Why Do Hackers Love to Attack Canada’s Energy Departments?

New statistics reveal the Canadian government's natural resources, energy, and environment agencies were hacked hard in 2016

2 min read
A security camera is seen outside the Communications Security Establishment (CSE) headquarters in Ottawa January 28, 2015.
A security camera is seen outside the Communications Security Establishment (CSE) headquarters in Ottawa January 28, 2015.
Photo: Reuters/Alamy

New data reveal that hackers compromised systems in Canadian government agencies dealing with natural resources, energy, and environment 2,078 times this year.

Last month, Canada’s Communications Security Establishment (CSE) reported that it had detected 4,571 instances when government systems were compromised by hackers since 1 January. By a large margin, the majority were in natural resources, energy, and environmental agencies. It found less in other areas of government—the next most-targeted sector was industry and business development (with 954) and then government administration (with 387). The statistics are the first of their kind, Globe and Mail reports.

Out of the 4,571 system compromises, the CSE only found three cases where data was “ex-filtrated”—once in the natural resources, energy, and environment sector. It reports that stolen information was unclassified.

“These statistics are a clear indication of the very real threat that exists,” says Canadian parliament member Matt Jeneroux, who requested the data from the CSE.

In the report, the CSE broke down the statistics into 11 sectors, instead of individual departments, because disclosing departments “could provide hostile actors with an understanding of the vulnerabilities of the Government of Canada” and how well the government can detect cyberattacks. Agencies within the affected sector had little to say about the report. Canada’s National Energy Board and Atomic Energy of Canada Limited did not respond to requests for comment. Environment and Climate Change Canada as well as Natural Resources Canada referred IEEE Spectrum to the CSE.

The agencies list some of their responsibilities on their public websites. Canada’s National Energy Board, for example, is involved in energy regulation and evaluation during pipeline or power line projects. Natural Resources Canada, meanwhile, offers policy or helps conduct research in fields from explosives to energy sources and distribution.

The news comes while around the world, electricity grid cybersecurity has become a growing concern. In December 2015, hackers cut off power to over 200,000 people in Ukraine—the first confirmed cyberattack to take out an electricity system. 

The Canadian numbers appear quite high when compared to those available in the United states. A Freedom of Information Act request by USA Today revealed that the U.S. Department of Energy detected 159 successful intrusions between 2010 and 2014. At the time, officials didn’t say whether any data was accessed that related to the operation and security of the U.S. power grid, USA Today reports.

A spokesman for the CSE writes in an email that the CSE will not provide details about “specific cyber threat actors or cyber security incidents,” in order to protect the efficiency of classified cyber-defense methods that secure the government’s networks. However, he writes that the CSE blocks over 100 million attempts to find vulnerabilities or compromise government networks every day. These hacks can come from “hacktivists” acting for political reasons, criminals, terrorists, and nation states.

Jeneroux will consider whether to request further information from the CSE. “It is important that the Government of Canada continue to identify these threats and determine ways to secure our information and protect our national security,” he writes.

The Conversation (0)
This photograph shows a car with the words “We Drive Solar” on the door, connected to a charging station. A windmill can be seen in the background.

The Dutch city of Utrecht is embracing vehicle-to-grid technology, an example of which is shown here—an EV connected to a bidirectional charger. The historic Rijn en Zon windmill provides a fitting background for this scene.

We Drive Solar

Hundreds of charging stations for electric vehicles dot Utrecht’s urban landscape in the Netherlands like little electric mushrooms. Unlike those you may have grown accustomed to seeing, many of these stations don’t just charge electric cars—they can also send power from vehicle batteries to the local utility grid for use by homes and businesses.

Debates over the feasibility and value of such vehicle-to-grid technology go back decades. Those arguments are not yet settled. But big automakers like Volkswagen, Nissan, and Hyundai have moved to produce the kinds of cars that can use such bidirectional chargers—alongside similar vehicle-to-home technology, whereby your car can power your house, say, during a blackout, as promoted by Ford with its new F-150 Lightning. Given the rapid uptake of electric vehicles, many people are thinking hard about how to make the best use of all that rolling battery power.

Keep Reading ↓Show less