The Suncor Energy Centre is pictured in downtown Calgary, Alta., Friday, Sept. 16, 2022. Federal officials gave leaders of major energy and utility firms a secret-level briefing on cybersecurity threats, one element of a concerted government effort to underscore the serious risks to the sector. THE CANADIAN PRESS/Jeff McIntosh
Federal security officials have been briefing leaders of major energy and utility firms on cyberthreats, one element of a concerted government effort to underscore the serious risks to the sector.
A newly disclosed Public Safety Canada memo reveals a secret-level June meeting was part of a strategy to raise awareness among company executives about the dangers from malicious cyberactivity — reaching beyond the technical experts who already know about the risks.
The memo, obtained by The Canadian Press through the Access to Information Act, says the confidential discussion was co-hosted by Public Safety, Natural Resources Canada and the Communications Security Establishment, Canada’s cyberspy agency.
The CSE’s Canadian Centre for Cyber Security said in an assessment this year that financially motivated cybercrime — particularly business email compromise and ransomware — was almost certainly the main cyberthreat facing the Canadian oil and gas sector.
It also said the sector would likely continue to be targeted by state-sponsored cyberespionage for commercial or economic reasons.
“At risk are proprietary trade secrets, research, and business and production plans.”
The Public Safety memo, prepared in early summer, notes Nunavut’s energy corporation and Calgary-based Suncor Energy were targeted in cyberattacks this year.
The memo says Public Safety is exploring additional approaches that will include more engagement with industry, academia, and provinces and territories — including an information and threat-sharing forum.
The vision, as with the June briefing, “is to reach company executives, as opposed to only the technical experts who are already aware of the risks,” the memo adds.
“Engaging with company executives is critical to embed security across the business ecosystem and ensure a collective approach to strengthening our cyber resilience.”
The June briefing also included industry associations, regulators and other government departments. Among the participants was Enbridge’s chief information officer, who took part virtually, the company said.
“We have a dedicated team of cybersecurity experts and a robust cybersecurity program in place that provides 24/7 monitoring against cyberthreats,” Enbridge said.
“To further mitigate threats, we collaborate with governments and regulatory agencies, and take part in external events to learn and share information on how we can improve our defences.”
While the memo mentions a single briefing that took place June 21, CSE spokeswoman Robyn Hawco said the Cyber Centre and Natural Resources arranged “targeted threat info briefings for energy sector CEOs at a number of secure facilities across the country.”
“This allowed the Cyber Centre to share more information than we can release in a public report. This speaks to the level of trust and co-operation that we have built up with our partners in the energy sector.”
Cybersecurity legislation now before Parliament would introduce the Critical Cyber Systems Protection Act, establishing a regulatory framework to strengthen security in federally regulated sectors including energy.
The legislation will help prevent malicious cyberactivity from undermining Canada’s interprovincial and international pipeline and power line systems, Public Safety said.
Several civil society groups have called for changes to the cybersecurity bill, saying it would undermine privacy, accountability and judicial transparency.
The legislation would authorize the Canada Energy Regulator to monitor compliance and enforce obligations.
The June session prompted the then-CEO of the energy regulator, Gitane De Silva, to request a meeting with the deputy minister of Public Safety and the chief of the CSE to further discuss “how the three organizations can continue to work together, and what the role of the CER should be.”
De Silva, who has since left the regulator, declined to comment.
Amanda Williams, a spokeswoman for the regulator, said it has met with companies it oversees and “confirmed expectations with respect to cybersecurity.”
The CSE’s Cyber Centre shares advice and guidance about cybersecurity best practices as well as information that helps providers assess risks.
Hawco said the centre also has two ongoing collaborations with energy sector partners that involve two-way information sharing about cyberthreats affecting the sector — the Blue Flame Program, with the Canadian Gas Association, and the Lighthouse initiative, led by Ontario’s Independent Electricity System Operator.
“Under these programs, participating organizations share network data with the Cyber Centre and receive customized threat reports in return,” she said. “We are working with industry associations to expand and enhance these programs.”
This report by The Canadian Press was first published Nov. 25, 2023.
- 0079 Ministry of Energy Business_incentive PO0079 Ministry of Energy Business_incentive PO
- 0078 LHOS 20240078 LHOS 2024
- 0077 Caprice Resources Stand Up For Free Speech0077 Caprice Resources Stand Up For Free Speech
- 0053 Kingston Midstream Westspur Alameda0053 Kingston Midstream Westspur Alameda
- 0076 Latus only0076 Latus only
- 0073 SaskWorks-Pipeline Online0073 SaskWorks-Pipeline Online
- 0063 Turnbull Excavating hiring crusher0063 Turnbull Excavating hiring crusher
- 0061 SIMSA 2024 For Sask Buy Sask0061 SIMSA 2024 For Sask Buy Sask
- 0058 Royal Helium Steveville opens anonymous rocket0058 Royal Helium Steveville opens anonymous rocket
- 0055 Smart Power Be Smart with your Power office0055 Smart Power Be Smart with your Power office
- 0051 JML Hiring Pumpjack assembly0051 JML Hiring Pumpjack assembly
- 0049 Scotsburn Dental soft guitar0049 Scotsburn Dental soft guitar
- 0046 City of Estevan This is Estevan0046 City of Estevan This is Estevan
- 0041 DEEP Since 2018 now we are going to build0041 DEEP Since 2018 now we are going to build
- 0032 IWS Summer hiring rock trailer music
- 0022 Grimes winter hiring
- 0021 OSY Rentals S8 Promo
- 0018 IWS Hiring Royal Summer
- 0013 Panther Drilling PO ad 03 top drive rigs
- 0011
- 0006 JK Junior
- 0002 gilliss casing services0002 gilliss casing services
- 9002 Pipeline Online 30 sec EBEX9002 Pipeline Online 30 sec EBEX
- 9001