For the first time, Canada has formally named Iran as being among the biggest cyber-threats to the country, alongside state-sponsored hackers from China, Russia and North Korea.
On Wednesday, November 18, 2020, the Communications Security Establishment’s (CSE) Canadian Centre for Cyber Security published its second ever National Cyber Threat Assessment report (NCTA), in which the agency explicitly names the countries posing the greatest cyber-danger to Canadians.
Iran is considered to pose a threat because of its past large-scale attacks on industrial control system (ICS) infrastructure in other nations – including the US, Saudi Arabia and Israel. Where successful these assaults could have a knock-on effect on health care, essential services and other critical digital infrastructure.
In addition, the CSE notes, Iranian state-backed outfits have previously targeted the public in Canada in what have become known as “behavior influence” operations. An analysis of publicly-released Twitter data, researchers wrote, had shown that from January 2017 at the latest, “Russian and Iranian online trolls used fraudulent Twitter accounts to highlight divisions among Canadians by amplifying inflammatory arguments surrounding divisive political issues such as terrorism, climate change, pipeline construction and policies on immigration and refugees.”
State-sponsored cyber-attacks are becoming more and more sophisticated as time goes by, with fraud, ransomware attacks and online espionage likely to continue for some years. The report surmised that the named foreign governments were “very likely” to already be trying to develop “cyber capabilities to disrupt Canadian critical infrastructure, such as the supply of electricity, to further their goals.”
Individual “hacktivists” and “thrill-seekers”, the CSE acknowledged, as well as non-state-sponsored malign actors, do also present a serious potential threat – most notably through the theft of personal information, ransomware attacks and distributed denial of service (DDOS) attacks. But nonetheless, they concluded, “almost certainly the state-sponsored programs of China, Russia, Iran, and North Korea pose the greatest cyber threats to Canadian individuals and organizations.”
The report also noted that lenient cyber-crime laws in these countries meant many would-be cyber criminals are likely to go unpunished. In Russia, China and Iran, it stated, people perpetrating financial crime online are “very unlikely” to be prosecuted – to say nothing of individuals operating on behalf of the state itself.
The CSE did, however, rule out the likelihood of a significant attack from any of these countries, due to the absence of international hostilities between Canada and countries like Iran. Nevertheless, the authors warned, attempts to spy on Canada and steal its intellectual property – including, they said, resources used in combating Covid-19 – would doubtless continue, and Canadian citizens on social media would end up being “collateral” even if Iranian disinformation is aimed primarily at other countries.
The last NCTA for Canada was published in 2018. Scott Jones, head of the Canadian Centre for Cyber Security, said the main difference between then and now was “the intensity and level of sophistication” of the threats. Describing digital incursions by foreign actors as “the new normal”, he added: “We’re facing two pandemics: obviously the one that we all live with every day in terms of our personal health. But then there’s certainly a cybercrime pandemic out there.”