Canada’s digital cybersecurity agency is warning the country’s “critical infrastructure” providers to be increasingly wary of attacks from Russia-backed hackers as tensions between the two countries increase over the threat of war in Ukraine, reports the National Post. Experts say those attacks could come in a range of forms, from a “widespread ransomware attack” to a “single, carefully focused” attempt to significantly affect core infrastructure.
“Canada’s Cyber Centre … is aware of foreign cyber threat activities, including by Russian-backed actors, to target Canadian critical infrastructure network operators, their operational and information technology,” the agency, which is part of the Communications Security Establishment (CSE) said in a bulletin.
CSE’s brief statement comes on the heels of similar and much more detailed warnings from their U.S. and U.K. counterparts. Both warn their countries’ cybersecurity communities to be in a “heightened state of awareness” and begin proactively hunting for risks to their networks as threats from Russia loom increasingly large.
According to David Masson, director of Enterprise Security at cyber-AI defence company Darktrace, just the fact that Canada, the U.S., and the U.K. put out the warnings speaks to the direness of the Russian threat. “The depth of the information provided by the U.S., and the urgency used, underlines the seriousness of this situation. These government bulletins do not come without sufficient research and justification,” he said in an email.
In 2020, CSE noted that state-sponsored threat actors like Russia were “very likely” trying to develop tools that would allow them to disrupt our critical infrastructure “such as the supply of electricity.” It concluded that they were unlikely to seek to disrupt Canada’s critical infrastructure and cause “major damage or loss of life.” But there was a major caveat; “in the absence of international hostilities.”
“A cyber-attack on any of Canada’s critical support systems could cause crippling disruption to the population and the economy,” Masson warned. “For this reason, protecting critical infrastructure and the operational technology behind it is increasingly regarded as a matter of national security.”