The Canadian government is “really worried” about cyber attacks that have targeted critical infrastructure and has helped companies improve their defenses without disclosing hacks to the public, a senior intelligence official said on Monday.
The comment by Scott Jones, an assistant deputy minister at Canada’s Communications Security Establishment intelligence agency, follows a warning on Friday from the United States that sophisticated hackers are targeting U.S. infrastructure, including nuclear, energy, aviation, water and manufacturing industries.
“Targeted attacks on Canadian infrastructure is something we are really worried about,” Jones said in an interview at the Reuters Cyber Security Summit in Toronto.
“Do we think something’s going to happen tomorrow? No,” Jones said. “Is it technically possible? Yes, and that’s what we’re worried about.”
Jones said Canada had seen a level of hacking activity that was “comparable” to what had been reported in the United States.
Jones said the government rarely goes public when it uncovers hacking activity because that would let attackers know they had been caught. Instead, it quietly reaches out to targeted firms.
“We try to do it very quietly to help the company become more resilient,” he said. “We’d like to try to give the defenders as much advantage as we can.”
Ray Boisvert, a former senior official with the Canadian Security Intelligence Service spy agency, also told the Reuters Cyber Security Summit that defenses against such attacks need to be improved.
Boisvert, who this year began advising the Ontario provincial government on security issues, said that infrastructure firms are not doing enough to thwart cyber attacks.
“We’ve yet to suffer a massive critical infrastructure attack and we’ve yet to suffer a massive loss of capability,” he said, explaining why many firms have not invested in boosting cyber defenses.
He warned that some 60 nations currently have the ability to conduct offensive cyber warfare operations, including ones that could harm the grid and other infrastructure.
Five years ago, only about five nations had that capability, he added.
CSE’s Jones said the potential for cyber attacks to harm critical infrastructure has diminished over the past two years because private companies now take the threat much more seriously.