Related News

First Look: Theories Brings the Heat with Summer ’25 Board Drop

First Look: Theories Brings the Heat with Summer ’25 Board Drop

June 13, 2025
TWS x MACBA Life Apparel Collab Available NOW!

TWS x MACBA Life Apparel Collab Available NOW!

April 8, 2025
Maple Leafs winger Matthew Knies to play Game 7 against Panthers

Maple Leafs winger Matthew Knies to play Game 7 against Panthers

May 18, 2025

Browse by Category

  • Canadian news feed
  • Golf news
  • Hockey news
  • Music & Piano
  • Running & fitness
  • Skateboarding

Related News

First Look: Theories Brings the Heat with Summer ’25 Board Drop

First Look: Theories Brings the Heat with Summer ’25 Board Drop

June 13, 2025
TWS x MACBA Life Apparel Collab Available NOW!

TWS x MACBA Life Apparel Collab Available NOW!

April 8, 2025
Maple Leafs winger Matthew Knies to play Game 7 against Panthers

Maple Leafs winger Matthew Knies to play Game 7 against Panthers

May 18, 2025

Browse by Category

  • Canadian news feed
  • Golf news
  • Hockey news
  • Music & Piano
  • Running & fitness
  • Skateboarding
CANADIANA NEWS - AI Curated content
  • Home
  • Canadian news feed
  • Skateboarding
  • Golf
  • Hockey
  • Running & fitness
  • Music & Piano
  • WeMaple
No Result
View All Result
CONTRIBUTE
CANADIANA NEWS - AI Curated content
  • Home
  • Canadian news feed
  • Skateboarding
  • Golf
  • Hockey
  • Running & fitness
  • Music & Piano
  • WeMaple
No Result
View All Result
CANADIANA NEWS - AI Curated content
No Result
View All Result
Home Canadian news feed

Canada’s cybersecurity head on the Nova Scotia Power breach

Sarah Taylor by Sarah Taylor
June 15, 2025
in Canadian news feed
0
Canada’s cybersecurity head on the Nova Scotia Power breach
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

The head of Canada’s cyber-defence agency is offering some insight just weeks after a ransomware attack against Nova Scotia Power.

You might also like

Who owns an EV in Canada? 3 provinces dominate EV registrations

Seeking allies in Trump trade war, Eastern Canada’s premiers look to U.S. governors

Measles is surging in Alberta. Which vaccine-preventable disease could be next?

The utility’s computer systems were breached by ransomware hackers on March 19, but Nova Scotia Power did not discover it until April 25. The company disclosed the cybersecurity incident three days after that.

About 280,000 customers — more than half of the utility’s customers in the province — were informed by letter that their personal information may have been compromised in the attack. The data included names, addresses, phone numbers, birth dates, driver’s licences, social insurance numbers and banking information.

On Thursday, the Nova Scotia Energy Board granted approval to Nova Scotia Power to move forward with a $1.8-million project to improve cybersecurity.

The attack and its aftermath have sparked many questions about the security of the company’s IT systems.

Rajiv Gupta, head of the Canadian Centre for Cyber Security, spoke to CBC News in a rare interview about how these types of incidents unfold and what people and organizations like Nova Scotia Power can do to protect themselves.

This interview has been edited for length and clarity.

Can you explain a bit about your agency and what it does?

The Canadian Centre for Cyber Security is really Canada’s cyber defence agency. So, we provide advice, guidance and services to critical infrastructure systems of importance to Canada. Work primarily with the federal government is where we had started, but have really grown into critical infrastructure. And our goal is to raise cyber resilience across Canada.

We fall under CSE, which is the Communications Security Establishment, and CSE has a mandate for foreign intelligence, which goes back 80 years in terms of WW II. We report to the minister of national defence.

What do you make of the recent attack against Nova Scotia Power, which did ultimately affect about 280,000 customers?

We don’t comment specifically on specific incidents, but as a cyber centre … any critical infrastructure providers that have incidents can report their incidents to the cyber centre. So last year we saw about 1,500 incidents. We see a lot of these, and that’s what’s really important and kind of sad to understand as well, that this is happening so often in terms of cybercriminal organizations comprising critical infrastructure organizations in Canada.

