Back to news

September 9, 2019 | Local, C4ISR

Norad asked Canada to 'identify and mitigate' cyber threats to critical civilian sites

by Murray Brewster

The U.S.-led North American Aerospace Defence Command (Norad) asked the Canadian military to do an inventory of its bases and the surrounding civilian infrastructure, looking for critical systems vulnerable to a cyberattack.

The letter to Canada's chief of the defence staff, written by then-Norad commander U.S. Admiral William Gourtney just over three years ago, was obtained by CBC News under access to information legislation.

Despite the passage of time, two leading cyber experts said the request highlights an enduring concern of both defence planners and people in high-tech industries.

The notion that a cyberattack could shut down civilian infrastructure — such as power grids, water treatment plants or traffic systems — in the vicinity of a military base is nothing new.

What is unusual is that Norad sought reassurance, at the highest levels of the military, that Canada was on top of the evolving threat.

The Norad commander asked Gen. Jonathan Vance to "identify and mitigate" Infrastructure Control Systems (ICS) vulnerabilities on Canadian military bases, particularly at "installations that are critical for accomplishing Norad missions."

The March 24, 2016 letter also urged Canada's top military commander to "advocate developing capabilities to respond to cyber incidents on CAF [infrastructure control systems] and defend CAF [infrastructure control systems] if required."

Gourtney's concern was not limited to defence installations; he asked Vance to "work with Public Safety Canada to identify civilian infrastructure that is critical to CAF and Norad missions. This includes developing processes for reporting cyber incidents on the identified civilian infrastructure."

Vance responded to Gourtney (who has since retired and was replaced by U.S. Air Force Gen. Terrence O'Shaughnessy) three months later and directed the military to hunt for vulnerabilities.

"I share Norad's concerns for the cybersecurity" of critical defence infrastructure, Vance wrote on June 10, 2016, in a letter obtained by CBC News under access to information legislation.

He noted that the Canadian government has identified "adversaries" that pose "a significant threat and efforts have been made to identify and develop protective strategies for Canadian critical infrastructure."

The Liberal government — through its defence strategy and overhaul of security legislation — tackled some of the concerns raised by Norad.

It gave the Communications Security Establishment (CSE) and the military new powers to conduct offensive cyber operations. Perhaps more importantly, it set up the Canadian Centre for Cyber Security for civilian infrastructure, which — according to CSE — aims to "be a place where private and public sectors work side-by-side to solve Canada's most complex cyber issues."

David Masson, a cyber expert, said minimizing the vulnerability of civilian, privately operated infrastructure continues to be an extraordinarily complex task.

The major vulnerability is in what's known as operational technology systems, the kind of computer-driven tasks in utilities and other infrastructure that open and close valves or perform remote functions.

The task of securing them is made extraordinary difficult in part by the wide variety of operating systems out there.

"There's lots of them," said Masson, the director of technology at Darktrace, a leading cybersecurity company. "Look at it as 50, 60, 70 different bespoke communications systems. There's no real standardization because they're so old. Many of them were never expected to be connected to the internet."

He pointed to the 2015 and 2016 cyberattacks on Ukraine's power grid, which in one instance cut electricity to 225,000 people, as examples of what's possible when hackers go after operational technology systems.

It is also the kind of event that Norad is concerned about.

"The kinds of equipment and machinery that supports the transport of natural gas or the provision of air conditioned services, or our water supply — all of those are critical to Canadians and our militaries," Lt.-Gen.Christopher Coates, the Canadian deputy commander, said in a recent interview with CBC News.

He said Norad is focused on the capabilities that are essential to doing its job of defending North America against attack, and they try to "minimize those vulnerabilities where we can."

There is, Coates said, an interesting discussion taking place at many levels of the military about what constitutes critical infrastructure.

"You asked if we're satisfied. I get paid to be concerned about the defences and security of our nations. I don't think I should ever be satisfied," he added.

'Inauthentic activity' in Alberta election a possible preview of tactics in the federal campaign, report warns
Privacy commissioner launches investigation into licence plate breach
With ransomware on the rise, RCMP urging victims to 'be patient with police'
Christian Leuprecht, a defence expert at Queen's University in Kingston, Ont., said defining critical infrastructure is a complex and evolving task.

He pointed to Russian interference in the 2016 U.S. presidential election; prior to that event, he said, the definition of critical infrastructure was limited to power plants, electricity grids and even the financial system.

"A lot of things people are wrestling with the question of what institutions — take, for example, democratic institutions — become critical infrastructure," said Leuprecht.

The Ukrainian attacks, in the view of many defence experts, are a blueprint of what the opening shots of a future war would look like.

"There's a considerable and growing awareness that our defence and critical infrastructure systems are closely tied together because countries, such as China, preserve cyberattack as a first-strike option," Leuprecht said.

