Passwords, pistols, and power plants: An assessment of physical and digital threats targeting Canada’s energy sector

DOI10.1177/0020702019895263
Published date01 December 2019
Date01 December 2019
Subject MatterScholarly Essay
Scholarly Essay
Passwords, pistols,
and power plants: An
assessment of physical
and digital threats
targeting Canada’s
energy sector
Casey Babb
Norman Paterson School of International Affairs, Carleton
University, Ottawa, Ontario, Canada
Alex Wilner
Norman Paterson School of International Affairs, Carleton
University, Ottawa, Ontario, Canada
Abstract
The study of energy sector security is in flux. A traditional focus on exploring the nexus
between terrorism and physical energy infrastructure has given way to a new and
specific emphasis on cyber attacks targeting electrical power grids. A noticeable gap
in the literature exists in terms of presenting a more comprehensive assessment of the
general threat environment. Our paper, and the larger project from which it stems,
intends to fill this void and prompt more nuanced and empirically driven research on the
topic that informs Canadian security policy. Our findings are informed by interviews
conducted with American and Canadian energy sector officials, and a questionnaire
carried out with energy sector companies. By examining a broader suite of disruptive
threats to the energy sector, we paint a more inclusive picture of the many gateways
through which the energy sector could be targeted.
Keywords
Energy security, cyber security, counterterrorism, Canada–US relations, Canadian
national security, critical infrastructure protection
International Journal
2019, Vol. 74(4) 518–536
!The Author(s) 2019
Article reuse guidelines:
sagepub.com/journals-permissions
DOI: 10.1177/0020702019895263
journals.sagepub.com/home/ijx
Corresponding author:
Alex Wilner, Norman Paterson School of International Affairs, Carleton University, Richcraft Hall,
1125 Colonel by Drive, Ottawa, Ontario, K1S 5B6, Canada.
Email: alex.wilner@carleton.ca
Introduction
On 29 January 2019, US Director of Intelligence Daniel R. Coats presented the
Worldwide Threat Assessment of the US Intelligence Community to the Senate
Select Committee on Intelligence. In addition to highlighting expected concerns of
America’s national security community such as terrorism, organized crime, weap-
ons of mass destruction, and electoral interference, the report also emphasized
threats to an area which receives comparatively little attention—the energy
sector. With a standalone section dedicated specif‌ically to economics and energy,
the report provides a glimpse into the increased attention America’s national secur-
ity community is paying not only to the potential risks of changing international
energy markets, production, and demand, but to kinetic threats facing critical
energy infrastructure in the US. Similarly, other countries around the world have
signalled their intent to pay greater attention to this issue. Canada, for example,
specif‌ically mentions the energy sector in its National Cross Sector Forum
2018–2020 Action Plan for Critical Infrastructure and its 2018 National Cyber
Security Strategy, while the UK, New Zealand, Australia, and others are pursuing
a mix of regulatory, information-sharing, and governance changes to better address
their respective threat environments.
While many of these disparate initiatives are described as being ref‌lective of ‘‘all
hazards’’ (e.g. focusing on a wide range of threats and challenges to critical infra-
structure), there is a clear prioritization of cyber attacks, particularly those target-
ing the electrical grid. The US, for example, in the aforementioned report, discusses
its concern about Russia having the ‘‘ability to execute cyber attacks in the United
States that generate localized, temporary disruptive ef‌fects on critical infrastruc-
ture—such as disrupting an electrical distribution network for at least a few
hours.’’
1
Former Department of Homeland Security Secretary Kirstjen Nielsen
has echoed this challenge, stating: ‘‘An attack on a single tech company, for
instance, can rapidly spiral into a crisis af‌fecting the energy grid.’’
2
And US
President Donald Trump signed Executive Order (EO) 13800 in May 2017, order-
ing the federal government to prepare for cyber attacks targeting America’s
power grid.
3
The energy sector’s emphasis on grid security and defence against digitized
attacks is entirely expected, appropriate, and justif‌ied given the recent surge in
of‌fensive cyber operations and other forms of cyber attack conducted by state
and non-state actors targeting power grids and other critical infrastructure, but
1. Office of the Director of National Intelligence, ‘‘Statement for the record: Worldwide threat assess-
ment of the US intelligence community,’’ 29 January 2019, 6, https://www.dni.gov/files/ODNI/
documents/2019-ATA-SFR SSCI.pdf (accessed 18 December 2019).
2. US Department of Homeland Security, ‘‘Secretary Kirstjen M. Nielsen’s National Cybersecurity
Summit keynote speech,’’ 31 July 2018, https://www.dhs.gov/news/2018/07/31/secretary-kirstjen-
m-nielsen-s-national-cybersecurity-summit-keynote-speech (accessed 18 December 2019).
3. Office of the President of the United States, ‘‘Presidential executive order on strengthening the
cybersecurity of federal networks and critical infrastructure,’’ 11 May 2017, http://www.ncsl.org/
Portals/1/Documents/statefed/Presidential_Executive_Order_on_Strengthening_the_Cyberse
curity_28292.pdf.
Babb and Wilner 519

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT