Latest news with #NovaScotiaPower
CTV News
3 hours ago
- Business
- CTV News
NS Power now expects Ruth Falls dam refurbishment to cost $15M
Nova Scotia Power says the refurbishment of a dam in Sheet Harbour – which was originally expected to cost $7.2 million – is now estimated to run up a $15.4-million bill due to environmental permitting and an extended construction timeline. The utility submitted an authorization to overspend application to the Nova Scotia Energy Board, seeking approval for an extra $8.2 million for the Ruth Falls Main Dam Refurbishment Project. The board originally approved the project in May 2019. In its written decision Wednesday, the board said it would hold the application in abeyance until the utility gets the Fisheries Act authorization from the Department of Fisheries and Oceans (DFO). The board says an amendment to the federal Fisheries Act received royal assent in June 2019. The changes required Nova Scotia Power to receive authorization from the DFO for the Ruth Falls project. 'In December 2019, NS Power submitted a review request to DFO for its proposed Ruth Falls main dam refurbishment work,' the decision reads. 'In March 2020, the Utility received a response from DFO outlining significant additional work required based on DFO's conclusion that the proposed activities were likely to harm fish and fish habitat, necessitating an FAA under the new Fisheries Act. In response, NS Power submitted an FAA application to DFO in June 2020. 'The Utility subsequently received four 'incomplete' submission letters from DFO between August 2020 and September 2023, each requesting additional information from NS Power. According to NS Power, each letter contained requests and requirements that had not been requested in earlier DFO correspondence. NS Power's most recent FAA submission was on February 28, 2025.' The utility told the board the work to obtain the environmental permits from the DFO, the Nova Scotia Department of Environment and Climate Change, and Transport Canada's Navigation Protection Program constitute $4.4 million of its $8.2-million request. The utility said the need to address additional environmental permits extended the construction timeline, which increased project costs by roughly $2 million. The utility also said the costs related to archaeology and Mi'kmaq engagement added $400,000 to the project. According to the decision, Nova Scotia Power had a consultant assess the design of Sheet Harbour Hydro System's water retaining structure in 2015. The report found the Ruth Falls main dam, which contains three generating units with a total capacity of 7.2 MW, required 'corrective action.' The dam, which was built in 1925, has an 8,000-foot power canal and a spillway that stretches 1,190 feet. The refurbishment project is expected to extend to the life of the dam by 50 years. The Nova Scotia Power website says the upgrades to the dam include: building a new steel walkway platform along the length of the dam improving the upstream fishway resurfacing the concrete spillway surface replacing 30 stoplog bays with seven rubber dam sections The utility's current project timeline says it will start refurbishment of the dam in July and wrap up next March. Nova Scotia Power told the board the cost of decommissioning the dam is an estimated $84.5 million. The board said once the utility receives authorization from the DFO, it can submit an amended authorization to overspend application. For more Nova Scotia news, visit our dedicated provincial page
CTV News
3 days ago
- CTV News
Nova Scotia Power sees big turnout for cyber security breach information session in Cape Breton
Victims of the Nova Scotia Power cyber security breach, line up for information session at New Waterford Fire Hall. (CTV Atlantic/ Ryan MacDonald) People were lined up out the door of the New Waterford Fire Hall on Tuesday, many of them with letters in hand telling them they had been impacted by Nova Scotia Power's recent security breach. 'Ridiculous,' said one customer who was waiting in the lineup outside. 'They're trying,' said another. 'They're trying something for us, but maybe they could have done it a little bit different.' The utility was hosting one of a series of in-person sessions in communities across Nova Scotia to help people sign-up for additional protection as part of a response to what happened. 'Essentially, for any customer who did receive a letter we are offering two years of credit monitoring through the TransUnion service 'My True Identity,'' said Chris Lanteigne, director of customer care for Nova Scotia Power. 'You can sign up at using the code that is in the letter.' A lot of the people who showed up at the session in New Waterford were seniors, some of whom said they don't often use internet or email. Nova Scotia Power said part of the goal of these in-person sessions is to try to help people figure out other ways to access the credit monitoring, and to better protect themselves. 'Getting a copy of your credit report,' Lanteigne added. 