Canada's oil and gas sector is at growing risk of Russian-aligned cyberattacks, warns a recent report from the Canadian Centre for Cyber Security (the Cyber Centre).

In June, the Cyber Centre published a report cautioning that the country's oil and gas sector is "very likely a strategic target for state-sponsored cyber activity" as geopolitical tensions rise in the wake of the Russian invasion of Ukraine. Potential targets include large-diameter pipelines, transfer terminals and major refining facilities, according to the report.

Efforts are likely underway to gain access to network-connected operational technology that monitors and controls the energy sector's largest industrial assets, the Cyber Centre said. While it remains "very unlikely" state-sponsored Russian actors would attempt to destroy oil and gas infrastructure outside of an armed conflict with Canada, other Russian-aligned actors may be more inclined to carry out debilitating attacks.

Past attacks had devastating effects

A 2021 Russian ransomware attack on the Colonial Pipeline in the United States forced one of the country's largest gasoline, diesel and jet fuel pipelines to temporarily shut down, the report noted. The closure resulted in rerouted flights, short-term price spikes and panic buying – and could have led to food shortages if it had lasted much longer.

The Cyber Centre pointed to several other ransomware attacks on oil and gas infrastructure, including:

  • Iranian state-sponsored attacks targeting Saudi Arabian and Bahraini oil and gas infrastructure in 2019 and 2020, resulting in widespread business disruption
  • A 2018 Iranian attack that destroyed 10% of an Italian oil and gas company's network
  • A 2017 Russian attack on a Middle Eastern oil and gas facility that caused an automatic shutdown of the industrial process

Canada targeted over support for Ukraine

Russian-aligned cyber activity has "very likely increased substantially" over the past year, the Cyber Centre warned, with perpetrators typically gaining access to networks to deploy ransomware and encrypt data, or carrying out DDoS attacks on websites. (The U.S. Cybersecurity & Infrastructure Security Agency has published guidance on detecting and responding to DoS and DDoS attacks.)

The Cyber Centre report emphasized that Russian-aligned actors are typically less sophisticated than Russian state-sponsored actors, but may be more likely to carry out a destructive attack given their greater tolerance for risk, their increasing numbers and the abundance of vulnerable targets.

The Cyber Centre said it's aware of ongoing efforts made by Russian-aligned actors to gain access to Canadian oil and gas networks and other critical infrastructure in order to disrupt services with the ultimate goal of weakening Canada's support for Ukraine.

Preparing for an attack

As we've discussed in previous blogs, pro-Russian hackers are already ramping up attacks against Canada and federal officials here and in the U.S. are warning about potentially devastating attacks on critical infrastructure in the energy, health care and defence sectors, among others.

If your organization provides critical infrastructure to Canadians, having an incident response plan and knowing how to isolate critical components from your network in the event of a cyberattack are essential. The Cyber Centre has published numerous resources on securing industrial control systems, protecting internet-connected networks and patching security vulnerabilities.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.