And The Culprits Are...

"A number of federal organizations are just not obligated to obtain cyber defence services from the government. Sometimes they'll say it's because they're 'independent'."

"Many of these organizations, including Crown corporations, have knowingly declined the protection."

"We believe that puts them, their data, their people, their systems, and the government as a whole at considerable risk, because of course we're joined at the hip."

National Security and Intelligence Committee of Parliamentarians (NSICOP) Chair David McGuinty

"Information losses were considerable, including email communications of senior government officials, mass exfiltration of information from several departments, including briefing notes, strategy documents and Secret information; and password and file system data."

NSICOP Report

Pexels

 

A redacted report was tabled in Canada's Parliament with key findings by the National Security and Intelligence Committee of Parliamentarians alerting the government to the fact that some federal organizations refuse to take advantage of crucial cyber defence services from their own security and IT agencies. This, when government organizations world-wide are targeted by unprecedented levels of cyber threats, emanating mostly from China and Russia.

The government's centralized IT service, Shared Services Canada (SSC) and its cyber-security agency, the Communications Security Establishment (CSE) have engineered a "very strong" cyber defence system, ostensibly to be put to immediate protective use by all government departments. Of the government's 169 organizations a mere 43 are required to receive all their key digital services (networks, email and data centres) from SSC and its Enterprise Internet Service (monitored for threats and secured by CSE).

The balance of the organizations consider themselves exempt from the need to make use of super-security offered because they are not mandated to as are the 43 that adhere to the need to protect their groups. All government sensitive and confidential data are to be contained within, for the purpose of averting cyber attacks. The recommendation was made that all federal organizations be obliged by law to use the services within government auspices to block cyber attacks "to the greatest extent possible". 

The report outlined CSE having blocked 1.3 billion hostile attempts to infiltrate government networks each and every day in 2019-2020, an increase from the 282 million blocked in 2015-2016. The "wake-up-call" for the federal government for the need of enhanced cybersecurity vulnerabilities arrived with the occurrence of a year-long cyber attack in 2010 by China, detected when CSE deployed "cyber defence sensors" on the government's secure network; a "turning point".

That mass cyber attck targeted 31 federal departments, leading to "severe compromises within eight of those departments". Finance Canada and the Treasury Board of Canada Secretariat were the hardest hit; both lost entire sets of network passwords: and were then forced to disconnect their networks completely from the internet for an undisclosed period.

The cost to restore and recover from a successful cyber attack was staggering; over $100 million and "years-long" efforts to rebuild the National Research Council's network following a devastating cyber attack by a Chinese state-sponsored actor in 2014. China, it was found, had purloined over 40,000 files from the NRC's highly sensitive network, along with gaining access to other government organizations in the process. Three other previously unknown cyber attacks impacted Canadian organizations.

China and Russia, emphasized the report, remain the most sophisticated state-sponsored cyber threats to Canada, while Iran, North Korea and four other unspecified countries were hard on their heels. The report describes China as a "prolific" threat targeting multiple government sectors for the purpose of maintaining internal stability and developing as a global power. China focused some of its cyber efforts on Canadian research networks in particular, since the beginning of the pandemic.

Russia is highlighted as "the most prolific" threat actor to target the government of Canada, employing non-state actors such as private companies and "troll farms", along with cyber criminals on its behalf in conducting cyber threat activities. But not everyone agrees with this assessment...

"From American sources, it follows that most of the cyber attacks in the world are carried out from the cyber realm of the United States. Second place is Canada. Then two Latin American countries. Afterward comes Great Britain. Russia is not on the list of countries from where — from the cyber space of which — most of the various cyber attacks are carried out."

Russian President Vladimir Putin