State-sponsored actors ‘very likely’ looking to attack electricity supply, says intelligence agency

State-sponsored actors are “very likely” trying to shore up their cyber capabilities to attack Canada’s critical infrastructure — such as the electricity supply — to intimidate or to prepare for future online assaults, a new intelligence assessment warns.

“As physical infrastructure and processes continue to be connected to the internet, cyber threat activity has followed, leading to increasing risk to the functioning of machinery and the safety of Canadians,” says a new national cyber threat assessment drafted by the Communications Security Establishment.

“We judge that state-sponsored actors are very likely attempting to develop the additional cyber capabilities required to disrupt the supply of electricity in Canada.”

Today’s report — the second from the agency’s Canadian Centre for Cyber Security wing — looks at the major cyber threats to Canadians’ physical safety and economic security.

The CSE does say in the report that while it’s unlikely cyber threat actors would intentionally disrupt critical infrastructure — such as water and electricity supplies — to cause major damage or loss of life, they would target critical organizations “to collect information, pre-position for future activities, or as a form of intimidation.”

Such preliminary attacks have happened already.

The report said Russia-associated actors probed the networks of electricity utilities in the U.S. and Canada last year and Chinese state-sponsored cyber threat actors have targeted U.S. utility employees. Other countries have seen their industrial control systems targeted by Iranian hacking groups and North Korean malware was found in the IT networks of an Indian power plant, it said.

The threat grows as more critical infrastructure goes high-tech.

Commercial espionage is already happening across a range of fields, says the CSE. (Shutterstock / Motortion Films)

In the past, the operational technology (OT) used to control dams, boilers, electricity and pipeline operations has been largely immune to cyberattacks — but that’s changing as manufacturers incorporate newer information technology in their systems and products, says the report.

“We assess that, almost certainly, the most pressing threats to the physical safety of Canadians are to OT and critical infrastructure. However, in the future, targeting of smart cities and [internet-connected] devices, such as personal medical devices and Internet-connected vehicles, may also put Canadians at risk,” says the report. 

Earlier this year, for example, Health Canada warned the public that medical devices containing a particular Bluetooth chip — including pacemakers, blood glucose monitors and insulin pumps — are vulnerable to cyber attacks that could crash them.

The foreign signals intelligence agency also says that while state-sponsored programs in China, Russia, Iran and North Korea “almost certainly” pose the greatest state-sponsored cyber threats to Canadian individuals and organizations, many other states are rapidly developing their own cyber programs.

Commercial espionage continues

State-sponsored actors will also continue their commercial espionage campaigns against Canadian businesses, academia and governments to steal Canadian intellectual property and proprietary information, says the CSE.

“We assess that these threat actors will almost certainly continue attempting to steal intellectual property related to combating COVID-19 to support their own domestic public health responses or to profit from its illegal reproduction by their own firms,” says the “key judgments” section of the report.

“The threat of cyber espionage is almost certainly higher for Canadian organizations that operate abroad or work directly with foreign state-owned enterprises.”

The Communications Security Establishment Canada is pictured in Ottawa on October 15, 2013. The agency’s latest threat assessment report looks at the major cyber risks threatening Canadians’ physical safety and economic security. (Sean Kilpatrick/Canadian Press)

The CSE says such commercial espionage is happening already across multiple fields, including aviation, technology and AI, energy and biopharmaceuticals.

While state-sponsored cyber activity tends to offer the most sophisticated threats, CSE said that cybercrime continues to be the threat most likely to directly affect Canadians and Canadian organizations, through vectors like online scams and malware.

“We judge that ransomware directed against Canada will almost certainly continue to target large enterprises and critical infrastructure providers. These entities cannot tolerate sustained disruptions and are willing to pay up to millions of dollars to quickly restore their operations,” says the report.

Cybercrime becoming more sophisticated 

According to the Canadian Anti-Fraud Centre, Canadians lost over $43 million to cybercrime last year. The CSE reported earlier this year that online thieves have been using the COVID-19 pandemic to trick Canadians into forking over their money — through scams like a phishing campaign that claimed to offer access to a Canada Emergency Response Benefit payment in exchange for the target’s personal financial details.

Online foreign influence activities — a dominant theme in the CSE’s last threat assessment briefing — continue and constitute “a new normal” in international affairs as adversaries seek to influence domestic and international political events, says the agency.

“We assess that, relative to some other countries, Canadians are lower-priority targets for online foreign influence activity,” it said.

“However, Canada’s media ecosystem is closely intertwined with that of the United States and other allies, which means that when their populations are targeted, Canadians become exposed to online influence as a type of collateral damage.”

According to the agency’s own definition, “almost certainly” means it is nearly 100 per cent certain in its analysis, while “very likely” means it is 80-90 per cent certain of its conclusions. The CSE says its analysis is based off of a mix of confidential and non-confidential intelligence and sources.