'You can do that through both Trans Union and Equifax, the two major credit reporting agencies in Canada. There are also options where you can place an alert on your credit file through those organizations.' '[The] lineup was too long, so I'm going to try it at home,' said one customer after exiting the session. Frustrated, some people left before getting any help. Others said they were confused by what they were told. The utility said more opportunities like this one will take place elsewhere in the province the rest of the week and in the near future. 'We are very sorry that this did happen,' Lanteigne said. 'We know that it has caused concerns for our customers. We feel that the most important thing people can do right now is protect themselves.' Line up for information session Victims of the Nova Scotia Power cyber security breach, line up for information session at New Waterford Fire Hall. (CTV Atlantic/ Ryan MacDonald) For more Nova Scotia news, visit our dedicated provincial page
CBC
5 days ago
- Business
- CBC
Canada's cybersecurity head offers rare insight into Nova Scotia Power breach
The head of Canada's cyber-defence agency is offering some insight just weeks after a ransomware attack against Nova Scotia Power. The utility's computer systems were breached by ransomware hackers on March 19, but Nova Scotia Power did not discover it until April 25. The company disclosed the cybersecurity incident three days after that. About 280,000 customers — more than half of the utility's customers in the province — were informed by letter that their personal information may have been compromised in the attack. The data included names, addresses, phone numbers, birth dates, driver's licences, social insurance numbers and banking information. On Thursday, the Nova Scotia Energy Board granted approval to Nova Scotia Power to move forward with a $1.8-million project to improve cybersecurity. The attack and its aftermath have sparked many questions about the security of the company's IT systems. Rajiv Gupta, head of the Canadian Centre for Cyber Security, spoke to CBC News in a rare interview about how these types of incidents unfold and what people and organizations like Nova Scotia Power can do to protect themselves. This interview has been edited for length and clarity: Can you explain a bit about your agency and what it does? The Canadian Centre for Cyber Security is really Canada's cyber defence agency. So, we provide advice, guidance and services to critical infrastructure systems of importance to Canada. Work primarily with the federal government is where we had started, but have really grown into critical infrastructure. And our goal is to raise cyber resilience across Canada. We fall under CSE, which is the Communications Security Establishment, and CSE has a mandate for foreign intelligence, which goes back 80 years in terms of WWII. We report to the minister of national defence. What do you make of the recent attack against Nova Scotia Power, which did ultimately affect about 280,000 customers? We don't comment specifically on specific incidents, but as a cyber centre … any critical infrastructure providers that have incidents can report their incidents to the cyber centre. So last year we saw about 1,500 incidents. We see a lot of these, and that's what's really important and kind of sad to understand as well, that this is happening so often in terms of cyber-criminal organizations comprising critical infrastructure organizations in Canada. Their motivation is money. They would compromise the network. So basically getting their software inside the network, but then stealing all the sensitive information from the organization and … then going ahead and encrypting systems and locking people out of their system. So we used to call that double extortion. So that way the criminal organization could threaten to release sensitive information, unless a ransom was paid, or also basically not give back access to systems unless a ransom was paid. So that was what we're seeing and it was incredibly impactful to system operators within Canada. In this case, Nova Scotia Power did not pay the ransom that was asked of them. Is that common practice? What we always do is we provide advice and guidance to organizations and we say, "it's a business decision," because we're not the ones operating their business, and we don't know their exact context, say if it's a threat to life or something else. But we always say, 'Hey there's a lot of downside to paying the ransom.' First of all, you're funding these criminal organizations. So, the more ransom is paid, the more we're going to proliferate this sort of behaviour. At the same point in time, you're paying this ransom to criminals. What's that contract worth in the end anyway? Is there really any guarantee that they're either not going to share the confidential information, or they're actually going to give you the keys to decrypt your systems and get your access back? The proceeds of this can go to criminal or even terrorist type causes as well, so, worrisome in that sense. Are you able to say whether Nova Scotia Power had actually contacted your agency [following the breach]? The one