Canadian Natural Gas Distribution Network Targeted by Hackers
Image courtesy of Brian Cantoni under Attribution 2.0 Generic License, resized to 700 x 391 pixels.
Leaked U.S. intelligence documents have revealed that the Canadian natural gas distribution network has been breached by Russian-backed hackers. While cyberattacks against energy infrastructure are certainly nothing new, a gas-specific attack is relatively novel. This begs the question, what does it mean?
Implications of the Canadian Natural Gas Distribution Network Breach
First off, it’s worth mentioning that while cyberattacks on natural gas infrastructure are less common than on electricity infrastructure, they are certainly not unprecedented. Several attacks have already been launched against oil and gas infrastructure in the U.S., including against the Colonial Pipeline, Latitude Technologies (a company that enables data sharing between pipeline operators, natural gas companies and customers), and a Feb. 2020 ransomware attack against an undisclosed pipeline operator.
Nonetheless, the leaked documents have raised more than a few eyebrows. A Russian hacker group known as Zarya gained control of the computer network of a Canadian gas pipeline, and then reported its success in doing so to the Russian equivalent of the CIA. This suggests that certain hacker groups in Russia are government sanctioned, which means they likely have access to an ample pipeline of hacking talent and funding.
Additionally, unlike power grid hacks, natural gas hacks can cause deadly explosions. By comparison, grid hacks typically wouldn’t cause anything to explode, and therefore would be unlikely to directly cause any fatalities. Simply put, if a terrorist group really wanted to inflict terror, a natural gas cyberattack would be the way to go.
The good news is that, while the Russian hackers gained access to the Canadian natural gas distribution network, they were unable to gain control of any processes or disrupt energy supplies, and no explosions were triggered. The bad news is that previous natural gas cyberattacks were able to successfully gain control over certain processes, so it can and will happen. Therefore, from a pure emergency preparedness perspective, at the bare minimum these scenarios must be accounted for in emergency plans.