the security of Canadian government and private-sector agencies.

The Cyber Security Centre’s 2020 threat report said the state-sponsored programs of China, Russia, Iran, and North Korea pose the greatest strategic danger to Canada. But it stressed the most likely threat would be the persistent efforts of criminals to steal personal, financial and corporate information.

Lambert expressed concern about criminal actions like the recent U.S. pipeline episode.

“While traditionally some of the most sophisticated threats that organizations have worried about might be linked to nation states, these incidents show that ransomware attacks are just as devastating, and potentially more so,” Lambert said.

Jones said one defensive tactic is to make it harder for the cybercriminals — taking away their opportunities by encouraging agencies and businesses to adopt robust security practices.

Moving data into the digital cloud, for instance, can be a viable option for small businesses that lack in-house information-technology expertise, he suggested.

The Trudeau government recently signalled it is pressing ahead with efforts to counter economic-based threats to national security, such as theft of valuable intellectual property and damage to critical energy and information networks.

Public Safety Canada said it would guide development of a comprehensive framework across the government to deal with the broad range of risks to Canada’s economic well-being.

No matter the type of electronic system to be defended, government, industry and academia must work together and exchange information, Jones said.

“And we need to be able to exchange it early. Not, ‘Oh, three months ago, I was hit and here’s what it looked like.’”

Rather, rapidly comparing notes can be pivotal, Jones said.

“When you look at the partnership we have with John’s team, we do that all the time: ‘We’re seeing something very strange. What are you seeing? How can we share?’”

Jim Bronskill, The Canadian Press