Cyberattacks Pose Threat to Canada’s Automated Resource Firms

Suncor Plant

December 11, 2017

Data theft from high-profile hacks against companies like Uber and Equifax can cost consumers thousands of dollars but resource companies worry about millions in damage, along with potential injuries and death, if their technology is compromised.

The thought of a multi-tonne piece of equipment running amok or shutting down at a critical time in the resource gathering process is a nightmare scenario for chief information and security officers in the oilpatch and other resource-rich regions of Canada.

Cybercriminals are betting the company whose gear no longer obeys instructions would be willing to pay dearly to avoid such a situation.

 

“It’s no longer a bunch a pimple-faced kids in mommy and daddy’s basement — it’s organized crime,” said Daniel Tobok, CEO and co-owner of Toronto-based Cytelligence, who says his company investigates 40 data breach attacks on private Canadian companies every month, often tracing the attacks to foreign hackers.

“It’s theft of intellectual property, it’s espionage, but it all comes down to money as a motivation.”

 

He estimates the attacks cost Canada $3 billion to $5 billion per year in proceeds to criminals, adding one Calgary energy company was forced to pay $200,000 in ransom three years ago to regain control of its corrupted digital production systems.

The rise of the so-called “Internet of Things” — in which machines communicate autonomously with each other — means companies are increasingly employing automation and remote control to drive bulldozers, diggers and heavy trucks, or control drilling and processing equipment. Such automation delivers labour savings but also presents more targets for hackers, making the overall system more vulnerable to cyberattacks.

“Somebody could actually die,” said Tobok.

In a recent report, accounting firm EY said the cybersecurity risk to mining companies had jumped to third in 2017-18, from ninth the year before, on a top-10 worst risk list because the “attack surface” is getting larger as connected IT and operational devices in a typical mine or ore transport system grow into the thousands.

Executives agree the threat is real but insist they can keep hackers at bay with multiple automatic and manual shut-down systems, firewalls, strictly limited internet connections and ongoing employee training.

Kevin Neveu, CEO of Precision Drilling Corp., the largest Canadian driller which also operates in the United States, said the company has never had a successful “intrusion” although it detects unsuccessful attempts “almost daily.”

“We’re certainly concerned that someone could hack into a drilling rig,” he said.

“We’re running 20 rigs that have automation systems on them that actually control the rigs through software and tell it to go up and down, tell it to go to higher pressure or lower pressure. That software potentially could be hacked.”

He said the company has “intrusion-sensing systems” that are designed to trigger a fail-safe shutdown. The drilling crew can also shut off the rig manually and it’s possible to override the automated system and continue working without it, he said.

Steve Laut, CEO of Canadian Natural Resources Ltd., said he doesn’t want to “advertise” what the company is doing in cybersecurity but noted it has a robust plan with “four or five levels of security,” adding its major heavy oil production plants aren’t connected to the internet.

“We’re like any other corporation out there, we get attacked all the time,” he said. “Most of it bounces off our firewalls.”

 

Potash Corporation of Saskatchewan Inc. uses continuous boring machines that can mine up to 900 tonnes of ore per hour.

It wouldn’t comment for this article but warns in its annual report that cyberattacks could result in “personal injury” to employees, contractors or the public as well as computer viruses, property damage, disruptions to operations and loss of data or confidentiality.

Michael Murphy, country manager for Citrix Canada, which provides remote access for customers to applications and data, said data security is more difficult to ensure these days because the number of access points is multiplying.

Employees, third-party partners and contractors want to use their own devices to access company systems and data, each presenting a possible entry point for a cyberattack.

“I’m sure what keeps the chief information and security officers up at night is, ‘How do I make sure that the software-defined perimeter continues to be very secure but also accessible?”‘ he said.

“You can make something very secure but it doesn’t necessarily make it very productive. It has to be easy to use and very secure at the same time. The complexity of what a company has to manage today is mind-boggling.”

By: Dan Healey

Source:  https://www.theglobeandmail.com/report-on-business/industry-news/energy-and-resources/cyberattacks-pose-serious-threat-to-canadas-automated-resource-firms/article37087705/

Related Articles


Changing Scene


Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.


ADVANCED Motion Controls Takes Servo Drives to New Heights (and Depths) with FlexPro Extended Environment Product Line

Advanced Motion Controls is proud to announce the addition of six new CANopen servo drives with Extended Environment capabilities to their FlexPro line. These new drives join AMC’s existing EtherCAT Extended Environment FlexPro drives, making the FlexPro line the go-to solution for motion control applications in harsh environments.

Many motion control applications take place in conditions that are less than ideal, such as extreme temperatures, high and low pressures, shocks and vibrations, and contamination. Electronics, including servo drives, can malfunction or sustain permanent damage in these conditions.

Read More


Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More


Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More


JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More


Latest Articles

  • Automated Test Equipment (ATE) Revival: Repurposing and Extending the Life of Aging ATE Systems

    Automated Test Equipment (ATE) Revival: Repurposing and Extending the Life of Aging ATE Systems

    Automated Test Equipment (ATE) and Automated Test Systems (ATS) serve the critical purpose of ensuring that electronic devices operate according to specifications in the field. As such, these systems are widely utilized for testing automotive electronics, batteries, telecom infrastructure, renewable energy systems, and consumer electronics. The aerospace and defense sectors also make substantial investments in… Read More…

  • Partner Country Canada at HANNOVER MESSE 2025: The Future’s Here

    Partner Country Canada at HANNOVER MESSE 2025: The Future’s Here

    Canada is Partner Country of HANNOVER MESSE 2025, underscoring the strong economic and political ties between “The True North” and Germany. Canada announced its Partner Country commitment in August 2022 when Canadian Prime Minister Justin Trudeau hosted German Chancellor Olaf Scholz in Canada. Canada’s starring role from 31 March to 4 April 2025 at HANNOVER… Read More…