thing that I will say is that they did reach out to us. We always recommend that organizations that are victimized reach out to the cyber centre. We've seen many of these in the past and we have advice and guidance to share. And not only can we help the organization in their recovery, and in terms of paying the ransom, ransom might help you unlock your systems, but there's still always recovery costs that are part of this as well, regardless of whether you work with the criminal organization or not. But in this case, they did reach out to us. And the other thing we always encourage is … we hope that they share information about the compromise as well. Because we can take that and share that with other critical infrastructure organizations in Canada. Did they share with you the extent of the breach? We wouldn't go into any details in that sense, but they did notify us of the breach. Is there any sense of who might have been the perpetrator in this attack from your perspective? Nova Scotia Power says it has a sense of who it is. I wouldn't comment on that. There's various groups and they often change shapes and forms as they get disrupted. Unfortunately it's an ever-evolving group of cyber criminals that are out there that seem to be performing these behaviours. And we have an assessment out in terms of a cyber criminal activity in Canada as well that kind of points to the groups that we've seen as active. About 140,000 [social insurance numbers] were included in the stolen data. How serious is this, when that type of personal information is accessed? I couldn't speak to the seriousness of that type of information, but what I will say is that this is exactly what cyber criminals go after. And depending on the type of information, it'll fetch a different price on the dark web. Organizations will collect personal information, whether it's SIN numbers, or credit card numbers, or health card numbers, other sorts of confidential information. Typically that information gets resold on the dark web for other criminals that are going to actually monetize that for other purposes. It's kind of a not very positive circle that exists on the dark web. The way this actually works in terms of what we call "cybercrime as a service" is that it's a whole ecosystem of criminal entities that actually work together. And because it's typically run out of operations that are beyond the legal borders — often in Russian speaking countries where law enforcement won't necessarily prosecute — it's very difficult to disrupt these organizations. And even when law enforcement is able to disrupt them, it's fairly easy for them to kind of reconstitute themselves. What are some of the risks when this personal information is shared on the deep web or dark web? Once that information is out there, that often just spurs the next cycle of fraud. Whether it's spear phishing emails that are using that information, whether it's leveraging information about an organization or their clients to actually further compromise them. That's why it's really important to take note for everyone to be mindful of the things they can do to protect themselves. Be extra vigilant of understanding what's being mailed to you and double checking those links and making sure it's coming from an authenticated source and whatnot. Being mindful of content, making sure you have strong authentication in terms of how you're actually accessing applications as well. What would be your advice to Nova Scotia Power? Really for all of these organizations, do your due diligence. Understand what your really critical elements are of your organization that would be your worst-case scenario. And then once you know what your worst-case scenario is, then you can defend that. Build the plan according to our ransomware playbook, have the backups in place, and have the strong measures in place. The utility [Nova Scotia Power] applied for funding about a month before the ransomware attack. They cited the Canadian Centre for Cyber Security's most recent threat assessment, pointing out that power grids are so interconnected that they can be really vulnerable to these types of attacks. What would be the warning signs of an attack like this? One of the things that we've been very mindful of … as the world gets more hostile, we're worried about impacts to critical infrastructure like electrical guide grids, pipelines, these sorts of things. A lot of them are controlled by systems that were never meant to be connected to the Internet. Nowadays, as people are looking to optimize efficiency, and connect to cloud services and connect sensors to networks, they're becoming more exposed to threat actors from around the world. Normally your electrical grid would only be threatened by people that are actually in the country and nearby, but as soon as you connect it to the Internet, you're pretty much opening a lot of this up to people from anywhere. We are not a regulator. The cyber centre itself provides advice, guidance and services, but we have no authority over any of these entities. We work voluntarily to provide the best practices.
