SCADA cyber security: Canada not doing enough, says expert

Scada cyber security
SCADA cyber security: Toronto Hydro’s chief information and risk officer is calling on OT vendors to “raise their games” and make security a priority in their products

In North America, a Canadian security expert has warned that the country’s utilities are not doing enough to secure their supervisory control and data acquisition (SCADA) systems.

Former assistant director of intelligence at the Canadian Security Intelligence Service Ray Boisvert said SCADA technology – which is essential to smart grid decision making – in both Canada and the US are vulnerable to cyber attack, reports IT World Canada.

Mr Boisvert, currently president of consultancy I-Sec Integrated Strategies, said: “Canada is no more ready that the US on these devices.”

“There needs to be considerable investment in hardening and protecting these industrial control systems.”

Boisvert rated Canada’s efforts as B, although he admitted no country yet has an A.

Need for OT security

Speaking at a trade event this week, he said some hydro systems owned by cities or townships “are really, really vulnerable. They have no funds, and very little awareness of cyber security.”

Robert Wong, executive vice-president and chief information and risk officer at Toronto Hydro, the largest municipal electricity distribution company, told IT World Canada that he agreed with this assessment of the utility industry’s preparedness against cyberattacks.

Mr Wong said: “We’re not very mature… the whole industry is somewhat behind.”

On security for traditional IT systems, Wong said: “We’re middle of the road.

“Where we really are behind is in the operational technologies such as power line relays, monitors and sensors that until recently were electromechanical. Now they’re becoming IP-enabled but their security isn’t good enough.

He added: “As a result “we’re playing catch up in terms of cyber security for the critical infrastructure in the grid.

“We need to get our OT vendors to raise their games and make security a priority in their products.”

Government cyber security efforts

Security expert Boisvert said the Federal Government needs a ‘cyber czar’ with a deputy minister authority to become the “spokesperson in chief to drive the agenda among the agencies, because in my estimation there isn’t great co-ordination between agencies in Ottawa, even for those with the money.”

Boisvert observed that while improving SCADA cyber security is the priority of the technology committee of industry group the Canadian Electricity Association, Canada isn’t big enough to influence equipment manufacturers.

Canada’s Federal Government has developed a national cyber security strategy for critical infrastructure and encourage provinces and 10 sectors to form groups for sharing information.

Global SCADA cyber security

In April 2015, IT giant Dell’s annual Threat Report indicated that cyber attacks on SCADA systems have increased by 100% in 2014.

In 2014, Dell saw 202,322 SCADA attacks in Finland, 69,656 in the UK, and 51,258 in the US.