State-sponsored espionage and threats to critical infrastructure

Alternate format: State-sponsored espionage and threats to critical infrastructure (PDF, 402 KB)

Critical infrastructure Critical infrastructureProcesses, systems, facilities, technologies, networks, assets, and services essential to the health, safety, security, or economic well-being of Canadians and the effective functioning of government. Critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories, and national borders. Disruptions of critical infrastructure could result in catastrophic loss of life, adverse economic effects, and significant harm to public confidence. includes the networks and systems that Canadians rely on for essential services and resources every day, such as our energy, water and utility systems, transportation systems, food supply chains and financial networks.

State-sponsored threat actors conduct cyber espionage against critical infrastructure in Canada and other allied nations. This includes reconnaissance ReconnaissanceActivity conducted by a threat actor to obtain information and identify vulnerabilities to facilitate future compromise(s). and intelligence-gathering in the energy, aerospace and defence sectors. Public institutions are also attractive targets because they hold personal information, valuable research data and other sensitive information. It is expected that state-sponsored threat actors will continue to conduct espionage against Canadian businesses and critical infrastructure to advance their national strategic objectives.

 

Canada’s critical infrastructure sectors

Long description immediately follows
 
Long description - Canada’s critical infrastructure sectors

Critical infrastructure refers to the processes, systems, facilities, technologies, networks, and services essential to the health, safety, security, and economic well-being of Canadians and to the effective functioning of government. In Canada, there are ten industry sectors recognized as critical infrastructure: food, water, energy and utilities, government, information and communication, safety, manufacturing, health, transportation, and finance.

 

Cyber threat Cyber threatA threat actor, using the internet, who takes advantage of a known vulnerability in a product for the purposes of exploiting a network and the information the network carries. activity against Canada’s critical infrastructure can have severe and far-reaching consequences. The proliferation of malicious cyber tools, along with the increasingly interconnected nature of industrial equipment and systems, means less sophisticated cyber threat actors may interfere, even inadvertently, with Canada’s critical infrastructure.

 

What is the Government of Canada doing?

One of the important objectives of the new Canadian Centre for Cyber Security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. is to work collaboratively with Canada’s critical infrastructure owners and operators, as well as all levels of government, private industry and academia to combat these ever evolving cyber threats. These strategic partnerships will enhance information sharing, integrate cyber defence technology and help strengthen Canada’s cyber resiliency.

In support of these goals, last year CSE publicly released one of its malware MalwareMalicious software designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware. detection DetectionThe monitoring and analyzing of system events in order to identify unauthorized attempts to access system resources. and analysis tools, known as Assemblyline. This tool has been used nationally and internationally to automate malware detection and support the work of cyber security analysts in many sectors.

The proposed Bill C-59: An Act Respecting National Security, would allow the CSE and the Cyber Centre to more extensively share information about specific cyber threats with owners and operators of Canada’s critical infrastructure and provide operational and technical assistance to help protect these networks, if requested.

In 2017, the Communications Security Establishment (CSE) alerted partners in the United States to a cyber compromise CompromiseThe intentional or unintentional disclosure of information, which adversely impacts its confidentiality, integrity, or availability. affecting the energy sector. In this case, foreign cyber threat actors gained access to secure and isolated systems to the point where the state sponsored threat actor could have disrupted power flows.

Top tips for critical infrastructure owners and operators

  • Implement application whitelisting
  • Isolate web-facing applications
  • Apply protection at the host level
  • Protect information at the enterprise level
  • Consolidate, monitor and defend internet gateways
  • Patch operating systems and applications
Date modified: