Apparent leaked U.S. docs suggest pro-Russian hackers got at Canada’s gas network. Is cybersecurity an issue?
Cybersecurity experts aren’t surprised by the revelation contained within a package of leaked U.S. intelligence documents suggesting Russian-backed hackers successfully gained access to Canada’s natural gas distribution network.
But they said there’s a huge difference between gaining access to a company’s network or servers and actually disrupting Canada’s energy supply or causing injury or property damage.
“There’s a big disconnect between gaining access to a computer, in the industrial world, and knowing how to make it do physical things,” said Lesley Carhart, director of incident response for North America at the industrial cybersecurity company Dragos Inc.
“Criminal groups gain access to industrial facilities all the time. But just hitting buttons isn’t necessarily going to cause anything meaningful to happen.”
An apparent release of Pentagon documents onto social media sites recently appeared not only to detail U.S. and NATO operations in Ukraine, but also contained a claim by Russian-backed hackers that they successfully accessed Canada’s natural gas infrastructure.
The leaked documents don’t name a specific company. CBC News and The Canadian Press have not independently verified the claims. Two companies — TC Energy and Enbridge — told CBC their infrastructure was not compromised by a hacking attempt.
WATCH | White House bracing for more documents to be leaked
But the news has thrust the issue of cybersecurity in North America’s oil and gas sector back into the spotlight.
The Communications Security Establishment (CSE), which oversees Canadian foreign intelligence gathering and cybersecurity, said in a statement it does not comment on specific incidents. But it added it was “concerned about the opportunities for critical infrastructure disruption” on internet-connected technology “that underpins industrial processes.”
According to Geoffrey Cann, a B.C.-based author and speaker who specializes in digital issues affecting the oil and gas industry, Canada’s energy sector is routinely targeted by cybercriminals for financial gain as well as by state-sponsored hackers hoping to create mayhem.
“It would be a shock if they weren’t targeting Canadian infrastructure, because they’re targeting energy infrastructure worldwide as a matter of routine,” he said.
“And industry is highly aware of this. This is a board-level topic.”
In 2021, a ransomware attack successfully targeted the Colonial Pipeline, the largest pipeline system for refined oil products in the U.S. It was the largest cyberattack on oil infrastructure in the history of the United States, and forced the company to temporarily halt pipeline operations.
Carhart said the idea that state-sanctioned actors are also attempting to gain entry into oil and gas companies’ systems for the purpose of corporate espionage, sabotage or terrorism is not a secret.
But she pointed out that industrial sites have layers upon layers of safety protocols and equipment in place, and just gaining access to a computer server isn’t necessarily enough to really cause an impact.
“Industrial facilities are made to be very safe. They’re made to survive human error, and devices failing.”
She said it could take years for a cyber criminal to learn enough about a company’s internal processes and equipment to actually cause an incident.
“Yes, there are states with resources spending a lot of time and money to learn about these facilities so they can do something in the future. But does just getting access to these facilities mean they can? No.”
Cann agreed that while oil and gas companies themselves should be concerned about the financial and operational risk of a cyberattack, the risk a hacker could significantly disrupt energy supply for Canadians for any significant period of time remains extremely low.
“For a hack to be successful in Canada, it would have to bring down enormous amounts of our infrastructure at the same time. And that’s possible, but the probability is infinitesimally small,” Cann said.
“Oil and gas infrastructure is being attacked constantly, and yet there are very few public incidents that we hear of, so we have that in our favour.”
Suncor to cut 1500 jobs by end of year, employees informed Thursday – CTV News Calgary
Suncor Energy Inc. says it will cut 1,500 jobs by the end of the year in an effort to reduce costs and improve the company’s lagging financial performance.
Spokeswoman Sneh Seetal confirmed the cuts, saying they will be spread across the organization and will affect both employees and contractors.
Seetal says employees were informed of the cuts in a companywide email from Suncor CEO Rich Kruger earlier this afternoon.
Suncor has been under pressure from shareholders – including activist investor Elliott Investment Management – to improve its financial and share price performance, which has lagged its peers.
