About one in 4 Canadian oil and fuel companies reported a cyber incident in 2019, the report famous
Article content material
In the midst of final week, leaders with the Communication Safety Institution’s Canadian Centre for Cyber Safety met with oil and fuel executives to speak a couple of new report inspecting threats going through the sector.
Commercial 2
Article content material
The report mentioned the significance of the nation’s oil and fuel sector, together with the continuing digital transformation of the business, “makes it a goal for cyber actors intent on most disruption.”
Article content material
It occurred simply days earlier than a cyberattack at Suncor Power surfaced.
“We needed to have a dialog with the C-Suite or the executives of the oil and fuel sector in Canada to proceed to sensitize them to the menace — that the menace is actual. And we needed to be sure that they take it critically,” Sami Khoury, head of the Cyber Centre, mentioned in an interview.
“They should be conscious that ransomware is alive and properly, when it comes to a menace vector, that these menace actors are indiscriminate and with out scruples, so they’d go wherever they will earn cash.
“We wish additionally to sensitize them that state-sponsored exercise . . . go after firms typically to steal business info, enterprise intelligence, analysis. And in the event you convey these two collectively, crucial infrastructure is a phase of society that we’re involved about.”
The assembly, described as a menace info briefing, was held at a variety of safe amenities throughout the nation — together with in Calgary — on the identical day the report was launched, and it included senior officers with CSE, Public Security Canada, the RCMP and Pure Sources Canada, based on Cyber Centre officers.
Article content material
Commercial 3
Article content material
On Sunday, Suncor Power confirmed it was grappling with a cybersecurity incident and had notified applicable authorities.
The Calgary-based firm is without doubt one of the nation’s largest petroleum producers and operates a downstream refining and advertising and marketing division, together with its Petro-Canada retail chain.
Some Petro-Canada clients reported being unable to pay electronically on the pumps on the weekend. Suncor mentioned it’s not conscious of any proof that clients, suppliers or worker knowledge has been compromised.
“We’re persevering with to expertise the cybersecurity incident,” Suncor spokesman Leithan Slade mentioned Wednesday.
The corporate declined to remark additional on the matter.
Cybersecurity professional David Masson mentioned the Suncor cyberattack is the most important that he’s conscious of involving a Canadian oil and fuel agency, though there have been main instances globally lately.
If an assault lasts greater than a day, is widespread throughout a corporation and is disclosed to authorities, there’s “a very good probability it’s going to be ransomware,” he mentioned.
“Actually, two to 3 days after the report comes out, bingo,” mentioned Masson, director of enterprise safety at cyberdefence agency Darktrace.
Commercial 4
Article content material
“That is in all probability going to transform a ransomware assault however, I hasten so as to add, I’m underlining that, just by the truth that our personal authorities is saying that’s the largest menace going through the oil and fuel sector.”
The difficulty of cybersecurity and the oilpatch isn’t a brand new one, though it has developed over time.
In 2016, a report by Alberta’s auditor normal highlighted the priority, stating that no authorities entity had assessed the dangers or impression to the province’s regulated oil and fuel infrastructure from such cyberattacks — a difficulty later addressed by the power division and the Alberta Power Regulator.
The auditor’s report pointed to an incident in September 2012 when a Calgary-based firm, which provided distant monitoring and providers to the power sector, confronted a “subtle cyberattack” on its pc programs.
Final week’s Cyber Centre report famous the sector faces a number of threats, together with from state-sponsored actors making an attempt to compromise the networks of Canadian and U.S. crucial infrastructure, together with the oil and fuel sector, which places mental property and enterprise plans in jeopardy.
Commercial 5
Article content material
One other threat stems from opportunistic, financially motivated cybercriminals who “is not going to hesitate to exacerbate a disaster for revenue,” it states.
The report pointed to the January 2022 incidents affecting subsidiaries of the German oil transportation agency Marquard & Bahls, in addition to an unrelated ransomware incident final 12 months on the Amsterdam-Rotterdam-Antwerp refining hub, which quickly disrupted the supply of oil merchandise in components of Europe.
In North America, the Colonial pipeline in america was quickly shut down in March 2021 due to a ransomware incident.
“The Colonial incident was an incident that would occur in Canada, might occur anyplace,” Khoury mentioned.
“It’s the character of the world through which we reside that our IT programs are interconnected. And in the event you convey them down, they’ve a substantial impression.”
He famous there have been elevated cyber incidents by Russia directed at Ukraine, and the centre is worried these actions would possibly “spill over into Canada,” whereas including ransomware assaults have gotten extra subtle and stay a persistent menace to companies.
Commercial 6
Article content material
Khoury mentioned he’s conscious of Suncor’s state of affairs and the centre has communicated with the corporate, however couldn’t present another particulars.
For the oilpatch, the brand new report and state of affairs with Suncor illustrate the potential hazards on the digital panorama.
“The fact is that cybersecurity is growing within the business as a menace. It’s a authentic drawback for our business,” mentioned Tristan Goodman, CEO of the Explorers and Producers Affiliation of Canada.
“Within the final two to 3 years, there’s been a dramatic escalation within the variety of assaults. There’ve additionally been firms that are actually treating this way more critically.”
-
Varcoe: Much more wind and solar in Alberta’s forecast for a net-zero energy future
-
Varcoe: Oil and fuel manufacturing tumbles in a net-zero future, Canada Power Regulator report reveals
-
Varcoe: World oil demand anticipated to chill, however Canadian crude manufacturing to maintain rising
The report famous that about one in 4 Canadian oil and fuel companies reported a cyber incident in 2019, the best price of any throughout the crucial infrastructure sector.
Excessive-profile cyberattacks focusing on companies have additionally been reported prior to now 12 months at firms equivalent to grocery chain Empire Co., and at Indigo Books & Music Inc.
Tim McMillan, a companion with Garrison Technique and former CEO of the Canadian Affiliation of Petroleum Producers (CAPP), mentioned oil and fuel firms have invested closely — in know-how, money and time — to maintain their programs protected from cyberattacks.
“We’ve seen this throughout our economic system,” mentioned McMillan.
“A few of this barrage of assaults are going to search out niches of vulnerabilities. And it’s how we put together ourselves sooner or later, and the way we react, that may govern how damaging it’s.”
Chris Varcoe is a Calgary Herald columnist.
Feedback
Postmedia is dedicated to sustaining a full of life however civil discussion board for dialogue and encourage all readers to share their views on our articles. Feedback might take as much as an hour for moderation earlier than showing on the positioning. We ask you to maintain your feedback related and respectful. We now have enabled e mail notifications—you’ll now obtain an e mail in the event you obtain a reply to your remark, there may be an replace to a remark thread you comply with or if a person you comply with feedback. Go to our Group Tips for extra info and particulars on find out how to alter your e mail settings.
Be a part of the Dialog