Three years ago the North American Aerospace Defence Command (Norad) charged the Canadian army with providing an inventory of all military bases and surrounding infrastructure.
The Americans were looking to spot vulnerabilities in critical infrastructure that could be used in a potential cyber attack.
The several-year-old request was detailed in a letter sent by former Norad Commander and U.S. Admiral William Gourtney to the Canadian Chief of Defence Staff, Jonathan Vance.
In the letter Gourtney requested that Canada “identify and mitigate” potential areas of vulnerability on Canadian bases, specifically those “installations that are critical for accomplishing Norad missions.”
The letter was delivered on March 24, 2016. Furthermore, it asked Vance to “advocate developing capabilities to respond to cyber incidents on CAF [infrastructure control systems] and defend CAF if required.”
The request also expanded to identifying civilian infrastructure through cooperation with Public Safety Canada and “developing processes for reporting cyber incidents on the identified civilian infrastructure.”
According to cyber expert, David Masson, vulnerability arises in “operational technology systems” that run tasks in critical infrastructure. Masson claims that these systems are extremely difficult to secure.
“There’s lots of them. Look at it as 50, 60, 70 different bespoke communications systems. There’s no real standardization because they’re so old. Many of them were never expected to be connected to the internet,” said Masson.
Despite this, Masson claims that the systems can be reinforced and secured.