Canadian intelligence agency calls for ramped-up cyber defences after Russia invades Ukraine

Canada's cyber spy agency is warning power companies,banks and other critical elements of Canada's infrastructure and economyto shore up their defences against Russia-based cyber threat activity as the Western world responds to Moscow's invasion of Ukraine.

In a statement Thursday, the Communications Security Establishment said that "in light of Russia's ongoing, unjustified military offensive in Ukraine," it "strongly encourages all Canadian organizations to take immediate action and bolster their online cyber defences."

Dan Rogers, the associate chief atCSE, said the agency iswatching for cyber threat activity directed at critical infrastructure networks, including those in thefinancial and energy sectors.

"I don't know that I wouldsay that we're expecting an increase but I would say, regardless of the context, we have seen and called out Russian cyber activity in the past as being reckless," Rogerstold a media briefing Thursday afternoon.

"When wehave a situation like we have now with Russia engaged in a conflict, we want to make sure that Canadian institutions have every mechanism possible to help defend themselves."

His agency said it hasbeen sharing cyber threat intelligence with key partners in Ukraine and is working withthe Canadian Armed Forces through intelligence sharing, cyber securityand cyber operations.

CSEhas both active powers allowingit to disrupt foreign online threats to Canada's systems and defensive powers allowing it to take action online to protectCanadian systems.

"I can'tspeak to the specifics of operations or planning," said Rogers. "I can say thatCSE is ready. We do have cyber capabilities."

The agency said that while it's not aware of anyspecific threats to Canadian organizations related to events in and around Ukraine, it pointed toa historical pattern of cyber attacks on Ukraine and other countries.

In 2017, for example,CSEblamed Russian operatives for the NotPetya malware which was primarily meant to target Ukraine but also attacked financial, energy, governmentand infrastructure sectors around the world.

Thursday's warning is the third from the agency this year. It issued a threat bulletinin January and another earlier this month directed at critical infrastructure operators.

Earlier in the day, Prime Minister Justin Trudeau announced a new suite of sanctions on Russian entities afterPresident Vladimir Putinlaunched a series of unprovoked attacks on Ukraine.

Christian Leuprecht, a security expertat the Royal Military College and Queen's University, said Russian operatives will continue to try to find weak points.

The CSE statement is "clearly a signal that you need to make sure your people are working this weekend. You can't just automate this," he said.

"Russians have sort of this habit of going after critical infrastructure at times when nobody's looking. So you know ...on a Friday night."

'Mission critical' systems

Ken Barker, a professor of computer science at the University of Calgary, said the threat posed by Russia ought to compel Canadian authorities to take cyber defences more seriously.

"If we feel compelled to do it now, we should have felt compelled to do it two weeks ago," he said.

"Because ultimately, these systems are vulnerable and they're mission critical to the country, so we really do need to make sure that we make investments in securing and protecting them as we go forward."

Barker said one of those points of vulnerabilityis the linkage between operational and information technology systems.

"It's endemic throughout all of our critical infrastructures, whether that's energy, hydro, about anything that basically lights up the house or warms it," he said.

"If nobody can get access to that physically, it's safe in and of itself. The problem is what then happens is information technology is now linked to it to make it run more efficiently ... So now you have what's called the IT/OT vulnerability."

CSE said operators should be prepared to isolate critical infrastructure components and services from the internet and internal networks if those components "could be considered attractive for a hostile threat to disrupt."

It's calling on vulnerable organizations to be more vigilant bymonitoring networks to quickly spot any unexpected or unusual network behaviour, and to have continuity plans for disruptions.

CSE is urging organizations to report any incidents.

It said it will keep Canadian organizations up to date on the threatthrough public alerts and protected channels.

Disinformation campaigns expected

While much of Thursday's warning concerns IT teams,Leuprecht said Canadians also need to be wary of falling for fake reports online.

"The average Canadian should be concerned about disinformation, misinformation and information laundering, all of which the Russians are actively propagating," hesaid.

A spokesperson for Canada's domestic spy agency, the Canadian Security Intelligence Service, wouldn't comment on operational matters but said the agency isworking with its allies, including theFive Eyes partnership an intelligence sharing partnershipwith the U.S., U.K., Australia and New Zealand to investigate any foreign interference threats, such as state-sponsored disinformation campaigns.

"Foreign interference has always been present in Canada, but its scale, speed, range, and impact have grown as a result of globalization and technology," said CSIS spokesperson Keira Lawson in an email to CBC News Thursday night.

"We are increasingly seeing social media being leveraged to spread disinformation or run influence campaigns designed to confuse or divide public opinion, interfere in healthy public debate and political discourse, and ultimately create social tensions."

Leuprecht also said the average person also needs to be on guard againstmalware andphishing attempts.

"Many people continue to work from home, so that makes them inadvertent conduits for bad actors to try to infiltrate, corporations," he said. "So every Canadian in a way has a role to play here."