The threat of cyber attacks on Canadian civil society
by Ryan Atkinson/CAF (feat. Barry Cooper)
March 12, 2017
The Canadian Security Intelligence Service (CSIS) released its Public Report for 2014-2016, outlining the most prominent threats to Canadian national security. Cyber threats are listed as a major concern, threatening industries in energy and utilities, information and communication technology, finance, health, food, water, transportation, safety, government, and manufacturing. The report warns of Canada being targeted by hostile actors using Computer Network Operations (CNO), a broad term for tools and processes used to gain strategic advantage in digital networks.
Minister of Foreign Affairs, Chrystia Freeland, spoke in the House of Commons about the threat of state-sponsored espionage, acknowledging “efforts, as U.S. intelligence forces have said, by Russia to destabilize the U.S. political system,” adding that “Canadians and, indeed, other Western countries should be prepared for similar efforts to be directed at us.” This demonstrates the need for Canada to further develop cyber capabilities to defend against espionage attempts like those experienced in the United States last year. American intelligence agencies concluded that Russia influenced the election by hacking and leaking Democratic emails tilting public opinion in favour of Donald Trump. Minister Freeland’s comments come as Canada extends the duration of its military training mission in Ukraine until 2019.
Economic espionage is also a threat to the Canadian economy with hostile actors targeting companies to steal technologies and ideas. The CSIS Public Report adds that hostile actors specifically target advancing technology and critical infrastructure of Canadian industries, as well as universities conducting advanced research. CSIS Director Michel Coulombe, has stated that “Russia and China, in particular, continue to target Canada’s classified information and advanced technology, as well as government officials and systems,” demonstrating the specific threat of state-sponsored actors against Canadian economic development. Barry Cooper, professor at the University of Calgary, outlines specifically endangered industries to include aerospace, biotechnology, chemical, communications, information technology, mining and metallurgy, nuclear energy, oil and gas, and the environment.
A report released by the security software company, McAfee, estimates that cybercrime costs the global economy between $375 billion and $575 billion in losses annually. Targets have included financial institutions, government websites, hospitals, small and medium businesses (SMB), and other industries. The Huffington Post conducted an investigation on cyber-attacks threatening SMBs, and found that businesses with more than $10 million in revenues were victim to more cyber-attacks than SMBs that were under this threshold. The investigation argued that this resulted in these businesses having “the same attractive assets as enterprise-level organizations, but tend to have a lower level protection and less sophisticated security solutions in place than large organizations.” These conclusions correspond with the findings of a Business Fraud Survey conducted by Ipsos, which demonstrates larger companies with over 100 employees are “significantly more likely to have been hacked” with half the survey respondents from larger businesses admitting they had experienced such attacks.
In December 2015, a cyber-attack targeted Ukrenergo, Ukraine’s National power company, causing massive blackouts for over 225,000 people in Kiev. It was a “first-of-its-kind cyber-attack […] with hackers also sabotaging power distribution equipment, complicating attempts to restore power […] widely seen by experts as the first examples of hackers shutting off critical energy systems supplying heat and light to millions of homes.” The CSIS Public Report cites this example, adding that energy systems used in Ukraine are similar to those used by energy companies globally. This demonstrates how similar cyber operations targeting Canadian systems could severely damage infrastructure, if vulnerabilities are not patched to prevent hostile actor penetration.
These dangers demonstrate the necessity of complimenting the transformation of Canadian industrial society into a highly digitized environment, with advancements in cyber security systems to patch any vulnerabilities that leave critical infrastructure susceptible to attacks by hostile actors. The devastation that could be unleashed if such vulnerabilities are left open demands that the Canadian government conduct a nation-wide review, with the broad objective of securing society as a whole rather than focusing on any specific industry.
The realities of twenty-first century warfare are weapons that can target the very roots of society, and there is immense value in understanding what Canada’s vulnerabilities to these digital threats. We should learn from past cyber-attacks that have targeted our allies and more specifically the U.S. and Ukraine. These threats should be studied to understand how we can develop defense capabilities in accordance with current and ongoing threats to Canada. Preparatory measures must further secure civil society from threats posed by hostile actors, before attacks on Canadian infrastructure force the inevitable development of these defensive capabilities from a position of weakness.