Skip to main content
Open this photo in gallery:

The amassing of 100,000 Russian troops along the border of Eastern Ukraine has increased tensions between Moscow and the United States and its allies, including Canada.The Associated Press

Canada’s cyberspy agency is warning of Moscow-backed cyberattacks on Canadian critical infrastructure as Western countries prepare economic sanctions in the growing expectation that Russia will invade Ukraine.

The Canadian Centre for Cyber Security joined its counterparts in the United States and Britain on Thursday in urging Canadian companies, such as electrical utilities and energy firms, to watch out for cyberattacks from Russia.

The agency said in a statement Thursday that it is aware of foreign cyberthreat activities, including by Russian-backed actors, to target Canadian critical infrastructure network operators and their operational and information technology.

“The Canadian Centre for Cyber Security encourages the Canadian cybersecurity community – especially critical infrastructure network defenders – to bolster their awareness of and protection against Russian state-sponsored cyber threats,” the agency said in an advisory.

The agency is part of the Communications Security Establishment, which is Canada’s most secret intelligence service and is responsible for signal intelligence and cybersecurity defences.

The amassing of 100,000 Russian troops along the border of Eastern Ukraine has increased tensions between Moscow and the U.S. and its allies, including Canada.

U.S. President Joe Biden said Wednesday it’s likely Russian President Vladimir Putin will order an invasion but promised punishing economic sanctions that would cripple the Russian financial system.

Prime Minister Justin Trudeau said Wednesday that Ottawa is also drawing up a list of economic sanctions that would be imposed on Moscow if Russia launches a military offensive against Ukraine.

In Brussels, Foreign Affairs Minister Mélanie Joly reaffirmed Canada’s commitment to join allies in imposing tough sanctions on Russia if an invasion takes place.

“Canada will be ready to take additional measures, particularly with respect to the financial sector,” Ms. Joly said after meeting her European Union counterpart Josep Borrell.

She said diplomatic talks between the U.S. and Russia offer the Kremlin two options. “They can choose meaningful dialogue, or severe consequences.”

Ottawa is poised to extend a military training mission in Ukraine for another six months and is mulling whether to expand the number of soldier-trainers deployed and provide Kyiv with defensive weapons and gear, two government sources say.

Measures under consideration by the Liberal cabinet include small arms as well as night goggles, helmets, armoured vests and military radios for Ukraine’s armed forces, they say. The Globe and Mail is not identifying the officials because they were not authorized to discuss cabinet deliberations. Also on the table is providing intelligence and cybersecurity advice, likely through Canada’s Communications Security Establishment.

Stephanie Carvin, a former national security analyst and an associate professor of international relations at the Norman Paterson School of International Affairs, said Canada is likely to be a top-tier target of Russian hacking as tensions rise in Eastern Europe.

Canada is among the most outspoken countries championing Ukraine’s right to independence and freedom from Russian interference, she noted.

About 200 Canadian troops are in Ukraine training Ukrainian soldiers in everything from sniper shooting to artillery: skills that would be useful to fight off a Russian offensive.

Last week, Ukrainian government computers were hit by a massive cyberattack for which Kyiv has blamed Russia. More such attacks are expected to accompany a rise in hostilities.

“I don’t think Canadians appreciate that what happens in Ukraine could happen here,” Prof. Carvin said.

She said that a cyberattack on the U.S. power grid could have spillover effects in Canada.

Russian cyberattacks have in the past hit Ukraine, Estonia, Georgia and even France. Ukraine’s power grid has been targeted more than once. In 2015 the French TV network TV5Monde was crippled by a cyberattack that security experts later blamed on the Russian hacking group APT28. At the time Moscow was angry at Paris for holding up a deal to sell two French warships to Russia. France halted the order after Russia’s annexation of Crimea.

The Russians are expected to turn to hacking operations to put pressure on the U.S. and its allies if sanctions are imposed in the event of an attack on Ukraine.

Those concerns are underlined by massive hacking efforts by Russia against Ukraine in recent days and the ransomware attacks linked to Russia’s intelligence services against critical U.S. organizations in late 2020.

Canada was also hit by the Russians at the same time. Microsoft said last year that Canada was the target of a major hack that U.S. security agencies say was carried out by Russian intelligence against the U.S. government and other computer systems around the world.

The Canadian government has said little about the sophisticated cyberattack, which the U.S. Cybersecurity and Infrastructure Agency said targeted the widely used network-management software used by Texas-based SolarWinds to breach government and corporate networks.

Thursday’s advisory about possible Russian cyberattacks said Canadian companies should be prepared to “isolate critical infrastructure components and services from the internet and corporate/internal networks if those components would be considered attractive to a hostile threat actor to disrupt.”

“When using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.”

The advisory warned against “common but effective tactics” used to gain initial access to victim networks, including spearphishing, brute force attacks and exploiting known vulnerabilities. In the past, Russian state-sponsored actors have used vulnerabilities to gain access to targeted systems.

Critical infrastructure operators should also use antivirus software, implement multifactor authentication, and create and test offline backups, the agency said.

For subscribers: Get exclusive political news and analysis by signing up for the Politics Briefing.

Follow related authors and topics

Authors and topics you follow will be added to your personal news feed in Following.

Interact with The Globe