Russia and China continue to be the most sophisticated state-sponsored cyberattackers targeting Canadian government systems, according to a new report.
The annual report of the National Security and Intelligence Committee of Parliamentarians (NSICOP), released Monday, notes state and criminal attackers are using the COVID-19 pandemic to go after medical research here and conduct online disinformation campaigns aimed at manipulating public opinion and undermining confidence in public health systems.
“China and Russia continued to be the main drivers of cyber threat activity targeting the government since 2018,” says the publicly released version of the report. “This activity has been consistent, year over year, and focused across numerous government sectors.”
Iran and North Korea were also flagged as potential threats. At least one other country is named but marked out of the version released to the public. Prime Minister Justin Trudeau was given the full classified version last December.
“These actors continue to build their capability to target critical infrastructure, conduct online influence campaigns and monitor dissidents abroad,” the report says. “The pandemic put these threats into stark relief, in particular the threats posed to Canada’s health sector.”
The 2020 report, which looks at threats to the country, is an update to the committee’s first report in 2018. That report identified five major threats to Canada: Terrorism, foreign interference and espionage, cyberattacks, organized crime and weapons of mass destruction.
The pandemic has interfered with some of the committee’s work. As a result, the committee will release a report on the government’s ability to protect its IT systems and networks later this year.
The committee is made up of nine MPs and senators who review the government’s national security and intelligence activities. Currently chaired by Liberal MP David McGinty, it was created to make sure Parliament is informed of what goes on in the intelligence community.
There is also an independent National Security and Intelligence Review Agency, which reviews all national security and intelligence activities’ legality and reasonableness.
The censored nature of the report partly interferes with its comprehension. For example, a section on espionage says:
“CSIS [The Canadian Security Intelligence Service] assesses that while countries such as the Russian Federation have targeted Canadian science and technology, the *** threat from China ***. In many cases, these actors are targeting the same types of science and technology in which the Government of Canada is investing. China uses “talent programs” and academic exchanges to exploit Canadian expertise. Its Thousand Talents Program, established in 2008 to encourage Chinese scientists abroad to bring their research to China, is currently under investigation by the U.S. Justice Department.57 [*** This sentence was revised to remove injurious or privileged information. The sentence describes circumstances in Canada. *** ] The result of this program is that intellectual property is often transferred to China, [This sentence was revised to remove injurious or privileged information. The sentence describes a CSIS assessment. *** ].”
As noted in many government and vendor reports, the committee says espionage related to COVID-19 research is increasing. “Research networks in the United States, Canada and the United Kingdom have been targeted by intelligence collection efforts of China, Russia and Iran.
The New York Times notes that the pandemic “has prompted one of the fastest peacetime mission shifts in recent times for the world’s intelligence agencies, pitting them against one another in a new grand game of spy versus spy.”
The Communications Security Establishment (CSE, Canada’s electronic monitoring agency) notes that Russia is primarily responsible for this espionage, using clandestine cyber operations to steal proprietary data.
One area of concern in the report is the possible compromise of critical infrastructure, which covers government departments, banking and utilities, and the transportation network and production and distribution of food.
It notes that in 2017 the CSE alerted the United States to a compromise of an industrial control system in the energy sector. The U.S. Department of Homeland Security said Russian cyber threat actors had advanced to the point where they could have disrupted North America’s power flows.
The report also says the CSE believes that in the absence of a major crisis or armed conflict with Canada or the United States, the intentional disruption of Canadian critical infrastructure remains unlikely.
In a section on foreign influence campaigns, the report quotes a previously release assessment by the CSE that the number of states conducting online influence activities has grown since January 2019. State-sponsored online activity will likely continue to target Canadian political discourse.
The committee also notes that since its first special report in December 2018 it has made 23 recommendations aimed at increasing the effectiveness and accountability of the security and intelligence community.
However, the 2019 federal election and the pandemic have meant the government’s response has been “limited.” Prime Minister Justin Trudeau has told the ministers of National Defence and Public Safety to introduce a new framework governing how the government gathers, manages and used defence intelligence. No framework has yet appeared.
The report notes the government isn’t required to respond to its recommendations, but it notes that its U.K. parliamentary counterpart gets regular government responses to its reports. As a result, it asks the government to consider formally responding to the committee’s reviews, as it does for reports from the Auditor General.