: A Growing Concern
Recent cyberattacks in Newfoundland and Labrador have highlighted Canada’s growing vulnerability to cybersecurity threats in an increasingly hostile global environment. David Shipley, co-founder of Beauceron Security, warns that these incidents should serve as a wake-up call for the federal government to address the escalating risks posed by cybercriminals.
Newfoundland and Labrador have faced multiple breaches in recent years, including the 2021 ransomware attack on the province’s health-care system by the Russian gang Hive. Shipley describes this as a “canary in the coal mine,” signaling the hard times ahead. He argues that allowing international criminal groups to disrupt critical systems only emboldens their aggression. More recently, a subsea fiber optic cable between Nova Scotia and Newfoundland was deliberately severed for the second time, an act Shipley views as emblematic of a more hostile world.
Shipley paints a grim picture of the current global landscape, stating that the relative peace enjoyed in previous decades has eroded. He emphasizes that adversaries will exploit any means necessary to destabilize what Canadians have worked hard to protect. Incidents like the subsea cable damage, he notes, have tangible economic consequences and threaten Newfoundland’s future.
Despite the severity of these threats, Shipley criticizes Canada’s disorganized approach to national security. For instance, he questions why the RCMP is investigating the subsea cable incident instead of military or intelligence agencies better equipped for such matters. This lack of clarity in crisis response reflects systemic issues in Ottawa’s national security framework.
Shipley also highlights the failure of Bill C-26, which aimed to introduce stricter cybersecurity requirements for federally regulated industries and telecommunications. The bill stalled due to government inattention and procedural errors, including a typo. When Parliament was prorogued, the bill died completely. Shipley hopes it will be revived with bipartisan support to strengthen Canada’s defenses.
Canada’s federal privacy laws are another area of concern for Shipley. He describes them as “toothless,” citing examples like PowerSchool’s security breach, which exposed sensitive data from hundreds of thousands of individuals without facing significant repercussions. This lack of accountability leaves Canadians vulnerable to future attacks.
Shipley recounts a chilling incident where a Russian hacker group attempted to cause an explosion at a Canadian pipeline but failed due to robust technical controls. The public only learned about this event because a young U.S. Air Force officer leaked classified information online—a scenario that sounds more like fiction than reality.
Shipley underscores that Canada must take cybersecurity threats seriously and act decisively. From legislative reforms to better-organized national security responses, proactive measures are essential to safeguard critical infrastructure and protect citizens from increasingly sophisticated cyberattacks. Without meaningful action, he warns, Canada remains dangerously exposed in an ever-hostile world.
: A Growing Concern
In a troubling development, telecommunications giant Bell has faced repeated sabotage of its critical undersea infrastructure. A 140-kilometer fiber optic cable connecting Cape Breton Island to Newfoundland’s west coast has been deliberately cut for the second time in just over a year, raising serious concerns about the security of vital communication networks.
On December 24, 2024, the cable was severed in what appears to be a deliberate act of sabotage. David Joice, Bell’s director of networks, described the damage as resembling a cut made by an angle grinder. This is no small feat, as the cable is reinforced with steel armor, requiring significant effort and specialized tools to breach.
This incident mirrors a similar event that occurred in December 2023, where the same cable was cut in an almost identical manner. The perpetrators and their motives remain unknown in both cases, deepening the mystery surrounding these acts of sabotage.
The affected cable serves as a primary network path to Newfoundland and Labrador, highlighting its critical importance to the region’s communications infrastructure. Despite the severity of the damage, Bell’s quick response ensured that customer services remained uninterrupted. The company swiftly reconfigured its network to maintain connectivity while initiating repair operations.
Repairing undersea cables is a complex and specialized task. Bell deployed the IT Intrepid, a specialized repair ship, from Halifax to address the damage. The vessel utilizes a rover to locate and retrieve the damaged cable, which is then repaired by a team of about 60 experts working around the clock. The scarcity of ships capable of performing such repairs in North America, coupled with the weather-dependent nature of the work, adds to the challenges of maintaining these crucial communication links.
In response to these incidents, Bell is exploring enhanced security measures. These include burying the cable deeper in the sea floor and considering the use of satellite imagery for monitoring. The company is also cooperating fully with the Royal Canadian Mounted Police (RCMP) in their ongoing investigation.
While the RCMP stated that there was insufficient evidence to proceed with an investigation into the first incident, they are actively investigating the more recent case. At present, authorities do not believe these incidents pose a national security threat.
The sabotage of Bell’s cable is not an isolated incident. On December 25, 2024, just a day after the Bell cable was cut, an underwater power cable and four internet cables in the Baltic Sea were similarly severed near the Gulf of Finland. These incidents have raised suspicions of Russian involvement, prompting increased patrols by Estonia, Finland, and NATO forces in the area.
The repeated sabotage of Bell’s undersea cable highlights the vulnerability of critical communication infrastructure. As our reliance on these networks continues to grow, ensuring their security and resilience becomes increasingly crucial. The incidents serve as a wake-up call for telecommunications companies and governments alike to bolster protection measures for these vital undersea links that form the backbone of our global communication systems.
