Canada's cybersecurity head offers rare insight into Nova Scotia Power breach
The head of Canada's cyber-defence agency is offering some insight just weeks after a ransomware attack against Nova Scotia Power.
The utility's computer systems were breached by ransomware hackers on March 19, but Nova Scotia Power did not discover it until April 25. The company disclosed the cybersecurity incident three days after that.
About 280,000 customers — more than half of the utility's customers in the province — were informed by letter that their personal information may have been compromised in the attack. The data included names, addresses, phone numbers, birth dates, driver's licences, social insurance numbers and banking information.
On Thursday, the Nova Scotia Energy Board granted approval to Nova Scotia Power to move forward with a $1.8-million project to improve cybersecurity.
The attack and its aftermath have sparked many questions about the security of the company's IT systems.
Rajiv Gupta, head of the Canadian Centre for Cyber Security, spoke to CBC News in a rare interview about how these types of incidents unfold and what people and organizations like Nova Scotia Power can do to protect themselves.
This interview has been edited for length and clarity:
Can you explain a bit about your agency and what it does?
The Canadian Centre for Cyber Security is really Canada's cyber defence agency. So, we provide advice, guidance and services to critical infrastructure systems of importance to Canada. Work primarily with the federal government is where we had started, but have really grown into critical infrastructure. And our goal is to raise cyber resilience across Canada.
We fall under CSE, which is the Communications Security Establishment, and CSE has a mandate for foreign intelligence, which goes back 80 years in terms of WWII. We report to the minister of national defence.
What do you make of the recent attack against Nova Scotia Power, which did ultimately affect about 280,000 customers?
We don't comment specifically on specific incidents, but as a cyber centre … any critical infrastructure providers that have incidents can report their incidents to the cyber centre. So last year we saw about 1,500 incidents. We see a lot of these, and that's what's really important and kind of sad to understand as well, that this is happening so often in terms of cyber-criminal organizations comprising critical infrastructure organizations in Canada.
Their motivation is money. They would compromise the network. So basically getting their software inside the network, but then stealing all the sensitive information from the organization and … then going ahead and encrypting systems and locking people out of their system. So we used to call that double extortion. So that way the criminal organization could threaten to release sensitive information, unless a ransom was paid, or also basically not give back access to systems unless a ransom was paid. So that was what we're seeing and it was incredibly impactful to system operators within Canada.
In this case, Nova Scotia Power did not pay the ransom that was asked of them. Is that common practice?
What we always do is we provide advice and guidance to organizations and we say, "it's a business decision," because we're not the ones operating their business, and we don't know their exact context, say if it's a threat to life or something else. But we always say, 'Hey there's a lot of downside to paying the ransom.' First of all, you're funding these criminal organizations. So, the more ransom is paid, the more we're going to proliferate this sort of behaviour. At the same point in time, you're paying this ransom to criminals. What's that contract worth in the end anyway? Is there really any guarantee that they're either not going to share the confidential information, or they're actually going to give you the keys to decrypt your systems and get your access back? The proceeds of this can go to criminal or even terrorist type causes as well, so, worrisome in that sense.
Are you able to say whether Nova Scotia Power had actually contacted your agency [following the breach]?
The one thing that I will say is that they did reach out to us. We always recommend that organizations that are victimized reach out to the cyber centre. We've seen many of these in the past and we have advice and guidance to share. And not only can we help the organization in their recovery, and in terms of paying the ransom, ransom might help you unlock your systems, but there's still always recovery costs that are part of this as well, regardless of whether you work with the criminal organization or not. But in this case, they did reach out to us.
And the other thing we always encourage is … we hope that they share information about the compromise as well. Because we can take that and share that with other critical infrastructure organizations in Canada.
Did they share with you the extent of the breach?
We wouldn't go into any details in that sense, but they did notify us of the breach.
Is there any sense of who might have been the perpetrator in this attack from your perspective? Nova Scotia Power says it has a sense of who it is.
I wouldn't comment on that. There's various groups and they often change shapes and forms as they get disrupted. Unfortunately it's an ever-evolving group of cyber criminals that are out there that seem to be performing these behaviours. And we have an assessment out in terms of a cyber criminal activity in Canada as well that kind of points to the groups that we've seen as active.
About 140,000 [social insurance numbers] were included in the stolen data. How serious is this, when that type of personal information is accessed?
I couldn't speak to the seriousness of that type of information, but what I will say is that this is exactly what cyber criminals go after. And depending on the type of information, it'll fetch a different price on the dark web. Organizations will collect personal information, whether it's SIN numbers, or credit card numbers, or health card numbers, other sorts of confidential information. Typically that information gets resold on the dark web for other criminals that are going to actually monetize that for other purposes. It's kind of a not very positive circle that exists on the dark web.
The way this actually works in terms of what we call "cybercrime as a service" is that it's a whole ecosystem of criminal entities that actually work together. And because it's typically run out of operations that are beyond the legal borders — often in Russian speaking countries where law enforcement won't necessarily prosecute — it's very difficult to disrupt these organizations. And even when law enforcement is able to disrupt them, it's fairly easy for them to kind of reconstitute themselves.
