Varcoe: ‘The threat is real’ for oil and gas sector, says head of Canada’s Cyber Centre

In the middle of last week, leaders with the Communication Security Establishment’s Canadian Centre for Cyber Security met with oil and gas executives to talk about a new report examining threats facing the sector.

The report said the importance of the country’s oil and gas sector, along with the ongoing digital transformation of the industry, “makes it a target for cyber actors intent on maximum disruption.”

The meeting happened just days before a cyberattack at Suncor Energy surfaced.

“We wanted to have a conversation with the C-Suite or the executives of the oil and gas sector in Canada to continue to sensitize them to the threat — that the threat is real. And we wanted to make sure that they take it seriously,” Sami Khoury, head of the Cyber Centre, said in an interview.

“They need to be aware that ransomware is alive and well, in terms of a threat vector, that those threat actors are indiscriminate and without scruples, so they would go wherever they can make money.

“We want also to sensitize them that state-sponsored activity . . . go after companies sometimes to steal commercial information, business intelligence, research. And if you bring those two together, critical infrastructure is a segment of society that we are concerned about.”

The meeting, described as a threat information briefing, was held at a number of secure facilities across the country — including in Calgary — on the same day the report was released, and it included senior officials with CSE, Public Safety Canada, the RCMP and Natural Resources Canada, according to Cyber Centre officials.

On Sunday, Suncor Energy confirmed it was grappling with a cybersecurity incident and had notified appropriate authorities.

The Calgary-based company is one of the country’s largest petroleum producers and operates a downstream refining and marketing division, including its Petro-Canada retail chain.

Suncor Energy Centre building
Pictured is Suncor Energy Centre building in downtown Calgary on Oct. 2, 2020. Photo by Azin Ghaffari /Postmedia

Some Petro-Canada customers reported being unable to pay electronically at the pumps on the weekend. Suncor said it’s not aware of any evidence that customers, suppliers or employee data has been compromised.

“We are continuing to experience the cybersecurity incident,” Suncor spokesman Leithan Slade said Wednesday.

The company declined to comment further on the matter.

Cybersecurity expert David Masson said the Suncor cyberattack is the largest that he’s aware of involving a Canadian oil and gas firm, although there have been major cases globally in recent years.

If an attack lasts more than a day, is widespread across an organization and is disclosed to authorities, there’s “a good chance it’s going to be ransomware,” he said.

“Literally, two to three days after the report comes out, bingo,” said Masson, director of enterprise security at cyberdefence firm Darktrace.

“This is probably going to turn out to be a ransomware attack but, I hasten to add, I’m underlining that, simply by the fact that our own government is saying that’s the biggest threat facing the oil and gas sector.”

The issue of cybersecurity and the oilpatch isn’t a new one, although it has evolved over time.

In 2016, a report by Alberta’s auditor general highlighted the concern, pointing out that no government entity had assessed the risks or impact to the province’s regulated oil and gas infrastructure from such cyberattacks — an issue later addressed by the energy department and the Alberta Energy Regulator.

The auditor’s report pointed to an incident in September 2012 when a Calgary-based company, which supplied remote monitoring and services to the energy sector, faced a “sophisticated cyberattack” on its computer systems.

Last week’s Cyber Centre report noted the sector faces several threats, including from state-sponsored actors trying to compromise the networks of Canadian and U.S. critical infrastructure, including the oil and gas sector, which puts intellectual property and business plans in jeopardy.

Another risk stems from opportunistic, financially motivated cybercriminals who “will not hesitate to exacerbate a crisis for profit,” it states.

The report pointed to the January 2022 incidents affecting subsidiaries of the German oil transportation firm Marquard & Bahls, as well as an unrelated ransomware incident last year at the Amsterdam-Rotterdam-Antwerp refining hub, which temporarily disrupted the delivery of oil products in parts of Europe.

In North America, the Colonial pipeline in the United States was temporarily shut down in March 2021 because of a ransomware incident.

“The Colonial incident was an incident that could happen in Canada, could happen anywhere,” Khoury said.

“It’s the nature of the world in which we live that our IT systems are interconnected. And if you bring them down, they have a considerable impact.”

Colonial Pipeline
A Colonial Pipeline storage site in Charlotte, North Carolina on May 12, 2021. Photo by LOGAN CYRUS /AFP via Getty Images

He noted there have been increased cyber incidents by Russia directed at Ukraine, and the centre is concerned those activities might “spill over into Canada,” while adding ransomware attacks are becoming more sophisticated and remain a persistent threat to businesses.

Khoury said he’s aware of Suncor’s situation and the centre has communicated with the company, but couldn’t provide any other details.

For the oilpatch, the new report and situation with Suncor illustrate the potential hazards on the digital landscape.

“The reality is that cybersecurity is increasing in the industry as a threat. It is a legitimate problem for our industry,” said Tristan Goodman, CEO of the Explorers and Producers Association of Canada.

“In the last two to three years, there’s been a dramatic escalation in the number of attacks. There’ve also been companies that are now treating this much more seriously.”

Recommended from Editorial

  1. By 2035, Ottawa would like renewable energy to make up two-thirds of power generation in Alberta.

    Varcoe: A lot more wind and sun in Alberta’s forecast for a net-zero power future

  2. Pumpjacks are seen south of Weyburn, Saskatchewan on Sept. 7, 2021.

    Varcoe: Oil and gas production tumbles in a net-zero future, Canada Energy Regulator report shows

  3. A pumpjack works in the foreground with a drilling rig in the back.

    Varcoe: Global oil demand expected to cool, but Canadian crude production to keep rising

The report noted that about one in four Canadian oil and gas firms reported a cyber incident in 2019, the highest rate of any within the critical infrastructure sector.

High-profile cyberattacks targeting businesses have also been reported in the past year at companies such as grocery chain Empire Co., and at Indigo Books & Music Inc.

Tim McMillan, a partner with Garrison Strategy and former CEO of the Canadian Association of Petroleum Producers (CAPP), said oil and gas companies have invested heavily — in technology, time and money — to keep their systems safe from cyberattacks.

“We’ve seen this across our economy,” said McMillan.

“Some of this barrage of attacks are going to find niches of vulnerabilities. And it’s how we prepare ourselves in the future, and how we react, that will govern how damaging it is.”

Chris Varcoe is a Calgary Herald columnist.

You can read more of the news on source

Related posts