N.L. cyberattacks are 'canary in the coal mine' for Canada but going unheeded, says security expert

Recent cyberattacks in Newfoundland and Labrador should have been a wake up call for the federal government about the reality of an increasingly hostile world, says one cybersecurity expert.

The province has been the target of numerous breaches in recent years, such as the attack on the health-care system in 2021 by Russian ransomware gang Hive.

"What happened in Newfoundland was a canary in the coal mine of the hard times ahead of us and we didn't listen," Beauceron Security co-founder David Shipley told CBC Radio's On The Go.

When international criminal gangs are allowed to cripple a health-care system, Shipley warns it sends the signal that their aggression is invited.

More recently, telecommunications giant Bell announced a subsea fibre optic cable was deliberately cut for the second time between Nova Scotia and Newfoundland and Labrador.

Shipley says these are just a sign of the times.

"The good times are over. Like the peace dividend that we yielded from the sacrifices of our great-grandfathers and grandfathers. It's expired," Shipley said.

"The world's turned nasty and mean and they will use any means possible to get an edge and upset what we fought so dearly for."

Incidents like the subsea cable have to be taken seriously and do result in economic harm, he said.

"When you start messing with these things, you're messing with Newfoundland's future. And that's the game," Shipley said.

Response lacking

The RCMP is investigating the subsea cable, which has Shipley questioning why it's not being handled by the military or an intelligence agency.

"It speaks to the mess with how we've organized national security in this country. And I can tell you every time there's a crisis, and even in some of the crisis simulations … the problem in Ottawa is they don't even know who should respond," he said.

Shipley also lamented the fate of Bill C-26, which would have have introduced new cybersecurity requirements for federally regulated industries and codified national security requirements for the telecommunications sector. 

"It died because it had made it all the way to the Senate after two years of being stalled in Parliament just from lack of government attention and because of a typo. I kid you not, a typo," he said.

The bill was amended and then sent back to the House, but when Prime Minister Justin Trudeau prorogued Parliament, it meant the bill died, he said.

Shipley hopes Bill C-26 will be revived and get support across all parties to be passed.

Shipley says Canada's federal privacy laws are "toothless," adding that data management software PowerSchool — which had a security breach that resulted in the theft of hundreds of thousands of people's data  — won't even get a slap on the wrist for the chaos it caused.

He said a Russian hacker group gained access to a Canadian pipeline and tried to cause an explosion, though it failed.

"By the grace of some very technical controls, it didn't happen. Some secondary controls prevented a potentially very bad thing from happening," Shipley said.

"The only reason we know all this is — and this sounds like a plot from a movie — is a young U.S. air force intelligence officer decided to leak classified information on the Internet to prove how cool he was to his friends."

Download our free CBC News app to sign up for push alerts for CBC Newfoundland and Labrador. Sign up for our daily headlines newsletter here. Click here to visit our landing page.