The Canadian Centre for Cyber Security has raised an alarm over the increasing cybersecurity threats facing Canada’s oil and gas sector, a crucial component of the nation’s economy and infrastructure. Contributing approximately $120 billion to Canada’s Gross Domestic Product (GDP), this sector is integral to providing essential services such as heating, transportation, and electricity. However, as the sector rapidly adopts digital technologies in its operational technology (OT) systems, it has become increasingly susceptible to cyber attacks. The Centre’s latest report underscores the urgent need for enhanced cybersecurity measures to protect these vital assets.
The report reveals that around 25% of Canadian oil and gas organizations experienced cyber incidents in 2019, the highest rate among all critical infrastructure sectors. This heightened vulnerability is partly due to the sector’s extensive and diverse supply chains, which cybercriminals exploit to gain access to protected IT and OT systems. The Canadian Centre for Cyber Security notes that sophisticated attackers are increasingly targeting organizations indirectly through their suppliers, which creates critical vulnerabilities that can be exploited to access valuable intellectual property and operational data.
Financially motivated cybercriminals are identified as the primary threat to the sector, with Business Email Compromise (BEC) schemes and ransomware attacks being particularly prevalent. While BEC schemes are common and costly, ransomware remains a significant concern due to its potential to disrupt the supply of oil and gas, leading to severe economic and operational impacts. The report draws a parallel with the Colonial Pipeline ransomware attack in May 2021, highlighting how similar incidents could have catastrophic effects on Canada’s critical infrastructure, including disruptions in fuel supply and sharp price increases.
In response to these threats, the report emphasizes the need for immediate action. Organizations in the oil and gas sector are urged to invest in robust cybersecurity measures and adopt proactive risk management strategies. Continuous training and awareness programs for employees are critical to mitigating risks associated with human error. Furthermore, the report advocates for stronger collaboration between public and private sectors to effectively combat cyber threats. By prioritizing cybersecurity and improving defenses, Canada’s oil and gas sector can better protect itself against the evolving threat landscape and ensure the resilience of its essential operations.
Reference:
