We’re on it: Protecting Canadian pipelines from cybercrime

Cybercrime is one of the greatest threats of our time. It is a constantly evolving issue that can affect every single consumer, government and industry—including the pipeline industry.

The threat recently became very real in the United States, where a disruptive cyberattack shut down one of the country’s largest pipeline operators and caused massive gasoline shortages. The pipeline system was closed for several days, preventing millions of barrels of gasoline, diesel and jet fuel from being delivered to the U.S. East Coast and causing chaos at the pumps.


Canada’s pipeline industry is prepared


While this incident is shining a renewed spotlight on cybercrime, the issue is not new to Canada’s transmission pipeline industry. Members of the Canadian Energy Pipeline Association (CEPA) have highly sophisticated systems and strategic partnerships in place to protect their critical energy infrastructure, and the tens of millions of people who rely on energy every day.

Under federal regulations, pipeline operators must have detailed security management programs that allow them to identify security risks, prevent issues and develop and implement plans quickly in case of an attack. The Canada Energy Regulator (CER) conducts regular inspections and audits to confirm companies have these programs in place.


Control room protection from cybercrime


One closely guarded aspect of pipeline operations is control rooms, which use highly sophisticated computer programs to monitor pipelines and control the flow of products. They are carefully protected to ensure no one can interfere with the flow of oil and gas, or a company’s ability to monitor the safe operation of the pipeline.

CEPA members have plans in place to ensure systems can continue to operate in the unlikely event of an outage. Even when the computer systems are unavailable, operators can keep products flowing. Backup control rooms and backup data rooms are set up at alternate locations to ensure quick recovery in the event of a successful cyber intrusion.

The details of these safeguards are carefully protected to ensure the information doesn’t end up in the wrong hands.


Working together to fight cybercrime


Knowledge is power, and information is key in the fight against cybercrime. Through CEPA, the industry shares and receives intelligence with the Canadian Centre for Cyber Security, RCMP, Canadian Security Intelligence Service (CSIS), Public Safety Canada, and Natural Resources Canada (NRCan). CEPA also has access to the relevant U.S. Department of Homeland Security information through association with NRCan, as well as the Federal Bureau of Investigation (FBI) to understand the cybersecurity threat landscape.

In 2016, CEPA formed a community of practice that specifically focuses on addressing emerging and existing hazards such as pipeline tampering and cyber security. Through this group, members closely monitor the evolving threat landscape and work together to continuously improve their systems and protocols that protect against cybercrime.

Across the industry, pipeline operators have tools that allow them to share information in real-time, ensuring rapid response to security incidents and threats.


An ongoing threat


According to the Canadian Centre for Cyber Security’s 2020 National Cyber Threat Assessment, “Almost certainly, over the next two years, Canadians and Canadian organizations will continue to face online fraud and attempts to steal personal, financial, and corporate information.”

The number and sophistication of cybercriminals is rising, and they are constantly finding new ways to breach security barriers. It’s a race to stay ahead of the criminals by banding together and finding new ways to protect Canada’s pipelines.

As we all rely more heavily on the internet and technology for our daily activities and operations, cybercrime will continue to be an ongoing issue. The recent cyberattack has shown the widespread impact and chaos that can be caused. Companies and governments in Canada and the United States will study the incident closely and will apply lessons learned to continuously improve the safety of our critical infrastructure and systems.

Canada’s pipeline industry will not let its guard down. CEPA members will continue to ensure the security, reliability and resilience of their pipelines and operations, including protecting against cyberattacks.