Masson said there are ways to limit the vulnerability of operational technology systems. Not connecting them to the internet would be a start, but many companies are choosing not to do that for efficiency reasons.

He said they also can be protected with "robust" security systems.

https://www.cbc.ca/news/politics/norad-cyber-civilian-1.5273917

On the same subject

  • Steel costs for sixth patrol vessel could be steeper

    November 12, 2018 | Local, Naval

    Steel costs for sixth patrol vessel could be steeper

    Andrea Gunn (agunn@herald.ca) Ongoing steel and aluminum tariffs between the United States and Canada will not drive up costs for the first five Arctic and Offshore Patrol Ships, but could contribute to the final price tag for the sixth, the Department of National Defence says. There have been tariffs in place on imports of Canadian steel and aluminum to the U.S. of 25 per cent and 10 per cent respectively since the end of May. In response, Canada implemented its own dollar-for-dollar duties on steel and aluminum being imported from the U.S. Both the American tariffs and Canadian countermeasures remain in place, even with a new tentative agreement to replace NAFTA. On Tuesday, Prime Minister Justin Trudeau confirmed the signing of the new trilateral trade deal was not contingent on the lifting of those tariffs. In an emailed statement, Department of National Defence spokesperson Ashley Lemire said these tariffs will not have an impact on the cost of the first five Arctic and Offshore Patrol Ships (AOPS) being built by Irving Shipbuilding as part of the National Shipbuilding Strategy. Lemire said most, if not all, of the steel has already been purchased for these vessels and none of it comes from the U.S. “As part of its contract with the Government of Canada, Irving Shipbuilding Inc. is responsible for the procurement of steel used for the construction of the Arctic and Offshore Patrol Ships,” Lemire said in an email. “Irving procured the majority of steel from a foreign supplier who sourced it from Europe and, to a lesser extent, from China. A small amount of steel was procured in Canada.” Lemire said for the sixth AOPS, which the government confirmed plans to build last week, the department has planned and budgeted for the risk of increased steel and aluminum prices. Earlier this week a DND spokesperson said buying a sixth AOPS will increase the cost of the $2.3 billion project by about $810 million. Of that, $250 million is set aside for “adjustments” — things like labour rates, inflation, and exchange rates. Lemire said any additional steel costs will come from that $250 million fund. David Perry, senior analyst with the Canadian Global Affairs Institute, said the materials needed to build a navy vessel are so specialized that it's not uncommon for governments to do advanced purchases “There's a limited supply; you can't just go and call it up at the last minute kind of thing,” he said. Perry said in the case of the AOPS, having a separate fund set aside for potential cost increases — rather than paying the company a higher contract price to assume all the liability for changes in commodity or labour prices — will likely save taxpayers money if costs do go up. Ian Lee, associate professor at Carleton University's Sprott School of Business told The Chronicle Herald the federal government is lucky to have avoided any major increases with the AOPS. But, Lee said, if the tariffs remain in place, they are likely to impact future builds either directly or indirectly. “It's not going to affect the (AOPS) program but it's still a burden on the economy it's going to be passed on through the cost of doing business,” he said. This is perhaps concerning given the most expensive build of the National Shipbuilding Strategy — the Canadian Surface Combatant — is on the horizon. But how much that project would be impacted if tariffs remain in place is anybody's guess, Lee said. “Historically governments have been very, very involved in the shipbuilding industry with subsidies, and offsets and that sort of thing, so it's hard to predict how it might affect future builds,” he said. “It's not a normal competitive market like the stock market or most commodities.” That said, Lee said there will likely be a big push on the federal government's part to get the tariffs sorted ahead of the upcoming election. “Generally speaking when you look at the trade agreements that have been signed in the last 10 or 20 years whether it was the original NAFTA, CETA or the TPP, one of the first things and most important things you do is reduce or eliminate tariffs,” he said, “I think it's going to make it more difficult for Mr. Trudeau and his government to defend this in the fall 2019 election, that's why I think they're going to be working assiduously to try and remove them.” https://www.thechronicleherald.ca/news/local/steel-costs-for-sixth-patrol-vessel-could-be-steeper-257534/

  • Total estimated cost of Canada's F-35 program is $74B: Parliamentary Budget Officer - Skies Mag

    November 2, 2023 | Local, Aerospace

    Total estimated cost of Canada's F-35 program is $74B: Parliamentary Budget Officer - Skies Mag

    Yves Giroux says the latest F-35 cost estimate, although its grown by some $4 billion in the last couple of years, is generally in line with expectations.

  • Bombardier et le remplacement des CP-140 Aurora -

    July 13, 2023 | Local, Aerospace

    Bombardier et le remplacement des CP-140 Aurora -

    Lorsque j’ai pris connaissance des intentions de Bombardier à l’automne dernier, je me suis dit qu’elle partait de loin ; non pas que je

All news