What are some of the risks when this personal information is shared on the deep web or dark web?
Once that information is out there, that often just spurs the next cycle of fraud. Whether it's spear phishing emails that are using that information, whether it's leveraging information about an organization or their clients to actually further compromise them. That's why it's really important to take note for everyone to be mindful of the things they can do to protect themselves.
Be extra vigilant of understanding what's being mailed to you and double checking those links and making sure it's coming from an authenticated source and whatnot. Being mindful of content, making sure you have strong authentication in terms of how you're actually accessing applications as well.
What would be your advice to Nova Scotia Power?
Really for all of these organizations, do your due diligence. Understand what your really critical elements are of your organization that would be your worst-case scenario. And then once you know what your worst-case scenario is, then you can defend that. Build the plan according to our ransomware playbook, have the backups in place, and have the strong measures in place.
The utility [Nova Scotia Power] applied for funding about a month before the ransomware attack. They cited the Canadian Centre for Cyber Security's most recent threat assessment, pointing out that power grids are so interconnected that they can be really vulnerable to these types of attacks. What would be the warning signs of an attack like this?
One of the things that we've been very mindful of … as the world gets more hostile, we're worried about impacts to critical infrastructure like electrical guide grids, pipelines, these sorts of things. A lot of them are controlled by systems that were never meant to be connected to the Internet. Nowadays, as people are looking to optimize efficiency, and connect to cloud services and connect sensors to networks, they're becoming more exposed to threat actors from around the world. Normally your electrical grid would only be threatened by people that are actually in the country and nearby, but as soon as you connect it to the Internet, you're pretty much opening a lot of this up to people from anywhere.
We are not a regulator. The cyber centre itself provides advice, guidance and services, but we have no authority over any of these entities. We work voluntarily to provide the best practices.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Globe and Mail
41 minutes ago
- Globe and Mail
This 6.7% Dividend Stock Looks Absurdly Good Today
I first initiated a position in Enterprise Products Partners (NYSE: EPD) more than two years ago. How has that investment fared so far? Not bad. The midstream energy company has generated a total return of roughly 45%. Granted, that performance lags behind the S&P 500 's total return of 56% during the same period. However, one thing I could count on, rain or shine, with Enterprise Products Partners was (and is) its juicy distribution. How does the stock look today? Absurdly good, in my opinion. An income investor's dream stock First of all, Enterprise Products Partners is an income investor's dream stock. It currently offers a forward distribution yield of 6.7%. The master limited partnership (MLP) doesn't have to produce much in the way of unit price appreciation to deliver a solid total return. What's more, Enterprise boasts an outstanding track record of distribution hikes. The company has increased its distribution for 26 consecutive years. It has also paid $1.2 billion in "invisible" distributions since its initial public offering in 1998 via unit buybacks. Building this impressive record wasn't easy. Enterprise Products Partners faced multiple big challenges through the years, including the financial crisis of 2007 through 2009, the oil price collapse of 2015 through 2017, and the COVID-19 pandemic of 2020 through 2022. However, it was able to generate strong cash flow per unit to fund its distributions during every crisis. Some rivals were forced to resort to selling assets to cover their distributions during tough periods. Not Enterprise Products Partners. It's the only midstream energy company that has been able to grow its adjusted cash flow from operations (CFFO) per unit and reduce unit count without any material asset sales. Today, Enterprise Products Partners operates more than 50,000 miles of pipeline. It owns 43 natural gas processing trains and 26 fractionators, which separate the components of hydrocarbons. In addition, the MLP can store over 300 million barrels of liquids and has 20 deepwater docks. More to the story I mentioned earlier that Enterprise Products Partners' total return hasn't been as high as the S&P 500's since I bought it. If we looked back over the last five years, though, it would be a different story. Enterprise has also narrowly outperformed the S&P 500 in total return so far in 2025. The MLP's distribution isn't the only reason behind its market-beating total returns. The rising demand for U.S. hydrocarbons, especially natural gas liquids (NGLs), has played a key role as well. I think these demand trends will extend well into the future. Production of oil, NGLs, and natural gas is projected to increase steadily through the end of this decade. Artificial intelligence (AI) is an important driver behind the higher demand for natural gas. The data centers that host AI models require massive amounts of electricity, and natural gas is a good option to fuel the power plants that serve these data centers. In addition, LNG demand in Asia and Europe is expected to rise by roughly 30% by 2030. Enterprise is well positioned to capitalize on the demand growth. The MLP has $7.6 billion in major capital projects underway, with $6 billion of these projects projected to come online this year. It is also hitting the ground to create more opportunities: Enterprise's staff have visited over 20 international cities to boost export growth. An attractive valuation, too What more could investors want than an ultra-high-yield distribution and solid growth prospects? An attractive valuation. Enterprise Products Partners has that, too. The MLP's units trade at 11.2 times forward earnings. That's the lowest forward earnings multiple in its peer group. It's also well below the S&P 500 energy sector's forward price-to-earnings ratio of 15.9. I think Enterprise Products Partners easily qualifies as an absurdly good stock to buy right now. Should you invest $1,000 in Enterprise Products Partners right now? Before you buy stock in Enterprise Products Partners, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the 10 best stocks for investors to buy now… and Enterprise Products Partners wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $653,702!