Their motivation is money. They would compromise the network. So basically getting their software inside the network, but then stealing all the sensitive information from the organization and … then going ahead and encrypting systems and locking people out of their system. So we used to call that double extortion. So that way the criminal organization could threaten to release sensitive information, unless a ransom was paid, or also basically not give back access to systems unless a ransom was paid. So that was what we’re seeing and it was incredibly impactful to system operators within Canada.

In this case, Nova Scotia Power did not pay the ransom that was asked of them. Is that common practice? 

What we always do is we provide advice and guidance to organizations and we say, “It’s a business decision,” because we’re not the ones operating their business, and we don’t know their exact context, say if it’s a threat to life or something else. But we always say, “Hey there’s a lot of downside to paying the ransom.” First of all, you’re funding these criminal organizations. So, the more ransom is paid, the more we’re going to proliferate this sort of behaviour. At the same point in time, you’re paying this ransom to criminals. What’s that contract worth in the end anyway? Is there really any guarantee that they’re either not going to share the confidential information, or they’re actually going to give you the keys to decrypt your systems and get your access back? The proceeds of this can go to criminal or even terrorist type causes as well, so, worrisome in that sense.

Are you able to say whether Nova Scotia Power had actually contacted your agency [following the breach]?

The one thing that I will say is that they did reach out to us. We always recommend that organizations that are victimized reach out to the cyber centre. We’ve seen many of these in the past and we have advice and guidance to share. And not only can we help the organization in their recovery, and in terms of paying the ransom, ransom might help you unlock your systems, but there’s still always recovery costs that are part of this as well, regardless of whether you work with the criminal organization or not. But in this case, they did reach out to us.

And the other thing we always encourage is … we hope that they share information about the compromise as well. Because we can take that and share that with other critical infrastructure organizations in Canada.

Did they share with you the extent of the breach? 

We wouldn’t go into any details in that sense, but they did notify us of the breach.

Is there any sense of who might have been the perpetrator in this attack from your perspective? Nova Scotia Power says it has a sense of who it is.

I wouldn’t comment on that. There’s various groups and they often change shapes and forms as they get disrupted. Unfortunately it’s an ever-evolving group of cybercriminals that are out there that seem to be performing these behaviours. And we have an assessment out in terms of a cybercriminal activity in Canada as well that kind of points to the groups that we’ve seen as active.

About 140,000 [social insurance numbers] were included in the stolen data. How serious is this, when that type of personal information is accessed?

I couldn’t speak to the seriousness of that type of information, but what I will say is that this is exactly what cybercriminals go after. And depending on the type of information, it’ll fetch a different price on the dark web. Organizations will collect personal information, whether it’s SIN numbers, or credit card numbers, or health card numbers, other sorts of confidential information. Typically that information gets resold on the dark web for other criminals that are going to actually monetize that for other purposes. It’s kind of a not very positive circle that exists on the dark web.

The way this actually works in terms of what we call “cybercrime as a service” is that it’s a whole ecosystem of criminal entities that actually work together. And because it’s typically run out of operations that are beyond the legal borders — often in Russian-speaking countries where law enforcement won’t necessarily prosecute — it’s very difficult to disrupt these organizations. And even when law enforcement is able to disrupt them, it’s fairly easy for them to kind of reconstitute themselves.

What are some of the risks when this personal information is shared on the deep web or dark web? 

Once that information is out there, that often just spurs the next cycle of fraud. Whether it’s spear phishing emails that are using that information, whether it’s leveraging information about an organization or their clients to actually further compromise them. That’s why it’s really important to take note for everyone to be mindful of the things they can do to protect themselves.

Be extra vigilant of understanding what’s being mailed to you and double checking those links and making sure it’s coming from an authenticated source and whatnot. Being mindful of content, making sure you have strong authentication in terms of how you’re actually accessing applications as well.

What would be your advice to Nova Scotia Power?

Really for all of these organizations, do your due diligence. Understand what your really critical elements are of your organization that would be your worst-case scenario. And then once you know what your worst-case scenario is, then you can defend that. Build the plan according to our ransomware playbook, have the backups in place, and have the strong measures in place.

The utility [Nova Scotia Power] applied for funding about a month before the ransomware attack. They cited the Canadian Centre for Cyber Security’s most recent threat assessment, pointing out that power grids are so interconnected that they can be really vulnerable to these types of attacks. What would be the warning signs of an attack like this?

