Good afternoon, everyone.
I will begin, as my colleague Frédéric Cuppens and I prepared a shared presentation.
Thank you all for inviting us to appear before this committee. I will provide some context, and Mr. Cuppens will give you a few recommendations.
We all know what the context is. On the one hand, there is the Russian Federation's invasion of Ukraine and, on the other hand, there is the assistance provided by western countries and the North Atlantic Treaty Organization, or NATO, to Ukrainians to deal with this invasion. We are now wondering whether we should worry about reprisal through cyber-attacks. In other words, will the war on the ground shift into cyberspace?
Russia has shown its ability to engage in cyberwarfare with highly organized cyber-attack groups. We know about and have identified a number of them. There is APT28, which carried out a cyber-attack on TV5 Monde, APT29, another mostly Russian organization, known for its interference in the 2016 U.S. election, the 74455 Russian military intelligence unit, which carried out cyber-attacks on critical infrastructure using BlackEnergy and Industroyer software, as well as the Conti group, which is known for its affiliation with the Ryuk ransomware.
We want to remind you that, well before the military attack against Ukraine, tensions between the United States and Russia were extremely high. Following the attack on the SolarWinds company, President Biden called President Putin a killer. He has used other terms to describe him since. Therefore, Russian cyber-attacks may multiply and intensify, targeting especially those who are helping Ukrainians, such as western countries, including Canada. What are the targets and the threats? That is the question we are asking ourselves. This cyberwarfare can take very diverse forms, with the most well-known being data exfiltration, denial of service attacks, fraud and, of course, sabotage.
The most visible form of cyberwarfare today is information warfare, consisting of disinformation. We should expect this information warfare to continue and fake news to proliferate. However, a number of experts agree that the impact of those cyber-attacks is limited for the time being. Shortly after the conflict in Ukraine began, the Conti group, which I mentioned earlier, claimed responsibility for the cyber-attack on the Alouette aluminum smelter, which you have probably heard about. Last week, there was also the attack on Rideau Hall, which had a very symbolic impact, but for the time being, Russia's involvement in that attack has not really been confirmed.
We may ask ourselves the following question: why hasn't Russia launched any major cyber-attacks yet?
We don't have an answer, but we can make two assumptions. The first is that, like a traditional war, a cyber war has to be prepared for. We have seen that the preparation on the ground is somewhat chaotic. Russia may not have prepared for a cyber war, or it may be waiting for the right moment to launch it. The second assumption is that either of the two camps starting a massive cyber-attack would without a doubt be seen as a crossing of the famous red line, which would inevitably lead to conflict escalation.
Therefore, critical infrastructure is a priority. We may worry specifically about attacks sabotaging that infrastructure. It goes without saying that our geographic distance is irrelevant when it comes to cyber threats. Some experts have not hesitated to compare cyber weapons to nuclear weapons as a deterrent, comparing the power of cyber-attacks to the power an atomic bomb could have.
In this context, two untruths that are often spread can be highlighted. The first is that infrastructure that is not connected to the Internet is protected from cyber-attacks through what is generally referred to as physical isolation. That is false, and we have known it full well since the Stuxnet worm attacks, which targeted nuclear power plants.
The second untruth is a Die Hard 4 liquidation scenario, whose objective would be to destroy a country's economy—