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $870,207!* Now, it's worth noting Stock Advisor 's total average return is988% — a market-crushing outperformance compared to172%for the S&P 500. Don't miss out on the latest top 10 list, available when you join Stock Advisor. See the 10 stocks » *Stock Advisor returns as of June 9, 2025
CTV News
an hour ago
- CTV News
Jewish and interfaith leaders condemn vandalism at National Holocaust Monument
The words 'FEED ME' are seen painted in red on the National Holocaust Monument in Ottawa on Monday, June 9, 2025. (Sean Kilpatrick/THE CANADIAN PRESS) Jewish and interfaith leaders are gathering Sunday afternoon at the National Holocaust Monument in Ottawa to condemn a recent act of vandalism and to stand united against hate. The monument, which honours the six million Jewish people killed in the Holocaust, was defaced last week with red paint and the words 'Feed Me.' The event begins at 3 p.m. 'The desecration of the National Holocaust Monument was not just vandalism — it was an attack on the memory of six million Jews murdered in the Holocaust and on the values of decency and humanity we hold as Canadians," said Adam Silver, president and CEO of the Jewish Federation of Ottawa, in a press release. 'We must not stay silent. This vigil is about standing together to say clearly: hate has no place here.' The gathering comes amid a rise in antisemitism across Canada. According to a global task force against antisemitism, a report shows incidents have jumped more than 170 per cent in Canada since 2020. 'This vigil is a potent reminder that unchecked hatred and discrimination do not only affect the targeted community; they threaten the social fabric of our society; they are corrosive to our entire society,' said Annette Wildgoose, president of the National Holocaust Monument committee, in a press release. 'By all of us standing together at the National Holocaust Monument, we reaffirm our commitment to fighting against all forms of intolerance and antisemitism.' The Ottawa Police Service hate and bias crime unit continues to investigate the incident. This story will be updated.
CBC
an hour ago
- CBC
Carney, Trump to sit down Monday ahead of G7, as hope blooms for a tariff deal
Social Sharing In his first big test at the G7, Prime Minister Mark Carney will meet with U.S. President Donald Trump on Monday morning, according to an official in his office. The Prime Minister's Office said the two leaders will sit down one-on-one before the main talks with the other leaders officially get underway. Carney has been keen to ink a deal with Trump on trade and security, and for the U.S. president to drop his punishing tariffs on Canadian steel, aluminum and the auto industry. Earlier this week CBC/Radio-Canada reported Canada and the U.S. appear to be making progress toward some sort of trade agreement. Sources with direct knowledge of the situation said a working document outlining details of a potential deal has been sent back and forth between Ottawa and Washington. The document is considered a step toward the overall goal of reaching a deal, but sources cautioned work needs to be done before there's an agreement. Carney is far from the only world leader seeking Trump's ear during his trip to Kananaskis, Alta., as his administration pushes an aggressive trade position that's shaking up global markets. The leaders of some of the most powerful democracies will begin landing in Alberta on Sunday ahead of the high-stakes gathering, set against the scenery of the Canadian Rockies and the thundering Bow River. This year's gathering will largely be judged on whether a group built on consensus can actually get along. The G7 — which includes the United States, France, Germany, Japan, the United Kingdom, Italy and Canada, as well as the European Union — has met annually for the past 50 years to form a co-ordinated voice on major issues, including trade and economics, security and climate change. No joint communiqué But the group has become more fractured over the years. The last time Trump attended a G7 in Canada back in 2018, he sent the gathering into disarray and withheld U.S. support from the joint communiqué typically issued at the end of the summit. This year, Canadian organizers are taking a different route and are forgoing the traditional list of priorities and accomplishments that all countries agree to sign. Instead, Canada is looking to secure leaders' approval on a series of short, joint statements focused on concrete actions and outcomes in key areas, a senior government official said ahead of the summit. WATCH | What are Canada's objectives for the G7 summit? What are Canada's objectives for the G7 summit? 23 minutes ago Duration 21:06 This year, Carney has set a list of priorities reflective of the challenging state of the world. They include: war and peace; energy security, with a focus on critical minerals and artificial intelligence; and "securing the partnerships of the future," according to the Prime Minister's Office. With parts of Western Canada still grappling with a devastating fire season, Carney has also put wildfires on the agenda. In addition to the G7 members, leaders from India, Brazil, South Africa, United Arab Emirates, South Korea, Ukraine, Mexico and Australia have been invited for at least part of the proceedings, along with the secretaries general of the United Nations, NATO and the European Union and the head of the World Bank.
