Canada Flags Urgent Threat from Nation-state and Criminal Groups to Critical Infrastructure
Summary:
Canada issued a warning this week on escalating cyber threats to critical infrastructure, specifically, sectors like energy, water, healthcare, financial services, and transportation. In their advisory, they note that both nation-state actors and cybercriminal groups are poised to create significant service outages, economic losses, and could endanger public health and safety.
Similar to US reports on Chinese adversaries like Volt and Salt Typhoon, Canada says nation-state actors are pre-positioning themselves across critical infrastructure to disrupt or destroy critical services during future geopolitical conflicts. Financially motivated actors continue to leverage ransomware which can also have significant impacts for critical sector entities.
Security Officer Comments:
The Canadian advisory notes that adversaries are identifying potential targets, including operational technology (OT) and internet-accessible Industrial control systems (ICS) such as SCADA, PLCs, and Industrial Internet of Things (IIoT) devices. The Canadian Centre for Cyber Security (Cyber Centre) has specifically alerted operators about hacktivists targeting internet-accessible ICS and has released a dedicated assessment on threats to Canada's water systems.
Attacks against critical infrastructure can be severe:
The Canadian government and the Cyber Centre urge critical infrastructure operators, particularly municipalities and private enterprises, to immediately strengthen their defenses. Key actions include:
https://www.cyber.gc.ca/en/guidance/cyber-threat-canadas-water-systems-assessment-mitigation
Canada issued a warning this week on escalating cyber threats to critical infrastructure, specifically, sectors like energy, water, healthcare, financial services, and transportation. In their advisory, they note that both nation-state actors and cybercriminal groups are poised to create significant service outages, economic losses, and could endanger public health and safety.
Similar to US reports on Chinese adversaries like Volt and Salt Typhoon, Canada says nation-state actors are pre-positioning themselves across critical infrastructure to disrupt or destroy critical services during future geopolitical conflicts. Financially motivated actors continue to leverage ransomware which can also have significant impacts for critical sector entities.
Security Officer Comments:
The Canadian advisory notes that adversaries are identifying potential targets, including operational technology (OT) and internet-accessible Industrial control systems (ICS) such as SCADA, PLCs, and Industrial Internet of Things (IIoT) devices. The Canadian Centre for Cyber Security (Cyber Centre) has specifically alerted operators about hacktivists targeting internet-accessible ICS and has released a dedicated assessment on threats to Canada's water systems.
Attacks against critical infrastructure can be severe:
- Health and Water Systems: Compromising hospital networks can disrupt operations, take down critical patient data, or even interfere with connected medical devices. Attacks on water treatment facilities could lead to the manipulation of chemical levels (example: in a 2021 incident, an attacker tried to raise sodium hydroxide to dangerous levels) or simply degrade water quality, impacting the supply of clean, potable water.
- Energy Sector: An attacker gaining access to the Operational Technology (OT) network can send commands to control switches in substations, disconnecting entire power lines or plants from the grid. This can lead to widespread, large-scale blackouts, as seen in the 2015 attack on Ukraine, which disconnected 225,000 consumers. Sophisticated malware can disable protective devices, allowing attackers to overload power lines and potentially cause physical, long-term damage to essential grid equipment. Disruption of natural gas or water services during extreme weather events could leave communities without heat or sanitation. A severe, long-duration power grid failure would simultaneously shut down telecommunications, financial markets, fuel pumps, and water pumping/treatment facilities.
- Financial Sector: Systemic failure of payment processing or core banking services can freeze commerce, leading to massive immediate financial losses and long-term damage to credit ratings and market valuation for affected firms.
- Transportation: Since the transportation sector is the backbone of the supply chain (rail, trucking, ports, air traffic), a successful attack can cause a cascading economic effect. Ransomware on a logistics company or port terminal can halt the flow of goods, leading to empty store shelves, gas shortages, and disruption of medical supply chains. Attacks on air traffic control or mass transit systems can cause prolonged outages and delays, resulting in huge revenue losses and widespread public inconvenience.
- Financial Impacts to Critical Infrastructure: The cost of remediation, lost revenue, and legal liability can be immense. For instance, the average cost of a data breach in the energy sector hit a record high of $4.72 million in a recent year, and the total cost of malicious cyber activity to the economy can be in the billions annually.
The Canadian government and the Cyber Centre urge critical infrastructure operators, particularly municipalities and private enterprises, to immediately strengthen their defenses. Key actions include:
- Inventory and Isolation: Conduct an inventory of all ICS devices and remove unnecessary ICS and OT connections to the internet.
- Access Control: Use Virtual Private Networks (VPNs), firewalls, and Multi-Factor Authentication (MFA) for all remote access, and change all default passwords immediately.
- Network Segmentation: Ensure that IT and OT environments are kept separate to prevent lateral movement.
- Proactive Defense: Apply security patches promptly, enable and regularly review logging, and enhance monitoring of OT environments to detect unusual activity.
- Preparedness: Develop and test a tailored incident response plan, conduct tabletop exercises, and maintain offline backups and verified manual controls to ensure resilience against system failures.
https://www.cyber.gc.ca/en/guidance/cyber-threat-canadas-water-systems-assessment-mitigation