Urgent need for action in the area of ​​cybersecurity

Canada’s oil and gas sector is a cornerstone of the Canadian economy, contributing around $120 billion, or about 5 percent of the country’s gross domestic product (GDP). This sector not only drives economic growth, but also plays a critical role in national security, supporting essential services such as heating, transportation, and power generation. However, the increasing digital transformation of operational technology (OT) in this sector has made it more vulnerable to cyber threats, says a report by the Canadian Centre for Cyber ​​Security.

Key findings from the Canadian Centre for Cyber ​​Security report

According to a survey by Statistics Canada, approximately 25 percent of all Canadian oil and gas companies reported experiencing a cyber incident in 2019. This number represents the highest rate of reported incidents of any critical infrastructure sector and underscores the urgent need for improved cybersecurity measures in Canada. While the digital transformation of OT systems is beneficial for management and productivity, it has expanded the attack surface for cyber actors and exposed these systems to a variety of cyber threats.

The Canadian Centre for Cyber ​​Security has found that medium- to high-skilled cyber threat actors are increasingly targeting organizations indirectly through their supply chains. According to the report, this tactic allows attackers to obtain valuable intellectual property and information across the target organization’s networks and OT systems. Large industrial plant operators’ reliance on a diverse supply chain – including laboratories, manufacturers, vendors and service providers – creates critical vulnerabilities. Cyber ​​actors can exploit these vulnerabilities to gain access to otherwise protected IT and OT systems.

The report highlights that cybercriminals acting for financial gain pose the greatest threat to the oil and gas sector, with Business Email Compromise (BEC) attacks and ransomware attacks being particularly common, it says. While BEC is likely more widespread and more expensive than ransomware, the latter remains a major concern due to its potential to disrupt oil and gas supplies to customers.

The underground cybercriminal ecosystem is constantly evolving. Ransomware-as-a-service (RaaS) models allow even less experienced attackers to launch sophisticated attacks, the report says. This development has led to an increase in successful attacks on the sector.

The report cites the ransomware cyberattack on Colonial Pipeline in May 2021 and says the incident is a stark example of the potential consequences of such cyber incidents. The attack forced the closure of one of the largest gasoline, diesel and jet fuel pipelines in the US, causing significant fuel supply disruptions, panic buying and short-term price spikes. The report warns that similar incidents could occur in Canada, jeopardizing the supply of vital products and services.

Report: Financial consequences of data theft amount to millions

The report also highlights the financial impact of cyber threats. The cost of a data breach can vary significantly, with estimates suggesting it can be in the millions of dollars, depending on the size and type of organization. The potential for disruption or sabotage of OT systems poses a costly threat to owners and operators of large OT assets, with implications for national security, public safety and the economy.

In addition, the Canadian Centre for Cyber ​​Security found that the oil and gas sector attracts significant attention from financially motivated cyber threat actors due to the high value of its assets. Cybercriminals target not only operating systems, but also valuable intellectual property, business plans and customer information. The report highlights the importance of protecting these assets, as operational disruptions could have far-reaching consequences.

Given these threats, the report calls on organizations in the oil and gas sector to prioritize investments in cybersecurity and take a proactive approach to risk management. Ongoing employee training and awareness programs are essential to mitigate the risks associated with human error, which is often a key factor in successful cyberattacks.

The Canadian Centre for Cyber ​​Security emphasizes the need for collaboration between the public and private sectors to effectively combat cyber threats. By sharing information and best practices, organizations can better prepare for and respond to cyber incidents.

In summary, the Canadian Centre for Cyber ​​Security’s findings underscore the urgent need for improved cybersecurity measures in Canada’s oil and gas sector. With cyber threats on the rise, it is imperative for companies to take proactive steps to protect their operations and ensure the resilience of this critical infrastructure. Now is the time to act, as the stakes in the fight against cybercrime have never been higher.

Related