Critical Infrastructure at Risk of Russian Cyberattacks, Canadian Cyberspy Agency Warns

By Matthew Trueman
Matthew Trueman
Matthew Trueman
Matthew Trueman is a reporter based in Toronto.
January 21, 2022 Updated: January 23, 2022

The Canadian government is warning of Russian-backed cyberattacks on Canadian critical infrastructure, amid growing tensions between Western countries and Moscow over concerns of a Russian invasion of Ukraine.

The Canadian Centre for Cyber Security (Cyber Centre) said in a bulletin issued on Jan. 20 that it has become aware of Russian-backed cyber threat activities targeting Canadian critical infrastructure network operators, including their operational and information technology.

The Cyber Centre is encouraging the Canadian cybersecurity community, and especially critical infrastructure network defenders, “to bolster their awareness of and protection against Russian state-sponsored cyber threats.” It also said critical infrastructure network operators need to be prepared “to isolate critical infrastructure components.”

The warning came as Melanie Joly, Canada’s Foreign Affairs Minister, was concluding a European tour that included a stop in Ukraine. Russia has positioned about 100,000 troops across Ukraine’s borders along with tanks and other heavy artillery, stoking fears across Europe of an invasion. Joly said Moscow would face severe sanctions if it makes further moves against Ukraine. Russia has denied this intent.

Ukraine’s power grid was hit by a cyberattack on Dec. 23, 2015, resulting in power outages for over 200,000 Ukrainians for up to six hours. The attack was attributed to a Russian threat group known as “Sandworm Team,” which has been linked to Russia’s military intelligence service.

A similar alert as Canada’s about Russian state-sponsored cyber threats to American critical infrastructure was issued by the U.S. Cybersecurity and Infrastructure Security Agency on Jan. 11.

‘Greatest Strategic Threats’

In its bulletin, the Cyber Centre, a unit of the federal agency Communications Security Establishment, urges Canadian critical infrastructure network defenders to ensure that they have a “cyber incident response plan,” “continuity of operations plan,” and “communications plan” in place, and be prepared to use them when needed.

Critical infrastructure network defenders are also urged to inform the Cyber Centre of any suspicious or malicious cyber activity.

In a previous report issued in 2020, the Cyber Centre said that “foreign state-sponsored cyber programs are probing [Canadian] critical infrastructure for vulnerabilities.” In particular, “the state-sponsored programs of China, Russia, Iran, and North Korea pose the greatest strategic threats to Canada,” the report stated, adding that state-sponsored cyber activity typically represents the “most sophisticated threat to Canadians and Canadian organizations.”

The COVID-19 pandemic has demonstrated how reliant the Canadian economy has become on digital infrastructure, the report added.

With the sharp increase in the number of Canadians working from home, “the protection and security of cyber and telecommunications infrastructure, hardware and software, and the supply chains that support them, is critical to national security and economic prosperity,” the report said.

According to the agency’s website, the Canadian Centre for Cyber Security leads Canada’s response to cyber security events, seeks to protect and defend the country’s valuable cyber assets, and collaborates with both the private and public sectors to help solve the country’s most challenging cyber issues.

The Canadian Press contributed to this report. 

Matthew Trueman is a reporter based in Toronto.