Canada's cybersecurity head offers rare insight into Nova Scotia Power breach

The head of Canada's cyber-defence agency is offering some insight just weeks after a ransomware attack against Nova Scotia Power.
The utility's computer systems were breached by ransomware hackers on March 19, but Nova Scotia Power did not discover it until April 25. The company disclosed the cybersecurity incident three days after that.
About 280,000 customers — more than half of the utility's customers in the province — were informed by letter that their personal information may have been compromised in the attack. The data included names, addresses, phone numbers, birth dates, driver's licences, social insurance numbers and banking information.
On Thursday, the Nova Scotia Energy Board granted approval to Nova Scotia Power to move forward with a $1.8-million project to improve cybersecurity.
The attack and its aftermath have sparked many questions about the security of the company's IT systems.
Rajiv Gupta, head of the Canadian Centre for Cyber Security, spoke to CBC News in a rare interview about how these types of incidents unfold and what people and organizations like Nova Scotia Power can do to protect themselves.
This interview has been edited for length and clarity:
Can you explain a bit about your agency and what it does?
The Canadian Centre for Cyber Security is really Canada's cyber defence agency. So, we provide advice, guidance and services to critical infrastructure systems of importance to Canada. Work primarily with the federal government is where we had started, but have really grown into critical infrastructure. And our goal is to raise cyber resilience across Canada.
We fall under CSE, which is the Communications Security Establishment, and CSE has a mandate for foreign intelligence, which goes back 80 years in terms of WWII. We report to the minister of national defence.
What do you make of the recent attack against Nova Scotia Power, which did ultimately affect about 280,000 customers?
We don't comment specifically on specific incidents, but as a cyber centre … any critical infrastructure providers that have incidents can report their incidents to the cyber centre. So last year we saw about 1,500 incidents. We see a lot of these, and that's what's really important and kind of sad to understand as well, that this is happening so often in terms of cyber-criminal organizations comprising critical infrastructure organizations in Canada.
Their motivation is money. They would compromise the network. So basically getting their software inside the network, but then stealing all the sensitive information from the organization and … then going ahead and encrypting systems and locking people out of their system. So we used to call that double extortion. So that way the criminal organization could threaten to release sensitive information, unless a ransom was paid, or also basically not give back access to systems unless a ransom was paid. So that was what we're seeing and it was incredibly impactful to system operators within Canada.
In this case, Nova Scotia Power did not pay the ransom that was asked of them. Is that common practice?
What we always do is we provide advice and guidance to organizations and we say, "it's a business decision," because we're not the ones operating their business, and we don't know their exact context, say if it's a threat to life or something else. But we always say, 'Hey there's a lot of downside to paying the ransom.' First of all, you're funding these criminal organizations. So, the more ransom is paid, the more we're going to proliferate this sort of behaviour. At the same point in time, you're paying this ransom to criminals. What's that contract worth in the end anyway? Is there really any guarantee that they're either not going to share the confidential information, or they're actually going to give you the keys to decrypt your systems and get your access back? The proceeds of this can go to criminal or even terrorist type causes as well, so, worrisome in that sense.
Are you able to say whether Nova Scotia Power had actually contacted your agency [following the breach]?
The one thing that I will say is that they did reach out to us. We always recommend that organizations that are victimized reach out to the cyber centre. We've seen many of these in the past and we have advice and guidance to share. And not only can we help the organization in their recovery, and in terms of paying the ransom, ransom might help you unlock your systems, but there's still always recovery costs that are part of this as well, regardless of whether you work with the criminal organization or not. But in this case, they did reach out to us.
