Cyberattacks from Russia pose the greatest risk to Canadian security, particularly those targeting critical infrastructure, according to a recent report tabled in the House of Commons.
On March 7, the House of Commons Standing Committee tabled its study entitled “Ready for the Challenge: Strengthening Canada’s Security Posture in Relation to Russia”, in which it makes recommendations to better protect the countries against cyberattacks.
In the face of malicious cyber activity originating from Russia – but also China, Iran and North Korea – operators of critical infrastructure should be more prepared to deal with cyber incidents, it reads.
“Cyberattacks by Russian criminal gangs have harmed Canadian municipalities, healthcare organizations and more, and cost tens of millions of dollars,” says David Shipley, CEO of Beauceron Security, who took part in this study.
However, it would seem that it is difficult to protect critical infrastructure in Canada, because 85% is privately owned. Each company is thus autonomous for prevention.
Critical infrastructure is present in multiple sectors: energy, utilities, food, among others. They are necessary to ensure health and safety, as well as the effectiveness of government.
“As an energy producer, Canada is more susceptible to attack,” University of Calgary expert Ken Barker said in testimony before the committee.
The study therefore recommends that critical infrastructure operators focus more on training and surround themselves with experts to deal with cyberattacks.
“There are many charlatans who improvise trainers. There should be a professional order in this industry,” warns Steve Waterhouse, cybersecurity expert.
Undisclosed cyberattacks
The committee also highlights the absence of binding legislation on the disclosure of cyberattacks.
“There are no regulations in Canada requiring – let alone obliging – owners and operators of critical infrastructure assets to report, prepare for, or prevent cybersecurity incidents,” the committee writes. , which recommends the imposition of a time limit.
It also proposes, among other things, to publish an annual report on cybersecurity threats, which would bring together the work and recommendations of the various agencies.
EXCERPTS FROM RECOMMENDATIONS FOR THE CANADIAN GOVERNMENT
- Publish an annual national cybersecurity threat assessment, bringing together the work of agencies and their recommendations. √ That owners and operators of critical infrastructure of all sizes have the cybersecurity specialists, expertise and resources they need to respond to a cyberattack.
- Establish timelines for reporting serious cybercrime incidents in critical infrastructure.
- Broaden the range of tools used to raise awareness among small and medium-sized businesses of the need to adopt cybersecurity standards, in addition to adopting tax measures to help them in this regard.
SOURCE: REPORT OF THE COMMITTEE ON PUBLIC AND NATIONAL SECURITY
PUBLIC INSTITUTIONS VICTIMS OF MANY ATTACKS
- Federal institutions were the target of 1,154 cyberattacks in 2021-2022. Of these, 869 targeted critical infrastructure.
- These data represent only the declared cases, according to Kyla Borden, the organization’s spokesperson, who specifies that the real figures are higher.
- Cybercriminals also launched 304 pieces of ransomware, half of which were directed at these same critical infrastructures.
SOURCE: COMMUNICATIONS SECURITY CENTER (CST)