Kruger, the former CEO of Imperial Oil Ltd., took the reins at Suncor earlier this spring and has been tasked with turning around the oilsands giant.
Suncor employs people across the country, in the U.S., and the U.K. Its corporate head office is located in Calgary.
This report by The Canadian Press was first published June 1, 2023.
Amazon ordered to pay more than $30M for privacy violations related to Alexa, Ring devices – CBC News
Amazon agreed Wednesday to pay a $25 million US civil penalty to settle Federal Trade Commission (FTC) allegations it violated a child privacy law and deceived parents by keeping for years kids’ voice and location data recorded by its popular Alexa voice assistant.
Separately, the company agreed to pay $5.8 million US in customer refunds for alleged privacy violations involving its doorbell camera, Ring.
The Alexa-related action orders Amazon to overhaul its data deletion practices and impose stricter, more transparent privacy measures. It also obliges the tech giant to delete certain data collected by its internet-connected digital assistant, which people use for everything from checking the weather to playing games and queueing up music.
“Amazon’s history of misleading parents, keeping children’s recordings indefinitely, and flouting parents’ deletion requests violated COPPA (the Child Online Privacy Protection Act) and sacrificed privacy for profits,” Samuel Levine, the FTC consumer protection chief, said in a statement. The 1998 law is designed to shield children from online harms.
FTC Commissioner Alvaro Bedoya said in a statement that “when parents asked Amazon to delete their kids’ Alexa voice data, the company did not delete all of it.”
The Current22:19Amazon losing billions on Alexa voice assistant
The agency ordered the company to delete inactive child accounts as well as certain voice and geolocation data. That order will apply to Canadian customers, as well, the company confirmed in an email to CBC News.
Amazon kept the kids’ data to refine its voice recognition algorithm, the artificial intelligence behind Alexa, which powers Echo and other smart speakers, Bedoya said.
The FTC complaint sends a message to all tech companies who are “sprinting to do the same” amid fierce competition in developing AI datasets, he said.
Amazon said last month that it has sold more than a half-billion Alexa-enabled devices globally and that use of the service increased 35 per cent last year.
Hackers able to access Ring accounts
In the Ring case, the FTC says Amazon’s home security camera subsidiary let employees and contractors access consumers’ private videos and provided lax security practices that enabled hackers to take control of some accounts.
Amazon bought California-based Ring in 2018, and many of the violations alleged by the FTC predate the acquisition. Under the FTC’s order, Ring is required to pay $5.8 million US that would be used for consumer refunds.
Amazon said it disagreed with the FTC’s claims on both Alexa and Ring and denied violating the law. But it said the settlements “put these matters behind us.”
“Our devices and services are built to protect customers’ privacy, and to provide customers with control over their experience,” the Seattle-based company said.
In addition to the fine in the Alexa case, the proposed order prohibits Amazon from using deleted geolocation and voice information to create or improve any data product. The order also requires Amazon to create a privacy program for its use of geolocation information.
The proposed orders must be approved by federal judges.
FTC commissioners had unanimously voted to file the charges against Amazon in both cases.
Stocks slide as debt ceiling vote looms, jobs data stays hot : Stock market news today
US stocks closed lower Wednesday as investors kept a watchful eye on the prospects for the debt-limit deal in an expected House floor vote. Meanwhile, strong US jobs data and China’s economic woes pressured global markets.
The S&P 500 (^GSPC) fell 0.60% while the Dow Jones Industrial Average (^DJI) dipped 0.40% or more than 130 points. The technology-heavy Nasdaq Composite (^IXIC) slipped 0.63%.
US bond yields weakened as investors fretted over the potential impact of the debt-limit deal and reviewed the release of fresh jobs data. The yield on the benchmark 10-year Treasury dropped to 3.62%. The two-year note yields, which are more rate sensitive, slipped to 4.3%, while that on the 30-year bond dropped to 3.84%.
Equities lost steam as the Labor Department reported the number of job openings rose to over 10.1 million, up from economists’ expectations of 9.4 million openings.
