Canadian Security Intelligence Service
www.csis.gc.ca
Critical infrastructures in Canada and around the world have for some time been the target of cyber-related attacks for criminal, political or other motives. CSIS broadly defines a cyber-related attack as the use of information systems or computer technology either as a weapon or a target. Hostile actors could include [both state and non-state actors, such as] individuals acting on their own, hacktivists, intelligence agencies and terrorists. Regardless of their motivations, hostile actors have potential access to a growing range (various tools and techniques) that could be used to engage in malicious activity directed against the computer-related components of the critical infrastructure.
Canada's critical infrastructure consists of physical and information technology facilities, networks and assets (e.g., energy distribution networks, communications grids, health services, essential utilities, transportation and government services), which, if disrupted or destroyed, could seriously affect the health, safety, security and economic well-being of Canadians; the effective functioning of industry and of government in Canada would also be significantly affected. For instance, the August 14, 2003 blackout that affected 50 million people across eastern North America is illustrative of the the potential impact a major cyber event could have. Although the initial incident was a localized system failure, which only affected the electrical sector, the widespread cascading effects that resulted, affected other critical infrastructure sectors (and aspects of everyday life and activity), such as transportation, telecommunications and banking.
Malicious cyber-related acts may take the form of distributed denial-of-service (DDos) attacks. DDos attacks are usually directed against electronic mail and Web servers, rendering a network computer unusable by flooding it with network traffic. The flood of incoming messages to the target systems forces them to shut down, thereby denying access to legitimate users. Repetitive and successful cyber-related activities have the potential to garner high-profile media coverage, "reminding" the public of a critical infrastructure sector's vulnerability and highlighting the hostile actors' actions.
Recent media reporting on cybersecurity issues continues to illustrate the impacts of cyber-related operations directed against public and private sector systems worldwide, noting the use of crafted e-mails, social networking services and other means and techniques to facilitate efforts of various hostile actors to acquire government, corporate or personal data. These tools and techniques are becoming more complex and difficult to detect.
Politically motivated cyber-related attacks are usually undertaken by a variety of groups associated with tensions that are either domestic (resulting from radical opposition to economic summits, political developments or environmental practices) or geopolitical (reflecting the political, economic or mililtary contest between parties in the region). Such tensions may incite extremists to conduct cyber-related operations against sectors of Western critical infrastructure. There is an increasing potential for politically motivated DDos or network exploitation activities. The latter likely would not be limited to criminal activity for personal gain (such as identity theft or clandestine monetary transactions), but could include efforts to create instability in the economy, for example, by wiping out bank balances, altering records and incapacitating networks on a large scale.
Media reports also suggest that foreign intelligence services use the Internet to conduct espionage operations, as this is a relatively simple, low-cost, and risk-free way to collect classified, proprietary or other sensitive information. Due to the seemingly borderless nature of cyber-space, hostile actors could stage an electronic operation from a foreign country and affect a Canadian target site in a very short period of time. Terrorist groups could also conduct cyber operations in order as a means of causing economic damage and serious disruptions to the targeted society.
On July 22, 2003, General John Gordon, Presidential Assistant and Advisor to the United States Homeland Security Council, declared that attacks over electronic networks might soon become as great a threat as weapons of mass destruction. Antiterrorist experts in the United States have added hacking and illicit use of the Internet to their list of weapons of mass destruction. Consequently, on May 21, 2010 U.S. Cyber Command was established, and several other countries have established similar units within their national militaries.
The advent of a new class of malware, such as Stuxnet, in 2010 has been described as a watershed in the realm of cybersecurity, indicating that some cyber operations once thought to be hypothetically possible but improbable can be successfully mounted against specific types of targets if significant assets and resources are used.
