Canada Blames China for Data Breach'Chinese State-Sponsored Actor' Accused of Cyber Intrusion
See Also: Data Security Risk: A CISO's Perspective
The breach involved a "cyber intrusion on the IT infrastructure" of the council, says Corinne Charette, the government's CIO. The National Research Council is responsible for science and technology research and development.
"Government of Canada computer networks, like those of other governments and the private sector, are under increasing threat of cyber-attack," she says. The government has robust systems and tools in place to monitor, detect and investigate potential threats and "takes decisive measures to address and neutralize them," she adds.
"Since the detection and confirmation of the cyber intrusion, the National Research Council's networks have been isolated from the broader government of Canada network as a precautionary measure," the CIO says. "We have no evidence that data compromises have occurred on the broader government of Canada network."
Reuters reports that Canadian Foreign Minister John Baird had "a full and frank exchange of views" about the case with Chinese Foreign Minister Wang Yi during a meeting in Beijing on Tuesday. "The government takes this issue very seriously, and we are addressing it at the highest levels in both Beijing and Ottawa," said Baird spokesman Adam Hodge.
How Breach Was Discovered
The National Research Council of Canada says the intrusion was discovered through the work of the Communications Security Establishment, the Canadian agency focused on collecting foreign intelligence and protecting computer networks.
"Following assessments by NRC and its security partners, action has been taken to contain and address this security breach, including protecting its information holdings and notifying the privacy commissioner," the NRC says. "NRC has also taken steps to inform its clients and stakeholders about this situation."
For security and confidentiality reasons, details about the cyber intrusion cannot be released, the NRC says in a statement provided to Information Security Media Group. "An update on this situation is planned for July 31."
The NRC says it's working with IT experts and security partners to create a new secure IT infrastructure, but stresses the process could take approximately one year to complete.
The news echoes past incidents where China has been accused of hacking into governments and companies. For example, in May, the U.S. indicted five Chinese military officers for allegedly hacking into the computers of American companies to steal trade secrets (see: U.S.-China Fisticuffs Over Cyberspying).
And earlier this month, U.S. officials conceded "a potential intrusion" of Office of Personnel Management computer systems, reportedly by Chinese hackers (see: U.S. Government Personnel Network Breached).
Canada naming China as the cyber-attacker shows "direct finger pointing," says Tyler Shields, a security analyst at Forrester Research. "This would lead me to believe that the Canadian government has strong proof of the source of the attack," he says. "It's difficult to say for sure unless all of the evidence is made public, but it appears similar to hacks that have happened against the United States commercial and government entities in the recent past that have been attributed to Chinese state-sponsored actors."
By calling out China as the source of the cyber-attack, Canada is helping to continue building the case against China for cyber-espionage in the "court of public opinion," Shields says. "However, they do run the risk of increased attacks from both nation-states as well as rogue hacking teams by going public. It's a tricky proposition to point fingers unless you have irrefutable proof."