The figures underscores “the tightness in the labor market is unlikely to fall off a cliff but rather continue downward on a bumpy path,” Oxford Economics wrote in a note on Wednesday. “While there are some concerns over the veracity of the JOLTS survey due to historically low response rates, the upshot remains that labor market strength remains robust.”
In light of recent economic data, markets are pricing in an increase of 25 basis points in interest rates from the Fed at policymakers’ meeting on June 13-14. On the commodities side, the dollar index rose, while crude oil slid below $70 a barrel.
Still, investors are still very keen on the latest developments in Washington. The debt ceiling agreement negotiated by President Joe Biden and House Speaker Kevin McCarthy passed its first key test on Tuesday when it gained approval from the Republican-led House Rules Committee despite opposition from hard-liners. That cleared the way for the deal to go before the House on Wednesday.
The clock is ticking down, as Congress must race to pass the deal to avoid a catastrophic default by June 5. That so-called X-Date is when the US will run out of money to pay its bills, Treasury Secretary Janet Yellen has warned.
Meanwhile, both Federal Reserve Governor Philip Jefferson and Philadelphia Federal Reserve President Patrick Harker signaled Wednesday that the central bank could pause rate hikes at its next policy meeting. Separately, the economy showed signs of cooling as hiring and inflation slowing, the Federal Reserve said in its Beige Book survey of regional business contacts.
Elsewhere, China’s factory activity slumped to its weakest level for a second straight month, another sign its post-pandemic economic recovery is losing steam. Asian markets tumbled after the release of the data.
On the housing front, mortgage demand dropped to its lowest level since March, while refinancing activity also dampened to another low, the MBA data showed Wednesday.
Meanwhile, in corporate news, Hewlett Packard Enterprise Company (HPE) sank more than 7% after the company posted a revenue miss in its second quarter earnings and slashed its full-year sales guidance.
Still, the run-up in stocks linked to AI was losing momentum, after the buzz around the technology helped boosted the Nasdaq 100 Index (^NDX) on Tuesday. Shares of ChargePoint Holdings, Inc. (CHPT) was flat, while C3.ai, Inc. (AI) dipped more than 8% Wednesday.
In single-stock moves, SoFi Technologies, Inc. (SOFI) shares rallied more than 15% in the wake of the debt ceiling deal. The bill would reinstate government student loan repayments, benefiting the online personal finance company.
Shares of HP Inc. (HPQ) sank more than 5% after the computing giant posted better-than-expected quarterly earnings on Tuesday, but reported sales that fell more than analysts estimated.
Intel Corporation (INTC) shares rose more than 4% after the chipmaker said current quarter revenue is on track to be at the high end of its guidance.
Dani Romero is a reporter for Yahoo Finance. Follow her on Twitter @daniromerotv
Strong job gains in US add to economic puzzle – BBC
Calgary home sales reach new May record: real estate board – CBC.ca
Social media restricted in Senegal amid political unrest – NetBlocks
Silver investment demand jumped 12% in 2019
Iran anticipates renewed protests amid social media shutdown
Search for life on Mars accelerates as new bodies of water found below planet’s surface
Science13 hours ago
Private Astronaut Crew, Including First Arab Woman in Orbit, Returns from Space Station – Voice of America – VOA News
Science9 hours ago
Private astronaut crew, including first Arab woman in orbit, returns from space station – Indiatimes.com
Media12 hours ago
Will Google's AI Plans Destroy the Media? – New York Magazine
News12 hours ago
Air Canada flight communicator system breaks down, causing widespread delays – CBC.ca
Sports12 hours ago
Brad Treliving on the criticism the Maple Leafs’ core players face in the market. "Whether it’s raining or sunny, it seems to be the core four’s fault every day… Quite frankly, I don’t want to hear the [core four] term"
Real eState9 hours ago
Victoria real estate sales up and prices down year-over-year – Times Colonist
News13 hours ago
Digital banking complications resolved at RBC – CTV News
News9 hours ago
Air Canada flight delays at Toronto Pearson | CTV News – CTV News Toronto