The man in charge of protecting Canadians from malicious hackers says it is vital for Canada and the United States to keep working closely together on cybersecurity.
Sami Khoury, the head of the Canadian Centre for Cyber Security, was in D.C. this week for an international cybersecurity summit and meetings with U.S. counterparts.
Khoury says the two countries have become essential partners in fortifying the continent’s cyber defences, a collaboration he expects will only continue to grow.
But in a world of ransomware, foreign interference and hostile nation-states, he worries that citizens and businesses alike aren’t taking the danger seriously.
Khoury says the only thing that keeps him up at night is the risk of the Cyber Centre’s alerts and advice being disregarded, due to cost or apathy.
He says reports often show that years-old software vulnerabilities are still being exploited, a sign that computer systems aren’t being updated.
“It’s important that people look at that in a serious manner,” Khoury said in an interview.
“I know that sometimes updating a system can be costly, but the flip side of that is not updating it opens you up to a vulnerability that might cost you more than just updating the system.”
Small and medium-sized businesses are at particular risk, especially as larger, high-profile companies — especially those that operate critical infrastructure — gradually fortify their defences.
“They’re small, they’re medium, but they play an important role in society, and it’s important they take cybersecurity seriously,” Khoury said.
“In many cases, these cybercriminals will go wherever they can find an opportunity. And if they see an opportunity in exploiting your networks or your operations, they will not hesitate.”
Khoury spent several days in the U.S. capital to meet with American counterparts and Canadian Embassy officials and to take part in the Billington Cybersecurity Summit, a major annual gathering of experts from around the world.
He sat on two panels that were of specific interest to Canada: confronting threats to global supply chains and the growing role of international collaboration when it comes to defending against them.
The deep defence and intelligence ties between Canada and the U.S. go back more than 75 years, but “cyber takes it to a whole new level,” Khoury said.
And given the extent to which critical infrastructure conduits like pipelines, power lines, transportation corridors and financial exchanges travel across the Canada-U.S. border, closer collaboration and integration only makes sense.
“It’s in our collective interests, both on the U.S. side and on the Canadian side, that we line up our cybersecurity effort, so that we are on message when we assess the threat,” he said.
“It’s the same infrastructure on both sides of the border.”
One compelling example of that threat came in May, when agencies from across the Five Eyes intelligence alliance, including the Cyber Centre, issued a dramatic warning about state-sponsored hackers from China targeting a critical piece of U.S. infrastructure.
The previous month, a leaked trove of Pentagon secrets included reports of hackers based in Russia that had successfully accessed Canada’s natural gas distribution network, although a specific company was not named.
And in 2021, with the world still in the throes of the COVID-19 pandemic, a ransomware attack effectively forced a six-day shutdown of the Colonial pipeline, triggering fuel shortages across the country.
Infrastructure systems have proven popular targets for hackers because of the often profound residual effects such attacks can have, as well as the tactical value of commercial intelligence, Khoury said.
In addition, cybercriminals working on behalf of nation-states are often keen to secure access to such systems not to wreak immediate havoc, but to lie in wait in the event of geopolitical developments that warrant an attack.
“The message has to be repeated,” Khoury said.
“We have to constantly push the message out that the threat is real, that companies have to take it seriously, that they have to build resilience and that they have to be vigilant about their networks and their activities.”