Energy sector faces growing cybersecurity risk, expert warns

FORT ST. JOHN, B.C. — A cybersecurity expert is warning that the energy sector could be vulnerable to attacks.

Felix Kan, chief executive of Cyberbay, said aging technology and the high costs of securing operational systems make energy companies a prime target for cybercriminals. 

“A lot of the technologies used to manage power grids and energy systems are older and can’t support the latest cybersecurity protections,” Kan explained. 

“As a result, when we are facing modern attacks using malware or ransomware, it makes us more vulnerable.”

Kan said one of the biggest defences against cyberattacks is keeping the systems that control pipelines, power grids and other infrastructure separated from IT networks like email servers. 

However, he warns that maintaining this separation, known as an “air gap,” can be difficult and expensive. If the gap is accidentally closed, hackers can move between systems, putting critical infrastructure at risk.

Kan said these risks will only grow as energy systems become increasingly connected to the internet for monitoring and AI-driven efficiencies. 

“Cyber criminals don’t care whether they’re scanning an IT network or an [energy] network,” he said. 

“Once they find the IP address, they will try to attack, and once they attack successfully, then they will find out, ‘oh, wow, this is actually a part of a critical infrastructure.’”

Energeticcity.ca reached out to six energy companies in the Peace region to get more information about their cybersecurity protections, but only heard back from one: Enbridge.

One of the largest energy operators in the Peace region, Enbridge said it has made significant investments in preventing cyberattacks and protecting customer data. 

“As an operator of critical energy infrastructure, Enbridge takes cybersecurity very seriously,” said Rawnna Low, the company’s senior communications advisor. 

“We adopt the same attitude toward cyber safety as we do toward the physical safety of our pipelines; we are always alert and ready to respond immediately to any concerns and threats.”

Low said Enbridge operates a 24/7 cybersecurity monitoring program and works closely with governments and regulatory agencies to strengthen defences. 

She also said the company conducts continuous assessments and regular testing of its ability to respond and recover from cyber threats. 

“We believe cybersecurity is a responsibility shared across the company and have built a strong culture of awareness, supported by rigorous training and the commitment of our employees,” Low added.

This comes after the City of Fort St. John suffered a ransomware attack in late February this year, which brought down the city’s phone and email systems and disrupted internal operations. Because of this, a cyber defence conference will be held at the Pomeroy Hotel and Conference Centre in October.

The conference aims to prepare local organizations and residents to better defend against and recover from cyberattacks.

More information on Enbridge’s cybersecurity methods can be found here.