CBC
12-06-2025
- Business
- CBC
N.S. Power approved for $1.8M cyber security project weeks after ransomware attack
Nova Scotia Power has gotten approval for a cyber security improvement project, just weeks after a ransomware attack affected the personal data of thousands of customers. The Nova Scotia Energy Board approved the $1.8-million initiative, dubbed the Next Generation Network Security Design project, on Thursday. The utility submitted its application on April 7 for the project, which it said would enhance its existing information technology network and firewall infrastructure to manage cyber threats, "resolve operational complexities, and facilitate future business objectives." Nova Scotia Power said the project will "improve cyber security capabilities and reduce the risk of a cyber incident," Roland A. Deveau, the energy board's vice-chair, wrote in a decision letter that was shared with the media. The utility's computer systems had already been attacked by ransomware hackers when the company made its application. It has said the breach happened on March 19, but it did not discover the issue until more than a month later, on April 25. The company disclosed the cyber security incident three days after that. "Importantly, the board's approval of this project does not preclude it from assessing the adequacy of N.S. Power's IT systems as part of the board's ongoing investigation into the data breach," the board said in a news release. "At this time, it is not known whether this specific project would have prevented or mitigated the breach." About 280,000 customers — more than half of the utility's customers in the province — were informed by letter that their personal information, including their name, address, phone number, birth date, driver's licence, social insurance number and banking information may have been taken in the attack. The board said it is working with cyber security experts to conduct a full review of whether Nova Scotia Power acted prudently before, during, and after the event. In his letter, Deveau said the utility explained in its application "that a majority of its network equipment was considered 'end of life' in 2016," though some could still be used for "lower security needs." Nova Scotia Power said the upgrade is needed now as new risks emerge and critical infrastructure is increasingly targeted by bad actors. "The complexities of N.S. Power's network and firewall infrastructure make management and security difficult to monitor, measure and enforce," the utility was quoted in the decision letter as saying. "It is challenging to meet new and emerging security threats in a rapid manner to maintain a low risk to N.S. Power." The utility was also approved to source the new technology for the project through its existing vendor, Cisco. It said creating an alternative system with a new provider would mean "significant time, effort, and cost." The application showed the project has been in progress for more than a year, and will come into service this September. The estimated life of the new technology system is 10 years, according to Nova Scotia Power.
CBC
11-06-2025
- Business
- CBC
Nova Scotia Power resumes billing customers after ransomware attack
Nova Scotia Power has resumed billing customers after a ransomware attack brought some of the utility's systems to a halt in April. The company has reopened MyAccount, the online system customers use to view and pay their bills. However, the power usage noted the bills will be estimated until Nova Scotia Power is fully able to restore its systems. The utility says meters are still accurately recording power use, but the company is not able to retrieve the information from meters and apply it to bills. Energy use after April 24 will be estimated based on the customer's use during the same period in 2024. Once Nova Scotia Power can retrieve meter information again, bills will be adjusted to reflect customer's actual usage. Nova Scotia Power's computer systems were attacked by ransomware hackers on March 19, but the company did not discover the breach until more than a month later, on April 25. The company disclosed the cybersecurity incident three days after that. No late fees Nova Scotia Power says it will not charge late fees on outstanding balances while bills are being estimated, even for customers who choose not to pay their bill while it is estimated. The company says it doesn't know how long bills will continue to be estimated, but it will notify customers when it has more information. A frequently-asked-questions page on the utility's website seeks to reassure customers that the MyAccount system is safe. "Yes, you can trust MyAccount," the page reads. "While the login experience looks different, the dashboard remains the same. MyAccount is safe and reliable, keeping your information protected. "It has been safely relaunched following the recent cyber incident to restore access and provide you with a secure and reliable billing experience as quickly as possible."