One of the things that we’ve been very mindful of … as the world gets more hostile, we’re worried about impacts to critical infrastructure like electrical guide grids, pipelines, these sorts of things. A lot of them are controlled by systems that were never meant to be connected to the Internet. Nowadays, as people are looking to optimize efficiency, and connect to cloud services and connect sensors to networks, they’re becoming more exposed to threat actors from around the world. Normally, your electrical grid would only be threatened by people that are actually in the country and nearby, but as soon as you connect it to the internet, you’re pretty much opening a lot of this up to people from anywhere.

Does your agency have any authority over a private company that’s running a provincewide utility?

We are not a regulator. The cyber centre itself provides advice, guidance and services, but we have no authority over any of these entities. We work voluntarily to provide the best practices.

MORE TOP STORIES 

Read Entire Article
Tags: Canada NewsCBC.ca
Share30Tweet19
Sarah Taylor

Sarah Taylor

Recommended For You

Who owns an EV in Canada? 3 provinces dominate EV registrations

by Sarah Taylor
June 16, 2025
0
Who owns an EV in Canada? 3 provinces dominate EV registrations

A growing number of Canadians are buying electric vehicles The federal government has said the switch from gas to electric vehicles is "crucial for reaching our climate goals"...

Read more

Measles is surging in Alberta. Which vaccine-preventable disease could be next?

by Sarah Taylor
June 16, 2025
0
Measles is surging in Alberta. Which vaccine-preventable disease could be next?

Doctors and scientists worry Alberta's measles outbreaks could signal the start of a new era when other dangerous infectious diseases of the past could re-emerge and pose new health...

Read more

Seeking allies in Trump trade war, Eastern Canada’s premiers look to U.S. governors

by Sarah Taylor
June 16, 2025
0
Seeking allies in Trump trade war, Eastern Canada’s premiers look to U.S. governors

Five Canadian premiers, including Ontario's Doug Ford, are in Boston on Monday at the invitation of some northeastern US governors to try to forge alliances against Donald Trump's...

Read more

Alberta premier says she likes Ottawa’s speedy plan for infrastructure project approvals

by Sarah Taylor
June 16, 2025
0
Alberta premier says she likes Ottawa’s speedy plan for infrastructure project approvals

Alberta Premier Danielle Smith says she likes the federal government's plan to reduce the approval times of major infrastructure projects down to two years, and she hopes Canada...

Read more

Canada’s rush for new resource projects can’t happen without First Nations’ support: grand chief

by Sarah Taylor
June 16, 2025
0
Canada’s rush for new resource projects can’t happen without First Nations’ support: grand chief

Some First Nations leaders and citizens in Manitoba say they're concerned by the province's recent push to create new energy, trade and resource extraction projects in the northShortly...

Read more
Next Post
Want stronger legs without running? I tried rucking for a week, and it’s a game-changer

Want stronger legs without running? I tried rucking for a week, and it’s a game-changer

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

First Look: Theories Brings the Heat with Summer ’25 Board Drop

First Look: Theories Brings the Heat with Summer ’25 Board Drop

June 13, 2025
TWS x MACBA Life Apparel Collab Available NOW!

TWS x MACBA Life Apparel Collab Available NOW!

April 8, 2025
Maple Leafs winger Matthew Knies to play Game 7 against Panthers

Maple Leafs winger Matthew Knies to play Game 7 against Panthers

May 18, 2025

Browse by Category

  • Canadian news feed
  • Golf news
  • Hockey news
  • Music & Piano
  • Running & fitness
  • Skateboarding
CANADIANA NEWS – AI Curated content

CANADIANA.NEWS will be firmly committed to the public interest and democratic values.

CATEGORIES

  • Canadian news feed
  • Golf news
  • Hockey news
  • Music & Piano
  • Running & fitness
  • Skateboarding

BROWSE BY TAG

Canada News CBC.ca Golf Hockey Lifehacker Ludwig-van.com Skateboarding tomsguide.com

© 2025 canadiana.news - all rights reserved. YYC TECH CONSULTING.

No Result
View All Result
  • Home
  • Canadian news feed
  • Skateboarding
  • Golf
  • Hockey
  • Running & fitness
  • Music & Piano
  • WeMaple

© 2025 canadiana.news - all rights reserved. YYC TECH CONSULTING.