The individual responsible for safeguarding Canadians against hackers emphasizes the crucial need for Canada and the United States to maintain close collaboration in the realm of cybersecurity.
During his visit to Washington, D.C., for an international cybersecurity summit and meetings with counterparts from the U.S., Sami Khoury, the director of the Canadian Centre for Cyber Security, highlighted that both countries have become indispensable allies in strengthening our continent's cyber defenses. He anticipates that this partnership will continue to flourish. However, amidst a landscape plagued by attacks, foreign interference, and hostile nation-states, he expresses concern that citizens and businesses may not sufficiently recognize the magnitude of these threats.
Khoury reveals that his greatest worry is disregarding alerts and advice from the cybersecurity center due to constraints or indifference. He points out that reports frequently expose instances where outdated software vulnerabilities are exploited—an indication that computer systems are not being properly updated.
"It's imperative for individuals to approach this matter seriously", Khoury stated during an interview.
He acknowledges that system updates can sometimes incur costs but underscores how neglecting such updates exposes individuals to vulnerabilities that could result in greater financial losses than simply investing in system maintenance.
Medium-sized businesses face significant risks, especially as larger, well-known companies that manage critical infrastructure gradually strengthen their defenses.
"These businesses may be small or medium in size, but they play a role in society, and it is vital for them to prioritize cybersecurity", Khoury emphasized.
"Cybercriminals often look for any opportunity available to them. If they identify vulnerabilities in your networks or operations, they will not hesitate to exploit them."
Shared infrastructure across borders
During his time in the U.S. capital, Khoury engaged with counterparts and Canadian Embassy officials while participating in the Billington Cybersecurity Summit—a prominent annual gathering of experts from around the world.
He participated in two panels that held relevance for Canada, addressing threats to global supply chains and emphasizing the growing importance of international collaboration in defending against these threats.
The standing defense and intelligence ties between Canada and the U.S. span more than 75 years; however, "cyber takes it to an entirely new level," remarked Khoury.
Given the presence of crucial infrastructure pathways like pipelines, power lines, transportation routes, and financial exchanges that span the border between Canada and the United States, it only makes sense to foster closer collaboration and integration.
"We need to align our cybersecurity efforts on both sides of the border so that we have an approach when assessing potential threats", stated Khoury.
"It's important to note that we share the infrastructure across both countries."
A notable example highlighting this threat occurred in May when various agencies within the Five Eyes intelligence alliance, including Canada's Centre for Cyber Security, issued a warning about state-sponsored hackers from China targeting a vital component of U.S. infrastructure.
In the past month, leaked Pentagon documents revealed incidents involving Russian hackers successfully infiltrating Canada's natural gas distribution network; however, no specific company was identified.
Furthermore, in 2021, during the COVID-19 pandemic crisis, a ransomware attack compelled a six-day shutdown of the Colonial pipeline, leading to fuel shortages nationwide. Infrastructure systems have become targets for hackers due to the significant and long-lasting impact of these attacks as well as the valuable strategic information they can gain. Moreover, cybercriminals working on behalf of nation-states often seek access to systems not only to cause immediate damage but also to patiently wait for geopolitical developments that may require an attack.
According to Khoury, it is crucial to emphasize this message: the threat is genuine, and companies must take it seriously. They need to establish resilience and remain vigilant about their networks and activities.