A week after the Russian cyberattack that crippled its sites, Hydro-Québec’s head of cybersecurity, responsible for overseeing its critical infrastructure, warns that the main threat often comes from within.
• Also read: Russian Cyber Attack: Hydro-Québec’s web services have finally been restored
• Also read: Cyber Attacks: A local company thinks it could have protected Hydro-Québec
• Also read: “The threat has existed for several years”: Hydro-Québec attacked by cyberhackers
“Risk number 1 is the internal threat,” said Éric Robin, head of cybersecurity products in the energy sector at Hydro-Québec, in an interview with the Journal.
“We don’t bestow malicious intent on the world, but they can be used as a vector for attacks without their knowledge,” continued the man who has climbed the ladder of technology at Hydro-Québec for 12 years.
- Philippe-Vincent Foisy discusses the situation with Jacques Sauvé, cybersecurity expert via QUB radio :
fears expressed
Last Friday, Le Journal reported on the fears of a former major intelligence chief who believed organizations needed to be more alert.
“Companies don’t take warnings seriously […]. what we see [avec la multiplication des cyberattaques des derniers jours]it is the result of this negligence , Artur Wilczynski, ex-director general of information operations of the Telecommunications Security Center (CST) had warned.
Oversee more than 300 experts
However, yesterday, after speaking at the Cyberconference 2023, an event currently taking place in Montreal, a key manager of critical infrastructure at Hydro-Québec recalled that 300 Hydro experts oversee the cybersecurity operations of his center 24 hours a day.
When Le Journal wanted to know what he thought the main threat was, the expert replied without the slightest hesitation that it came from within.
For example, an employee who has privileged access to a system because they are performing maintenance or updates could click on a malicious link.
“Humans are imperfect. It can potentially be damaged,” illustrated Éric Robin.
Quebec in the dark?
According to him, the catastrophic scenario of a cyberattack that would plunge Quebec into darkness is “very, very unlikely.”
In the Journal, the cybersecurity expert, who doesn’t scare people, points instead to the risks associated with equipment suppliers that could be avoided.
“You have to be careful not to bring in hidden door equipment and make sure the supplier does their own checks,” he explains.
“You might say, ‘Hey, there’s a cheaper contract with a Russian or Chinese device manufacturer.’ Not sure. A degree of caution is required,” he concludes.
In 2022, a suspected Chinese spy was arrested in Hydro-Québec. According to the RCMP, he “obtained industrial secrets with intent to benefit the People’s Republic of China.”