Newspaper article The Canadian Press

Cyber Security in the Private Sector a 'Significant' Problem: Government Records

Newspaper article The Canadian Press

Cyber Security in the Private Sector a 'Significant' Problem: Government Records

Article excerpt

Firms vulnerable to cyber attacks: records

--

TORONTO - Gaps in the cyber security efforts of Canadian corporations could be leaving them open to sophisticated attacks by hackers, records show.

"The current situation is that there are an increasing number of new software vulnerabilities that can be exploited to gain access to companies' networks," reads a July 2012 memo obtained from Public Safety Canada under the Access to Information Act.

"The scale of the problem is significant. The cost of maintaining a highly secure network is high for each company, and they may not be willing to make that investment."

Most Canadian critical infrastructure assets -- including electricity distribution networks, banking systems, transportation systems and telecommunications networks -- are owned by the private sector or by provincial governments.

Their smooth operation is integral to the country's economic, political and social well-being, according to a report by the Auditor General of Canada published last fall.

But despite a commitment to protecting critical infrastructure from cyber attacks, the federal government has been slow to build partnerships with various stakeholders, the Auditor General's report states.

In one instance, records show a federal agency warned about hackers targeting critical infrastructure nearly six months before a security breach at Telvent Canada, an energy technology firm whose systems help run oil and gas pipelines.

The Canadian arm of Telvent, now called Schneider Electric, said it never received the alerts because it's a vendor that builds systems for energy companies -- and not an infrastructure company itself.

Documents obtained through Access to Information requests show the Canadian Cyber Incident Response Centre sent four alerts to technology experts in critical infrastructure and "related industries" in the months before the breach.

The alerts warned that hackers were sending malicious emails disguised as internal messages to staff in the energy sector, and outlined the steps organizations should take to protect themselves.

The first of the warnings was sent on March 30, 2012, with three more following in May. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.