Real talk: How Canada is fighting pipeline cybercrime

On May 6, 2021, a cyberattack shut down one of the most critical pipelines in the United States. Chaos ensued, with panicked consumers lining up at gas stations, hoarding gasoline and diesel. The Colonial Pipeline ransomware attack drew public attention to an issue that has long been on Canada’s radar.

Canada’s pipeline companies work closely with several partners to protect their critical infrastructure from cybercrime. Those partners include law enforcement agencies such as the RCMP, Canadian Security Intelligence Service (CSIS), U.S. Federal Bureau of Investigation (FBI) and Homeland Security. The industry also works closely with federal government agencies and departments, including Natural Resources Canada (NRCan).

Protecting Canada’s energy infrastructure

 

Within NRCan is a team of experts working to protect Canada’s energy infrastructure from cyberattacks. The team is led by Chris Piercey, Director of Cyber and Energy Security Policy and Outreach.

“Keeping these systems running can be a matter of life and death,” said Piercey. “When you take that view point it helps us focus on where we really need to put our efforts. Pipelines and the energy sector are top priorities.”

Piercey’s team helps bridge gaps and build connections between Canada’s technical cybercrime experts and the energy industry. The goal is to arm the energy sector, including pipeline companies, with the information and tools they need to identify cyber threats, protect their assets, and react to potential attacks.

Cybersecurity network

 

NRCan works directly with Canada’s pipeline industry through its Energy and Utility Sector Network, which includes electrical utilities, nuclear, natural gas, pipelines and other stakeholders in the energy sector. Through this network and other working groups, NRCan and its partners address key security issues the energy industry is facing.

“Even before the Colonial Pipeline incident, we had ransomware presentations for our stakeholders,” said Piercey. “We are focusing on a whole-of-Canada approach to give industry and companies the tools they need to protect themselves.”

Presentations, workshops, emergency response exercises, working groups and regular meetings are some tools NRCan provides to industry. It also works closely with provincial governments and regulators.

Beyond pipeline cybercrime

 

While the Colonial Pipeline attack led to scrutiny of pipeline security, Piercey says cybercrime represents a threat to all sectors.

“Pipelines could be a choice target for any attacker, however, we do recognize that other sectors are just as vulnerable,” said Piercey. “Transport, airports, transportation systems, our financial system, hospitals, governments, telecommunications – all these are vital for the health and welfare of Canadians.”

He points out the impact of an attack on some of those sectors would go far beyond gas shortages and panic buying. An electrical grid shutdown during a heat wave, a gas outage during a cold winter snap or prolonged disruption of phone service could pose serious health and security risks.

Keeping Canada’s pipelines safe

 

Fortunately, Canada’s army of experts is working diligently to prevent cyberattacks from happening here. But Piercey warns the diligence must continue to stay ahead of the criminals.

“You don’t skate where the puck is, you skate where the puck is going. As technologies become more sophisticated, as computing power becomes more and more advanced, we’re preparing ourselves for any and all hazards that might be thrown at us.”

Special thanks to Chris Piercey, Director of Cyber and Energy Security Policy and Outreach with Natural Resources Canada for his contribution to this article.