Day in and day out, invisible adversaries are waging a high-stakes cyber-battle against Canada’s transportation networks, water purification plants, hospitals, generating stations, voting systems and other critical infrastructure.
As a wealthy country with lots of IP, Canada is a prime target, according to Ali Dehghantanha, Canada Research Chair in Cybersecurity and Threat Intelligence at the University of Guelph.
Some attackers are simply after ransom money. Others sell access on the dark web — in some cases to nation states looking for industrial intel, political leverage or military secrets.
If they succeed, the costs are high. Cybersecurity incidents at food companies have led to empty shelves at grocery stores. Hospital data breaches have compromised health records of hundreds of thousands of patients. Attacks on electoral computer systems have eroded faith in democracy.
Dehghantanha’s Cyber Science Lab is working hard to stay one step ahead of the hackers. “What we want to understand is what they are doing, how they are doing, why they are doing and then what are the best ways that we can respond to that,” he says.
Building a testing platform to probe for weaknesses
But how do you conduct that research? “You cannot just target, say a voting system while the vote is happening, to just see how secure they are,” Dehghantanha says.
That’s where a CFI-funded threat-intelligence testing platform has been essential. It allows Dehghantanha and his team to emulate different hardware controllers, so they can assess them for vulnerabilities and test the effectiveness of defence tools. It could be a submarine control system one day, the thermostat for a chicken barn the next.
Today, a big focus is revealing the vulnerabilities created when facilities use AI agents to handle tasks like lighting and ventilation. The Cyber Science Lab’s team is also scrutinizing the weaknesses of AI-designed software systems. If that artificial intelligence isn’t properly trained on cybersecurity best practices — and training databases are limited, Dehghantanha notes — it can leave gaping holes.
“We are trying to understand how resilient are our AI-first critical infrastructure against cyberattacks,” he says.
Training the next generation of cybersecurity experts
The CFI-funded platform has enabled Dehghantanha to train close to 80 undergrads, graduate students and postdocs over the past five years. Those computer scientists are being snapped up by cybersecurity companies.
That includes eSentire, a Waterloo firm that serves approximately 1,500 clients around the world. According to J. Paul Haynes, eSentire’s president and COO, it’s hard to find cybersecurity specialists with a strong understanding of threat intelligence, tactical threat response and detection engineering — knowledge that Dehghantanha’s grads bring in spades.
“He’s obviously got some secret sauce there that he’s sharing with them,” says Haynes. “They basically stepped into the roles and no ramp time. They’re fully on, ready to go.”
And the need for those skills and tools won’t be going away. “The adversaries always have first-mover advantage. They are constantly trying to figure out how to get around technologies that might detect them or stop them,” says Haynes. “You have this obligation to be monitoring for evil and stopping it before it becomes a problem, 24/7, 365.”
The research project featured in this story also benefits from funding from the Canada Research Chairs Program, Mitacs and the Natural Sciences and Engineering Research Council of Canada.
