OTTAWA — Federal safety officers have been briefing leaders of main vitality and utility corporations on cyberthreats, one component of a concerted authorities effort to underscore the intense dangers to the sector.
A newly disclosed Public Safety Canada memo reveals a secret-level June assembly was a part of a technique to boost consciousness amongst firm executives in regards to the risks from malicious cyberactivity — reaching past the technical specialists who already know in regards to the dangers.
The memo, obtained by The Canadian Press by the Access to Information Act, says the confidential dialogue was co-hosted by Public Safety, Natural Resources Canada and the Communications Security Establishment, Canada’s cyberspy company.
The CSE’s Canadian Centre for Cyber Security mentioned in an evaluation this 12 months that financially motivated cybercrime — significantly business e mail compromise and ransomware — was nearly definitely the primary cyberthreat dealing with the Canadian oil and fuel sector.
It additionally mentioned the sector would possible proceed to be focused by state-sponsored cyberespionage for business or financial causes.
“At risk are proprietary trade secrets, research, and business and production plans.”
The Public Safety memo, ready in early summer season, notes Nunavut’s vitality company and Calgary-based Suncor Energy have been focused in cyberattacks this 12 months.
The memo says Public Safety is exploring extra approaches that can embrace extra engagement with trade, academia, and provinces and territories — together with an info and threat-sharing discussion board.
The imaginative and prescient, as with the June briefing, “is to reach company executives, as opposed to only the technical experts who are already aware of the risks,” the memo provides.
“Engaging with company executives is critical to embed security across the business ecosystem and ensure a collective approach to strengthening our cyber resilience.”
The June briefing additionally included trade associations, regulators and different authorities departments. Among the members was Enbridge’s chief info officer, who took half nearly, the corporate mentioned.
“We have a dedicated team of cybersecurity experts and a robust cybersecurity program in place that provides 24/7 monitoring against cyberthreats,” Enbridge mentioned.
“To further mitigate threats, we collaborate with governments and regulatory agencies, and take part in external events to learn and share information on how we can improve our defences.”
While the memo mentions a single briefing that passed off June 21, CSE spokeswoman Robyn Hawco mentioned the Cyber Centre and Natural Resources organized “targeted threat info briefings for energy sector CEOs at a number of secure facilities across the country.”
“This allowed the Cyber Centre to share more information than we can release in a public report. This speaks to the level of trust and co-operation that we have built up with our partners in the energy sector.”
Cybersecurity laws now earlier than Parliament would introduce the Critical Cyber Systems Protection Act, establishing a regulatory framework to strengthen safety in federally regulated sectors together with vitality.
The laws will assist forestall malicious cyberactivity from undermining Canada’s interprovincial and worldwide pipeline and energy line programs, Public Safety mentioned.
Several civil society teams have known as for adjustments to the cybersecurity invoice, saying it might undermine privateness, accountability and judicial transparency.
The laws would authorize the Canada Energy Regulator to watch compliance and implement obligations.
The June session prompted the then-CEO of the vitality regulator, Gitane De Silva, to request a gathering with the deputy minister of Public Safety and the chief of the CSE to additional talk about “how the three organizations can continue to work together, and what the role of the CER should be.”
De Silva, who has since left the regulator, declined to remark.
Amanda Williams, a spokeswoman for the regulator, mentioned it has met with corporations it oversees and “confirmed expectations with respect to cybersecurity.”
The CSE’s Cyber Centre shares recommendation and steering about cybersecurity greatest practices in addition to info that helps suppliers assess dangers.
Hawco mentioned the centre additionally has two ongoing collaborations with vitality sector companions that contain two-way info sharing about cyberthreats affecting the sector — the Blue Flame Program, with the Canadian Gas Association, and the Lighthouse initiative, led by Ontario’s Independent Electricity System Operator.
“Under these programs, participating organizations share network data with the Cyber Centre and receive customized threat reports in return,” she mentioned. “We are working with industry associations to expand and enhance these programs.”
This report by The Canadian Press was first printed Nov. 25, 2023.
Jim Bronskill, The Canadian Press
Source: calgary.citynews.ca