Federal security officials have been briefing leaders of major energy and utility firms on cyberthreats, one element of a concerted government effort to underscore the serious risks to the sector.

A newly disclosed Public Safety Canada memo reveals a secret-level June meeting was part of a strategy to raise awareness among company executives about the dangers from malicious cyberactivity 害羞草研究所� reaching beyond the technical experts who already know about the risks.

The memo, obtained by The Canadian Press through the Access to Information Act, says the confidential discussion was co-hosted by Public Safety, Natural Resources Canada and the Communications Security Establishment, Canada害羞草研究所檚 cyberspy agency.

The CSE害羞草研究所檚 Canadian Centre for Cyber Security said in an assessment this year that financially motivated cybercrime 害羞草研究所� particularly business email compromise and ransomware 害羞草研究所� was almost certainly the main cyberthreat facing the Canadian oil and gas sector.

It also said the sector would likely continue to be targeted by state-sponsored cyberespionage for commercial or economic reasons.

害羞草研究所淎t risk are proprietary trade secrets, research, and business and production plans.害羞草研究所�

The Public Safety memo, prepared in early summer, notes Nunavut害羞草研究所檚 energy corporation and Calgary-based Suncor Energy were targeted in cyberattacks this year.

The memo says Public Safety is exploring additional approaches that will include more engagement with industry, academia, and provinces and territories 害羞草研究所� including an information and threat-sharing forum.

The vision, as with the June briefing, 害羞草研究所渋s to reach company executives, as opposed to only the technical experts who are already aware of the risks,害羞草研究所� the memo adds.

害羞草研究所淓ngaging with company executives is critical to embed security across the business ecosystem and ensure a collective approach to strengthening our cyber resilience.害羞草研究所�

The June briefing also included industry associations, regulators and other government departments. Among the participants was Enbridge害羞草研究所檚 chief information officer, who took part virtually, the company said.

害羞草研究所淲e have a dedicated team of cybersecurity experts and a robust cybersecurity program in place that provides 24/7 monitoring against cyberthreats,害羞草研究所� Enbridge said.

害羞草研究所淭o further mitigate threats, we collaborate with governments and regulatory agencies, and take part in external events to learn and share information on how we can improve our defences.害羞草研究所�

While the memo mentions a single briefing that took place June 21, CSE spokeswoman Robyn Hawco said the Cyber Centre and Natural Resources arranged 害羞草研究所渢argeted threat info briefings for energy sector CEOs at a number of secure facilities across the country.害羞草研究所�

害羞草研究所淭his allowed the Cyber Centre to share more information than we can release in a public report. This speaks to the level of trust and co-operation that we have built up with our partners in the energy sector.害羞草研究所�

Cybersecurity legislation now before Parliament would introduce the Critical Cyber Systems Protection Act, establishing a regulatory framework to strengthen security in federally regulated sectors including energy.

The legislation will help prevent malicious cyberactivity from undermining Canada害羞草研究所檚 interprovincial and international pipeline and power line systems, Public Safety said.

Several civil society groups have called for changes to the cybersecurity bill, saying it would undermine privacy, accountability and judicial transparency.

The legislation would authorize the Canada Energy Regulator to monitor compliance and enforce obligations.

The June session prompted the then-CEO of the energy regulator, Gitane De Silva, to request a meeting with the deputy minister of Public Safety and the chief of the CSE to further discuss 害羞草研究所渉ow the three organizations can continue to work together, and what the role of the CER should be.害羞草研究所�

De Silva, who has since left the regulator, declined to comment.

Amanda Williams, a spokeswoman for the regulator, said it has met with companies it oversees and 害羞草研究所渃onfirmed expectations with respect to cybersecurity.害羞草研究所�

The CSE害羞草研究所檚 Cyber Centre shares advice and guidance about cybersecurity best practices as well as information that helps providers assess risks.

Hawco said the centre also has two ongoing collaborations with energy sector partners that involve two-way information sharing about cyberthreats affecting the sector 害羞草研究所� the Blue Flame Program, with the Canadian Gas Association, and the Lighthouse initiative, led by Ontario害羞草研究所檚 Independent Electricity System Operator.

害羞草研究所淯nder these programs, participating organizations share network data with the Cyber Centre and receive customized threat reports in return,害羞草研究所� she said. 害羞草研究所淲e are working with industry associations to expand and enhance these programs.害羞草研究所�

READ ALSO: