Canadian intelligence agency calls for ramped-up cyber defences after Russia invades Ukraine

Canada's cyber spy agency is warning power companies, banks and other critical elements of Canada's infrastructure and economy to shore up their defences against Russia-based cyber threat activity as the Western world responds to Moscow's invasion of Ukraine.

CSE says it has been tracking cyber threat activity

Ukrainian tanks move into the city of Mariupol after Russian President Vladimir Putin authorized a military invasion of Ukraine on February 24, 2022. (Carlos Barria/Reuters)

Canada's cyber spy agency is warning power companies, banks and other critical elements of Canada's infrastructure and economy to shore up their defences against Russia-based cyber threat activity as the Western world responds to Moscow's invasion of Ukraine.

In a statement Thursday, the Communications Security Establishment said that "in light of Russia's ongoing, unjustified military offensive in Ukraine," it "strongly encourages all Canadian organizations to take immediate action and bolster their online cyber defences."

Dan Rogers, the associate chief at CSE, said the agency is watching for cyber threat activity directed at critical infrastructure networks, including those in the financial and energy sectors.

"I don't know that I would say that we're expecting an increase but I would say, regardless of the context, we have seen and called out Russian cyber activity in the past as being reckless," Rogers told a media briefing Thursday afternoon.

"When we have a situation like we have now with Russia engaged in a conflict, we want to make sure that Canadian institutions have every mechanism possible to help defend themselves."

His agency said it has been sharing cyber threat intelligence with key partners in Ukraine and is working with the Canadian Armed Forces through intelligence sharing, cyber security and cyber operations.

CSE has both active powers — allowing it to disrupt foreign online threats to Canada's systems — and defensive powers allowing it to take action online to protect Canadian systems.

"I can't speak to the specifics of operations or planning," said Rogers. "I can say that CSE is ready. We do have cyber capabilities."

The agency said that while it's not aware of any specific threats to Canadian organizations related to events in and around Ukraine, it pointed to a historical pattern of cyber attacks on Ukraine and other countries.

In 2017, for example, CSE blamed Russian operatives for the NotPetya malware — which was primarily meant to target Ukraine but also attacked financial, energy, government and infrastructure sectors around the world.

Thursday's warning is the third from the agency this year. It issued a threat bulletin in January and another earlier this month directed at critical infrastructure operators.

Earlier in the day, Prime Minister Justin Trudeau announced a new suite of sanctions on Russian entities after President Vladimir Putin launched a series of unprovoked attacks on Ukraine.

Christian Leuprecht, a security expert at the Royal Military College and Queen's University, said Russian operatives will continue to try to find weak points.

The CSE statement is "clearly a signal that you need to make sure your people are working this weekend. You can't just automate this," he said.

"Russians have sort of this habit of going after critical infrastructure at times when nobody's looking. So you know ... on a Friday night."

'Mission critical' systems

Ken Barker, a professor of computer science at the University of Calgary, said the threat posed by Russia ought to compel Canadian authorities to take cyber defences more seriously. 

"If we feel compelled to do it now, we should have felt compelled to do it two weeks ago," he said. 

"Because ultimately, these systems are vulnerable and they're mission critical to the country, so we really do need to make sure that we make investments in securing and protecting them as we go forward."

Barker said one of those points of vulnerability is the linkage between operational and information technology systems.

"It's endemic throughout all of our critical infrastructures, whether that's energy, hydro, about anything that basically lights up the house or warms it," he said.

"If nobody can get access to that physically, it's safe in and of itself. The problem is what then happens is information technology is now linked to it to make it run more efficiently ... So now you have what's called the IT/OT vulnerability."

CSE said operators should be prepared to isolate critical infrastructure components and services from the internet and internal networks if those components "could be considered attractive for a hostile threat to disrupt."

It's calling on vulnerable organizations to be more vigilant by monitoring networks to quickly spot any unexpected or unusual network behaviour, and to have continuity plans for disruptions.

CSE is urging organizations to report any incidents.

It said it will keep Canadian organizations up to date on the threat through public alerts and protected channels.

Disinformation campaigns expected

While much of Thursday's warning concerns IT teams, Leuprecht said Canadians also need to be wary of falling for fake reports online.

"The average Canadian should be concerned about disinformation, misinformation and information laundering, all of which the Russians are actively propagating," he said.

A spokesperson for Canada's domestic spy agency, the Canadian Security Intelligence Service, wouldn't comment on operational matters but said the agency is working with its allies, including the Five Eyes partnership — an intelligence sharing partnership with the U.S., U.K., Australia and New Zealand — to investigate any foreign interference threats, such as state-sponsored disinformation campaigns.

"Foreign interference has always been present in Canada, but its scale, speed, range, and impact have grown as a result of globalization and technology," said CSIS spokesperson Keira Lawson in an email to CBC News Thursday night.

"We are increasingly seeing social media being leveraged to spread disinformation or run influence campaigns designed to confuse or divide public opinion, interfere in healthy public debate and political discourse, and ultimately create social tensions."

Leuprecht also said the average person also needs to be on guard against malware and phishing attempts.

"Many people continue to work from home, so that makes them inadvertent conduits for bad actors to try to infiltrate, corporations," he said. "So every Canadian in a way has a role to play here."

Add some “good” to your morning and evening.

A variety of newsletters you'll love, delivered straight to you.

Sign up now