VANCOUVER — Attendees at the 2003 edition of the ASI Exchange in Vancouver on Tuesday heard that Canada’s critical infrastructure is at risk from cyber attacks and malicious code.
One of the spotlight speakers at the event, Eric Byres is the manager of the Internet Engineering Lab in the
Technology Centre at the British Columbia Institute of Technology. Byres is conducting research into the risk posed by cyber attacks for the infrastructure critical to our way of life, like the power generation and distribution system , and how it can be better protected.
Security isn’t new to these companies; they’ve always been on guard against someone trying to blow up a power dam, for example. However, Byres says cyber attacks are something many companies haven’t considered before.
“There’s the possibility of a cyber terrorist getting into their industrial control systems via the Web, and wreaking havoc just like a bomb would,” says Byres. “We’re doing a lot of research in that area on what the risks are and what the solutions are.”
They’ve created the Industrial Incident Security Database, the only database Byres is aware of that tracks cyber attacks that impact the safety or operations of an industrial site, and he says the statistics show about 70 per cent of the attacks are by insiders.
“It’s disgruntled employees or ex-employees, people with an axe to grind that have some knowledge of the systems,” says Byres. “Most of the other 30 per cent are the script kiddies, bored teenagers who see this as a challenge, like doing the New York Times crossword puzzle is for some of us.”
It’s only a tiny fraction of the attacks so far, but possibly the most concerning are attacks from political groups. Byres notes that during the Pakistan/India border flare-up last year, the number of cross-border cyber attacks went up by at least an order of magnitude.
He says it’s not known whether the attacks were by state-sponsored specialists or just enthusiastic amateurs, but when there’s hostilities between countries there’s definitely an increase in cross-border attacks.
“You’ll have to ask the CIA who’s behind them,” jokes Byres.
The oil and gas and power sectors are doing a pretty good job of protecting their systems from attack, while the chemical industry and manufacturing sector still has some work to do. However, Byres says while many companies are doing their best there simply aren’t many answers for them yet.
“We’re doing a very detailed analysis of the communications protocols that these systems use, to deconstruct these Supervisory Control and Data Acquisition (SKADA) protocols,” says Byres.
“We’re trying to see if there’s problems or flaws in these prot