And the other thing we always encourage is … we hope that they share information about the compromise as well. Because we can take that and share that with other critical infrastructure organizations in Canada.
Did they share with you the extent of the breach?
We wouldn't go into any details in that sense, but they did notify us of the breach.
Is there any sense of who might have been the perpetrator in this attack from your perspective? Nova Scotia Power says it has a sense of who it is.
I wouldn't comment on that. There's various groups and they often change shapes and forms as they get disrupted. Unfortunately it's an ever-evolving group of cyber criminals that are out there that seem to be performing these behaviours. And we have an assessment out in terms of a cyber criminal activity in Canada as well that kind of points to the groups that we've seen as active.
About 140,000 [social insurance numbers] were included in the stolen data. How serious is this, when that type of personal information is accessed?
I couldn't speak to the seriousness of that type of information, but what I will say is that this is exactly what cyber criminals go after. And depending on the type of information, it'll fetch a different price on the dark web. Organizations will collect personal information, whether it's SIN numbers, or credit card numbers, or health card numbers, other sorts of confidential information. Typically that information gets resold on the dark web for other criminals that are going to actually monetize that for other purposes. It's kind of a not very positive circle that exists on the dark web.
The way this actually works in terms of what we call "cybercrime as a service" is that it's a whole ecosystem of criminal entities that actually work together. And because it's typically run out of operations that are beyond the legal borders — often in Russian speaking countries where law enforcement won't necessarily prosecute — it's very difficult to disrupt these organizations. And even when law enforcement is able to disrupt them, it's fairly easy for them to kind of reconstitute themselves.
What are some of the risks when this personal information is shared on the deep web or dark web?
Once that information is out there, that often just spurs the next cycle of fraud. Whether it's spear phishing emails that are using that information, whether it's leveraging information about an organization or their clients to actually further compromise them. That's why it's really important to take note for everyone to be mindful of the things they can do to protect themselves.
Be extra vigilant of understanding what's being mailed to you and double checking those links and making sure it's coming from an authenticated source and whatnot. Being mindful of content, making sure you have strong authentication in terms of how you're actually accessing applications as well.
What would be your advice to Nova Scotia Power?
Really for all of these organizations, do your due diligence. Understand what your really critical elements are of your organization that would be your worst-case scenario. And then once you know what your worst-case scenario is, then you can defend that. Build the plan according to our ransomware playbook, have the backups in place, and have the strong measures in place.
The utility [Nova Scotia Power] applied for funding about a month before the ransomware attack. They cited the Canadian Centre for Cyber Security's most recent threat assessment, pointing out that power grids are so interconnected that they can be really vulnerable to these types of attacks. What would be the warning signs of an attack like this?
One of the things that we've been very mindful of … as the world gets more hostile, we're worried about impacts to critical infrastructure like electrical guide grids, pipelines, these sorts of things. A lot of them are controlled by systems that were never meant to be connected to the Internet. Nowadays, as people are looking to optimize efficiency, and connect to cloud services and connect sensors to networks, they're becoming more exposed to threat actors from around the world. Normally your electrical grid would only be threatened by people that are actually in the country and nearby, but as soon as you connect it to the Internet, you're pretty much opening a lot of this up to people from anywhere.
We are not a regulator. The cyber centre itself provides advice, guidance and services, but we have no authority over any of these entities. We work voluntarily to provide the best practices.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Globe and Mail

