Cyberattacks Pose Threat to Canada’s Automated Resource Firms

Suncor Plant

December 11, 2017

Data theft from high-profile hacks against companies like Uber and Equifax can cost consumers thousands of dollars but resource companies worry about millions in damage, along with potential injuries and death, if their technology is compromised.

The thought of a multi-tonne piece of equipment running amok or shutting down at a critical time in the resource gathering process is a nightmare scenario for chief information and security officers in the oilpatch and other resource-rich regions of Canada.

Cybercriminals are betting the company whose gear no longer obeys instructions would be willing to pay dearly to avoid such a situation.

 

“It’s no longer a bunch a pimple-faced kids in mommy and daddy’s basement — it’s organized crime,” said Daniel Tobok, CEO and co-owner of Toronto-based Cytelligence, who says his company investigates 40 data breach attacks on private Canadian companies every month, often tracing the attacks to foreign hackers.

“It’s theft of intellectual property, it’s espionage, but it all comes down to money as a motivation.”

 

He estimates the attacks cost Canada $3 billion to $5 billion per year in proceeds to criminals, adding one Calgary energy company was forced to pay $200,000 in ransom three years ago to regain control of its corrupted digital production systems.

The rise of the so-called “Internet of Things” — in which machines communicate autonomously with each other — means companies are increasingly employing automation and remote control to drive bulldozers, diggers and heavy trucks, or control drilling and processing equipment. Such automation delivers labour savings but also presents more targets for hackers, making the overall system more vulnerable to cyberattacks.

“Somebody could actually die,” said Tobok.

In a recent report, accounting firm EY said the cybersecurity risk to mining companies had jumped to third in 2017-18, from ninth the year before, on a top-10 worst risk list because the “attack surface” is getting larger as connected IT and operational devices in a typical mine or ore transport system grow into the thousands.

Executives agree the threat is real but insist they can keep hackers at bay with multiple automatic and manual shut-down systems, firewalls, strictly limited internet connections and ongoing employee training.

Kevin Neveu, CEO of Precision Drilling Corp., the largest Canadian driller which also operates in the United States, said the company has never had a successful “intrusion” although it detects unsuccessful attempts “almost daily.”

“We’re certainly concerned that someone could hack into a drilling rig,” he said.

“We’re running 20 rigs that have automation systems on them that actually control the rigs through software and tell it to go up and down, tell it to go to higher pressure or lower pressure. That software potentially could be hacked.”

He said the company has “intrusion-sensing systems” that are designed to trigger a fail-safe shutdown. The drilling crew can also shut off the rig manually and it’s possible to override the automated system and continue working without it, he said.

Steve Laut, CEO of Canadian Natural Resources Ltd., said he doesn’t want to “advertise” what the company is doing in cybersecurity but noted it has a robust plan with “four or five levels of security,” adding its major heavy oil production plants aren’t connected to the internet.

“We’re like any other corporation out there, we get attacked all the time,” he said. “Most of it bounces off our firewalls.”

 

Potash Corporation of Saskatchewan Inc. uses continuous boring machines that can mine up to 900 tonnes of ore per hour.

It wouldn’t comment for this article but warns in its annual report that cyberattacks could result in “personal injury” to employees, contractors or the public as well as computer viruses, property damage, disruptions to operations and loss of data or confidentiality.

Michael Murphy, country manager for Citrix Canada, which provides remote access for customers to applications and data, said data security is more difficult to ensure these days because the number of access points is multiplying.

Employees, third-party partners and contractors want to use their own devices to access company systems and data, each presenting a possible entry point for a cyberattack.

“I’m sure what keeps the chief information and security officers up at night is, ‘How do I make sure that the software-defined perimeter continues to be very secure but also accessible?”‘ he said.

“You can make something very secure but it doesn’t necessarily make it very productive. It has to be easy to use and very secure at the same time. The complexity of what a company has to manage today is mind-boggling.”

By: Dan Healey

Source:  https://www.theglobeandmail.com/report-on-business/industry-news/energy-and-resources/cyberattacks-pose-serious-threat-to-canadas-automated-resource-firms/article37087705/

Related Articles


Changing Scene


Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.


ADVANCED Motion Controls Takes Servo Drives to New Heights (and Depths) with FlexPro Extended Environment Product Line

Advanced Motion Controls is proud to announce the addition of six new CANopen servo drives with Extended Environment capabilities to their FlexPro line. These new drives join AMC’s existing EtherCAT Extended Environment FlexPro drives, making the FlexPro line the go-to solution for motion control applications in harsh environments.

Many motion control applications take place in conditions that are less than ideal, such as extreme temperatures, high and low pressures, shocks and vibrations, and contamination. Electronics, including servo drives, can malfunction or sustain permanent damage in these conditions.

Read More


Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More


Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More


JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More


Latest Articles

  • Implementing Functional Safety Requirements

    Implementing Functional Safety Requirements

    The Safety Functional Requirements Specification (SFRS; sometimes referred to as SRS or Safety Requirements Specification) is the plan for the safety controls on a machine and is the second step of the safety lifecycle. The SFRS document serves as a framework for the safety control system design, is informed by prior work done in the… Read More…

  • From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    Endress+Hauser’s Asset Health Monitoring Solution–Rockwell Edition, now available for installation, provides operators with a centralized, digital overview of plant-wide device health to avoid unscheduled shutdowns and accelerate troubleshooting. It not only presents early visibility of problematic devices but distinguishes itself by adding likely causes and remedies to such a report so problems can be fixed… Read More…