Cybersecurity | The federal government wants to put big energy companies on notice

(Ottawa) Security officials met with top executives from energy and commodities companies to brief them on cyber threats. This is part of the federal government’s strategy to reduce risks in this sector.

A memo from the Ministry of Public Safety, obtained by The Canadian Press, reveals that the secret meeting, which took place in June, is part of a strategy aimed at raising awareness among company management about the dangers of malicious cyber activity.

The confidential discussions were hosted by the Ministry of Public Safety, the Ministry of Natural Resources and the Communications Security Establishment (CSE), Canada’s cyberspace spy agency.

The Canadian Center for Cyber ​​Security at CSE indicated, in an assessment published earlier this year, that “cybercrime activities motivated by financial gain, more particularly business email compromise and ransomware, are the main cyberthreat targeting the oil and gas sector.

According to him, this sector will continue to be targeted by state-sponsored cyberespionage for commercial or economic purposes.

“Proprietary trade secrets, research, and business and production plans are also at risk,” the report says.

The Department of Public Safety memo, written earlier this summer, noted that Suncor Energy and the Nunavut Energy Corporation had been targeted by cyberattacks this year.

The ministry is also considering other strategies, including closer exchanges with industry, universities, provinces and territories in a common forum.

The goal is to “talk to senior company executives, not just technical experts who are already aware of the threats,” the note adds.

“Talking to senior management is crucial to embedding security across the entire business ecosystem and ensuring a collective approach to strengthening our resilience. »

Industrial associations, government agencies and ministries also participated in the June meeting. Among the participants was Enbridge’s chief information officer, the company acknowledges.

“We have a dedicated team of cybersecurity experts and a powerful cybersecurity program in place that continuously monitors cyber threats,” emphasizes Enbridge. We work with governments and regulatory agencies and participate in external activities to share information and learn things that can help us improve our defense. »

The Canadian Parliament is considering a legislative measure aimed at enacting the Cyber ​​Systems Protection Act to establish a regulatory framework for the protection of critical cyber systems in the federally regulated private sector

The Ministry of Public Safety believes this law will prevent cybercrime activities from undermining the country’s pipeline network.

Several civil society groups have called for amendments to the bill, saying it can infringe on privacy and undermine the principles of accountability and justice.

The Energy Authority will be one of the federal agencies that will have to ensure compliance with the next law.

The June meeting prompted the Régie’s former CEO, Gitane De Silva, to request a meeting with the Ministry of Public Safety and the CSE to discuss collaboration between the three organizations and the role of the Régie.

Mme De Silva, who has left his post since this request, declined to comment.

A spokesperson for the Régie, Amanda Williams, says the agency met with companies under its jurisdiction to “confirm expectations regarding cybersecurity.”

source site-55