an hour ago

• Globe and Mail

2 Top Stocks to Buy Now at Big Discounts and Hold for Years

Sometimes Wall Street can be very slow to understand the real value of a business. The competitive advantage and growth strategy of a company can be misunderstood, leading to depressed valuations and underperforming share prices. Investors who can see through the stock volatility and focus on the key signals that set a company up for long-term success can be rewarded with outsize gains over time. Here are two stocks of market-leading brands that are trading well off their previous highs and could be significantly undervalued. 1. RH RH (NYSE: RH), the company formerly known as Restoration Hardware, emerged as a prominent luxury furniture brand over the past decade. In the past year, however, the business struggled with several macroeconomic headwinds, such as a weak housing market and uncertainties over tariffs. Questions about near-term demand have sent the stock down 52% this year, but this is a great buying opportunity for a long-term investor. RH's trailing-12-month revenue of $3.3 billion is below its previous peak of $3.9 billion a few years ago, but it just reported a strong first quarter. Revenue grew 12% year over year in the quarter, outperforming the rest of the industry. RH is expanding its addressable market to hospitality offerings in its design galleries, such as restaurants and wine bars, which has elevated the shopping experience to something that cannot be replicated by e-commerce competitors. Moreover, the company entered the $200 billion North American hotel industry with RH Guesthouses, and it offers much more, including private jets and luxury yachts for charter in the Caribbean and Mediterranean. All this creates an ecosystem of services meant to showcase the RH lifestyle and raise the brand to something more than just furniture products. It's for these reasons that RH has a history of reporting much higher margins than the average furniture store. Its adjusted operating margin was 7% in the first quarter, below its previous 10-year average of 12%. It should return to those higher margins in a strong housing market, and this is not reflected in the stock's valuation. Over the last 10 years, the stock traded at a price-to-sales multiple ranging from 0.48 to 6.59. The average was just over 2 times sales, with the stock currently trading at a multiple of 1.16. Investors who buy shares at these lower discounted prices and hold until the housing market is fully recovered should be well rewarded. 2. Roku Roku (NASDAQ: ROKU) is another beaten-down stock whose long-term prospects are not fully reflected by its current share price. The stock is trading about 32% below where it was five years ago, but the platform continues to show double-digit growth in revenue that sets up a potential bull run. Roku is a leading connected-TV streaming platform that is benefiting from a growing digital advertising market, which is how the company generates most of its revenue. It also gets a small percentage of revenue from selling its streaming devices, but that is a low-margin business. Advertising can be cyclical with the broader economy, and that's what caused the stock to collapse a few years ago. But Wall Street is missing the real value of the company's platform. It is fundamentally a TV operating system that has achieved tremendous viewership in the U.S. through its affordable Roku TVs and streaming devices. The company reaches half of U.S. broadband households. This large viewership led to 35.8 billion total streaming hours on its platform in the first quarter, representing a year-over-year increase of 16%. This opens up a lot of opportunities for growth over the long term, as evidenced by a recent deal with Amazon. Roku just announced an integration with Amazon Ads, which could have a significant impact on Roku's advertising revenue. This partnership will allow advertisers to access 80% of U.S. connected TV households through Amazon's demand-side platform, sending more business to Roku. The streamer's revenue grew 16% year over year in the first quarter, indicating more advertising by big brands that want exposure to its large user base. This reach provides tremendous negotiating power with content providers, retail brands, and other media companies that would like access to Roku's audience. The stock is priced at a 2.74 price-to-sales multiple, which is at the low end of its past trading range. As Roku continues attract more advertising investment, investors who patiently hold the stock will be rewarded. Should you invest $1,000 in RH right now? Before you buy stock in RH, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the 10 best stocks for investors to buy now… and RH wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $659,171!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $891,722!* Now, it's worth noting Stock Advisor 's total average return is995% — a market-crushing outperformance compared to172%for the S&P 500. Don't miss out on the latest top 10 list, available when you join Stock Advisor. See the 10 stocks » *Stock Advisor returns as of June 9, 2025 John Mackey, former CEO of Whole Foods Market, an Amazon subsidiary, is a member of The Motley Fool's board of directors. John Ballard has no position in any of the stocks mentioned. The Motley Fool has positions in and recommends Amazon and Roku. The Motley Fool recommends RH. The Motley Fool has a disclosure policy.

CBC

an hour ago

• CBC

2nd body found in Banff rockfall

June 20, 2025 | Searchers recover the body of a second victim after a deadly rockfall in Banff National Park. Israel and Iran trade more airstrikes as nuclear talks stall. And, why summer jobs are so hard to find for young Canadians.

National Post

an hour ago

• National Post

In Alberta, separatism is on the ballot in a rural byelection on Monday

OTTAWA — Cameron Davies, the leader of the separatist Republican Party of Alberta and the party's candidate for Monday's Olds-Didsbury-Three Hills byelection, admits that his party's name and MAGA red branding are causing some confusion at the doors. Article content 'It certainly has come up in conversation,' Davies told the National Post on Thursday. Article content 'People want to know more about it, what it means and that's just an opportunity to explain why the word 'republican' and why a constitutional republic is something we want to look at.' Article content Davies' Republican party isn't formally aligned with the more well-known one south of the border — notably swapping out the latter's elephant for a more local buffalo as its logo — but it does aspire to make Alberta an independent republic governed similarly in principle to the U.S. Article content 'The form of government Canada has doesn't work for Alberta, and the form of government we have here in Alberta doesn't work for Alberta,' said Davies. Article content Davies, an ex-UCP organizer, is one of two separatist candidates who'll be on the ballot in Monday's byelection in the south-central Alberta riding, where the governing United Conservative Party won more votes than anywhere else in the province in 2023's provincial election. Article content The other is employee benefits specialist Bill Tufts, running under the banner of the Wildrose Loyalty Coalition. Article content Under normal circumstances, the byelection would be a tap-in for first-time UCP candidate Tara Sawyer. But these are anything but normal circumstances, with support for Alberta separatism spiking on the heels of the federal Liberals fourth straight election win. Article content Article content What's more, Davies and Tufts have a fortuitous piece of Alberta election lore to point to. Article content Western Concept candidate Gordon Kesler notched a surprise 1982 byelection win in predecessor riding Olds-Didsbury, briefly becoming the first and only separatist to hold a seat in Alberta's legislature. Article content Kesler is still active in the area's politics and is backing Davis in the byelection. Article content Ex-Alberta MLA Derek Fildebrandt, whose now-defunct riding of Strathmore-Brooks crossed into the riding's east end, says he expects the Republicans to place a strong second, possibly even pushing the UCP below a majority vote share. Article content 'Based on my gut, nothing hard,' said Fildebrandt.