OTTAWA -- Canada’s top cybersecurity agency has named China, Russia, Iran, and North Korea’s state-sponsored cyber activity as posing the “greatest strategic threats” to Canada’s critical infrastructure, intellectual property, and political events like elections.
In its 2020 National Cyber Threat Assessment, the Canadian Centre for Cyber Security within the Communications Security Establishment warns that state-sponsored cyber activity is the most sophisticated and actors are “very likely” attempting to develop capabilities to disrupt critical systems; will “almost certainly” continue conducting commercial espionage against Canadian governments, businesses, and organizations; and are keeping up ongoing online foreign influence campaigns aimed at altering discourse around current events to divide Canadians.
“The most sophisticated capabilities belong to state sponsored cyber threat actors who are motivated by economic, ideological, and geopolitical goals. Their activities include cyber espionage, intellectual property theft, online influence operations, and disruptive cyber attacks,” states the report.
“We assess that almost certainly the state-sponsored programs of China, Russia, Iran, and North Korea pose the greatest state-sponsored cyber threats to Canadian individuals and organizations. However, many other states are rapidly developing their own cyber programs, benefiting from various legal and illegal markets to purchase cyber products and services,” it continues.
The report is a reminder that Canada can’t let its guard down, said National Defence Minister Harjit Sajjan in the foreword of the report.
“Foreign state-sponsored cyber programs are probing our critical infrastructure for vulnerabilities. Foreign efforts to influence public discourse through social media have become the ‘new normal.’ More than that, the internet is at a crossroads, with countries like China and Russia pushing to change the way it is governed, to turn it into a tool for censorship, surveillance, and state control,” Sajjan wrote.
The report is an update to the 2018 version, and offers forecasts on the threat environment through to 2022. The agency cautions that the threat assessment does not include an exhaustive list of activity, but is based on classified and unclassified sources available up to Oct. 20.
“When we call actors out, and specifically into sectors, we see the sector respond quite rapidly to the threat,” said Scott Jones, the head of the Canadian Centre for Cyber Security, during a teleconference discussing the new report. He cited the decision the agency took in July to allege alongside the United Kingdom that Russia tried to steal information and intellectual property from researchers working on a COVID-19 vaccine.
THREAT TO ELECTRICAL GRID?
The 2020 threat assessment warns about cyber actors targeting organizations responsible for essential services like utilities and health care by going after their Industrial Control Systems (ICS).
Given more and more aspects of infrastructure are being connected to the internet, the risk of the software becoming vulnerable to cyber attacks is increasing.
One specific area the report delves into is the threat to Canada’s electricity grid, where it’s anticipated state actors are trying to develop capacities needed to disrupt Canada’s electricity supply.
A recent example of countries getting into this kind of behaviour include when Russian-associated actors “probed the networks of electricity utilities in the U.S. and Canada” in 2019. As well, the report cites U.S. utility employees being targeted by China; Iranian hacking groups targeting control system infrastructure in rival nations like Israel, and North Korean malware being found in the IT networks of India’s power plants.
“We assess that cybercriminals will very likely increase their targeting of ICS in the next two years in an attempt to place increased pressure on critical infrastructure and heavy industry victims to promptly accede to ransom demands,” reads the report.
While the report says the reality of an attack like this remains “very unlikely,” it could cause major damage and interruptions to wide swaths of the country.
“What you could see is shutting off of transmission lines, you could see them opening circuit breakers – meaning electricity simply won't flow to our homes, to our businesses, to other pieces of Canada's critical infrastructure… We want to get ahead of this trend and make sure that we're getting ahead of it before you see those implications happening in critical infrastructure that could affect large numbers of people at the same time,” Jones said.
“We’re not trying to scare people, we’re certainly not trying to scare people into going off grid by building a cabin in the woods, etc. We’re here to say ‘let’s tackle these now while they’re still paper, while they’re still a threat that we’re writing down’ before it’s a threat that can become real in the future,” he said, adding that work is underway to raise the awareness in the energy sector about these threats.
ONLINE INFLUENCE CAMPAIGNS
The cyber centre’s threat assessment also notes that “a number of states” have deployed online influence campaigns “as part of their daily business” in an effort to change civil discourse, policymakers' decisions, and the reputations of politicians.
“They try to delegitimize the concept of democracy and other values such as human rights and liberty… They also try to exacerbate existing friction in democratic societies around various divisive social, political, and economic issues,” reads the report.
While usually these efforts increase around elections, the agency says it’s seeing the campaigns have broadened out since 2018 to target trending stories and popular political issues.
“It happens every day now. This is something where it’s just constant misuse or misinformation on the internet. And this is where we’re saying, ‘Look we need to start turning to authoritative sources,’” Jones said in an interview on CTV’s Power Play.
In Canada, this has included Russian and Iranian efforts to sway minds related to terrorism and the 2017 Quebec City mosque shooting, the Trans Mountain pipeline construction, domestic policies on immigration and refugees, and climate change.
More recently, attempts to influence Canadians have been seen in relation to COVID-19 and government responses to the pandemic.
Going forward, the report notes that Canada’s position on “high-tension geopolitical issues” could elevate the threat.
The report also states that relative to other countries, Canadians are lower-priority targets for online foreign influence, but because our “media ecosystem is closely intertwined with that of the United States and other allies,” when our neighbour is targeted, Canadians become exposed to the online influence.
Jones said that Canada has been sharing information about what it’s seeing when Canadians or domestic institutions are caught up in online interference efforts.
CYBERCRIME DURING COVID-19
In addition to digging into the foreign state actor threat, the report highlights the uptick in online threats to Canadians and national institutions posed by fraudsters and other bad actors, in the face of the COVID-19 that are preying on the fears and anxieties that many people are experiencing during the pandemic, as well as the heightened use of online tools to work from home and stay connected others.
The CSE stated that cybercrime remains the greatest direct threat to Canadians and Canadian organizations, many of which are not doing enough to protect their passwords, software, and increasing cadre of digital devices from hacks or other attacks.
“Cybersecurity is a team sport, and as any hockey coach will tell you, to mount an effective defence you need to know what you’re up against,” Jones said.