Canada faces increasing cybersecurity threats from cybercriminals, state-sponsored actors, and digital risks targeting critical infrastructure. To safeguard its systems and citizens, the country can adopt several specific measures to bolster its cybersecurity defenses.
Effective cybersecurity requires cooperation between government entities, private organizations, and other stakeholders. Canada should establish stronger public-private partnerships to share threat intelligence, develop advanced cyber technologies, and coordinate responses to incidents. Programs like the Canadian Cyber Defence Collective could unify efforts to tackle national-level challenges while fostering innovation in cybersecurity solutions.
Critical infrastructure such as energy systems, healthcare networks, and telecommunications must be fortified against cyber threats. Canada can implement sector-specific cybersecurity guidelines tailored to the unique vulnerabilities of each industry. Promoting the adoption of robust security practices, conducting regular risk assessments, and deploying advanced monitoring systems will help detect and mitigate threats before they escalate.
Canada’s privacy laws need to be updated to hold organizations accountable for data breaches and improve overall data security. Introducing stricter regulations for data management and breach reporting will incentivize businesses to invest in stronger protections for sensitive information. Additionally, penalties for non-compliance should be enforced to deter negligence.
Building a skilled workforce is essential for addressing evolving cyber threats. Canada should invest in training programs, apprenticeships, and upskilling initiatives to expand its talent pool. Collaborating with academic institutions to develop specialized curricula in areas like AI-driven security and post-quantum cryptography will prepare professionals for emerging challenges.
Proactive threat detection capabilities are crucial for minimizing the impact of cyber incidents. Canada can enhance its monitoring systems by leveraging AI-driven tools and establishing centralized data centers for cybersecurity attribution. Encouraging cross-sector intelligence sharing will ensure quicker identification of threats and coordinated responses across industries.
Promoting secure-by-design principles in technology development can reduce vulnerabilities in software, hardware, and IoT devices. Introducing mandatory security labeling for products and incentivizing manufacturers to prioritize cybersecurity during development will protect consumers from risks associated with poorly designed systems.
Cybersecurity is a global issue that requires international cooperation. Canada should strengthen alliances with other nations to share best practices, coordinate responses to cross-border attacks, and develop interoperable security standards. Participation in global forums on cybersecurity policy will bolster Canada’s position as a leader in combating digital threats.
Emerging technologies such as quantum computing and AI pose both opportunities and risks for cybersecurity. Canada must invest in research to harness these technologies responsibly while mitigating their potential misuse by adversaries. Supporting innovation in areas like post-quantum cryptography will ensure preparedness against future advancements that could compromise existing security protocols.
A well-defined framework for responding to cyber incidents is critical for minimizing damage during attacks. Canada should refine its Federal Cyber Incident Response Plan to clearly delineate roles among government agencies, law enforcement, and private sector partners. Conducting regular simulations and tabletop exercises will test readiness and improve coordination during crises.
By implementing these measures, Canada can significantly enhance its cyber defenses, protect critical infrastructure, and safeguard its citizens from the growing threat landscape.
To prevent future cable tampering, Bell can implement several physical protection measures. Burying the cable deeper in the sea floor, typically between 1-2 meters below the seabed, can provide an extra layer of protection against accidental damage from trawlers and anchors, as well as deliberate tampering attempts. Additionally, Bell can reinforce the cable’s armor using heavy-duty materials like steel and armored polyethylene, making it more resistant to cutting or other forms of physical damage.
Bell can enhance its electronic monitoring systems to detect any changes or anomalies in the seabed environment. These systems can alert operators to potential threats or unusual activity near the cable. Implementing satellite imagery for monitoring the area around the cable can provide an additional layer of surveillance, allowing for quick detection of suspicious vessels or activities.
To safeguard the data transmitted through the cable, Bell can implement end-to-end encryption systems. This measure reduces the risk of data interception and protects against potential espionage attempts.
Monitoring vessel activity around the cable through tracking of identification signals can help deter potentially harmful activities. Bell can work with maritime authorities to establish restricted zones around the cable’s path and implement systems to track and identify vessels in the vicinity.
Increasing the number of cables and creating redundant network paths can help mitigate the impact of any single cable disruption. Bell can invest in additional cable routes or partner with other providers to ensure network resilience and continuity of service in case of tampering incidents.
Bell should continue to cooperate closely with the RCMP and other relevant security agencies. Sharing information about incidents, suspicious activities, and potential threats can help in developing more effective prevention and response strategies.
Conducting regular audits of the cable infrastructure with industry and security experts can help identify vulnerabilities and implement necessary security upgrades. These assessments should cover both physical and cyber aspects of the cable system.
Implementing comprehensive security training programs for employees involved in cable operations and maintenance can help create a culture of vigilance and improve the overall security posture of the infrastructure.
Given the global nature of undersea cable networks, Bell can engage in international cooperation efforts to share best practices, intelligence, and resources for protecting critical communication infrastructure.
By implementing these measures, Bell can significantly enhance the security and resilience of its undersea cable infrastructure, reducing the risk of future tampering incidents and ensuring the continuity of vital communication services.
