Cybercrime Is Largest Threat to Canada’s Oil and Gas Sector: Intelligence Agency

Cybercrime Is Largest Threat to Canada’s Oil and Gas Sector: Intelligence Agency
The Suncor refinery in Edmonton seen on June 17, 2015. AFP via Getty Images/Geoff Robins
Matthew Horwood
Updated:
0:00

The head of the Canadian Centre for Cybersecurity (CCCS) is warning that the biggest threat to Canada’s oil and gas sector is cybercrime from non-state actors, advising infrastructure providers to also prepare for the unlikely event of sabotage by state-sponsored counterparts.

“Cybercrime is the main cyber threat facing the oil and gas sector and the most likely to disrupt the supply of oil and gas to Canadians,” said Sami Khoury, head of the CCCS, during a technical briefing on July 5.

“Sabotage by state-sponsored cyber actors is very unlikely outside of hostilities, but the threat is real and critical infrastructure providers must prepare for it.”

The briefing comes a few weeks after the Communications Security Establishment (CSE), which the CSC is a part of, released its annual report to Canada’s largest energy providers, industry associations, and companies. The CSE is tasked with assisting federal partners with cyber protection by countering hostile state activity and cybercrime.

Mr. Khoury said the most important takeaway from both the report and the briefing was the need for “all critical infrastructure network owners, including those in the oil and gas sector, to take appropriate measures to protect their systems and network.”

According to Mr. Khoury, Canada’s oil and gas sector is most likely to be targeted by state-aligned cybercriminals using ransomware to make money, as it is the form of cybercrime most “prevalent and indiscriminate.”

Mr. Khoury said countries will also sponsor hackers to steal commercially sensitive information and advanced research. As an example, he said Russian state-sponsored actors were unlikely to target Canada “in a destructive way” as there are no prevailing hostilities between the two countries.

“The state-aligned are ideologically motivated groups. One would say they don’t have any norms of responsible behaviour and probably take risks that are uncalculated. So as a result, there’s probably a higher risk coming from those state-aligned groups than from state-sponsored programs,” he said.

Mr. Khoury defined state-aligned groups as “hacktivists or maybe ideologically motivated groups that somewhat fall in the middle between cybercriminals and an apparatus of the state itself.”

He also noted there has been a “noticeable rise in the availability and sophistication of ransomware” in recent years, with the buying and selling of malicious cyber tools impacting organizations and sectors across the world.

“Anyone can become a victim. These warnings are issued not as a scare tactic, but as a call to action,” he said.

According to the Canadian Security Intelligence Service (CSIS) 2022 report, Canada remains a target for cyber-enabled espionage and sabotage by both state-sponsored and non-state actors in China, Russia, and Iran. The report said that malicious cyber activity continued to “increase in scale and complexity” in 2022, with critical infrastructure continuing to be at high risk because the sectors have “deep pockets” and may be willing to pay more to hackers to ensure uninterrupted services.

Targeted Attacks

Cybercriminals have launched several sophisticated attacks on oil and gas companies in recent years. In May 2021, a group of hackers took the Colonial Pipeline offline in the United States, stopping the flow of 45 percent of the east coast’s supply of diesel, petrol, and jet fuel for several days.

In April 2023, a set of leaked U.S. government intelligence documents suggested that Russian-backed hackers had successfully gained access to Canada’s natural gas distribution network. In June, Suncor Energy Inc. experienced a “cybersecurity incident” that shut down debit and credit machines at the pumps of many gas stations across Canada.

Mr. Khoury said in the aftermath of the incident, the CCCS was working with Suncor Energy Inc. and sharing information with the rest of the sector to allow them to defend themselves. He said he could not discuss the specifics of the case because sharing information too soon could “compromise mitigation efforts.”

When it came to defending against cyberattacks, he said it is important that the oil and gas sector listen to the information given out by CSC and “update their mitigation posture or their defensive posture accordingly.”