September 9, CBC announced that they discovered a letter written by NORAD: North American Aerospace Defence Command asking the Canadian military to identify critical civilian infrastructure and systems vulnerable to a cyberattack. The letter was written three years ago by U.S. Admiral William Gourtney, the past NORAD Commander. This request is important in the sense that NORAD, the first line of defence against an air attack and a key player in the defence of North America, clearly viewed Canadian infrastructure as a potential point of vulnerability. When a nation’s critical infrastructure is hit with a cyberattack, it can be disabled and may lead to a catastrophic disaster accompanied with the potential for the loss of billions of dollars.
The 2015 cyberattack on Ukraine’s power grid provides insights on the impact a cyberattack can have on a country’s infrastructure. During the attack, the Ukrainian regional electricity company, Kyivoblenergo reported service outages to customers and revealed that the attack was a third-party’s illegal entry into the company’s critical operational system, Supervisory control and data acquisition. This led to several outages causing approximately 225,000 customers to suffer from power loss across multiple regions for several hours. The Ukrainian incident is noted as the first successful cyberattack on a power grid which is defined as critical infrastructure.
The Electricity-Information Sharing and Analysis Center’s (E-ISAC) case report of the Ukraine cyberattack suggests that authorities seeking to protect critical infrastructure need to prepare to confront specifically targeted and organized attacks where their own Industrial Control Systems (ICS) are exposed and used against them. Attackers usually combine amplifying attacks to destroy communication across the targeted infrastructure and synchronize their attacks to seize control of ICS. Furthermore, the report emphasizes that the methods, tactics, techniques, and procedures in Ukraine cyberattack could be effective and applicable against any infrastructures around the world.
Canada is rapidly acknowledging the importance of maintaining effective and reliable defences against cyberattacks. In 2018 Canada established its own department for cyber security, the Canadian Centre for Cyber Security, to lead the restructuring of Canada’s cyber security. The Canadian Centre for Cyber Security is the primary institution in Canada with the authority to bring all federal operational cyber expertise into one place, leading the federal response to events that threatens cyber security and develop specialized cyber defence technologies and tools. Additionally, the Canadian Centre for Cyber Security introduced its new National Cyber Security Action Plan (2019-2024) in 2018. This plan aims to re-establish the initiations and milestones of Canadian cyber security to build a secure and resilient defence system.
Through collaborative action with partners, Canadian Centre for Cyber Security plans to enhance Canada’s cyber security capabilities, responding to defend critical government and private sector systems. For instance, the Department of Public Safety and Emergency Preparedness provides comprehensive risk management to critical infrastructure owners. The result of this is that the owners can better identify and address vulnerabilities in their cyber systems and offer technical training designed to mitigate risks and strengthen ICS resilience. Also, the Royal Canadian Mounted Police (RCMP) will establish the National Cybercrime Coordination Unit (NC3) to coordinate cybercrime operations and collaborate with other international institutions. Throughout the National Cyber Security Action Plan, Canada is restructuring its cyber security system design to effectively establish defence mechanisms and collective actions against cyberattacks, at the same time as constructing a better platform to protect Canada’s critical infrastructure.
At the same time, NATO is strengthening its capabilities to defend members against cyberattacks. In the 2018 summit in Brussels, allied leaders of NATO warned that cyber threats to the security of the Alliance are becoming more frequent, complex, destructive, and coercive. NATO now officially recognises cyberspace as a domain of military operation and can invocate NATO’s collective defence clause (Article 5) in the case of a significant cyberattack against a member state. The alliance is ensuring continued attention and resources are being devoted to cybersecurity, and is working with partners through programs like the EU and NATO Industry Cyber Partnership, designed to facilitate information exchange, training, research, and exercises.
However, if critical infrastructure is to be protected, the first step is establishing what exactly is covered within this category. Defining critical infrastructure is a complicated and evolving task. For instance, the definition of critical infrastructure which was originally limited to power plants, electricity grids, and financial systems has been expanded since the Russian interference in the 2016 U.S presidential election and is still expanding.
Moreover, more firms are choosing to incorporate computer chips into their products. For example, most of the TV products produced these days are IPTV (Internet protocol television) – with video and audio delivered over an internet connection. As TV is common for many households and offices in Canada, cyber-attackers are provided with an almost limitless set of potential targets. As the methods and types of cybercrime are simultaneously becoming more diverse and more subtle, cyber security institutions have to continuously observe changes occurring in cyberspace and adapt accordingly. The fight against cyberattack is far from over and remains a real threat to Canada. Still, with growing interest and attention from major institutions such as NORAD and NATO, Canada’s cybersecurity professionals are adapting to the challenge.
Featured Image: By Zach Schrock “Power Lines”. via Flickr.
Disclaimer: Any views or opinions expressed in articles are solely those of the
authors and do not necessarily represent the views of the NATO Association of