The national body responsible for business-led technology research has confirmed that its computer systems has suffered a cyber attack by what has been called a”highly sophisticated Chinese state-sponsored actor.”
A statement issued by the National Research Council of Canada said that the “cyber intrusion” on the NRC’s IT infrastructure was detected by Communications Security Establishment Canada (CSEC), the country’s electronic spy agency.
The NRC is a very tempting target for cyber espionage. The council is the primary national research and technology organization of Canada. It focuses on business-led research and works to shorten the gap between early stage research and development and commercialization. The NRC is involved in defence, aeronautics and cyber security research.
The Chinese Embassy in Ottawa has denied as “groundless” allegations that China is involved in the NRC attack.
“The Chinese government has always been firmly opposed to and combated cyberattacks in accordance with the law,” Yang Yundong, a spokesperson for the embassy, said in statement.“In fact, China is a major victim of cyber attacks.”
He said China itself had faced thousands of cyber attacks in 2013.
The NRC said is is working closely with IT experts and security partners to create “a new secure IT infrastructure” but said compeltion of such a project would take considerable time.
“Following assessments by NRC and its security partners, action has been taken to contain and address this security breach, including protecting its information holdings and notifying the Privacy Commissioner,” the statement said. “NRC has taken steps to inform its clients and stakeholders about this situation.”
“This could take approximately one year however; every step is being taken to minimize disruption,” the NRC said. “We understand that this incident will affect ongoing business operations and every step is being taken to minimize its impact on our clients and stakeholders.”
Meanwhile, a report from the Canadian Broadcasting Corp. quoted Canada’s chief information officer Corinne Charette as saying the attack was traced to a “highly sophisticated Chinese state-sponsored actor.”
At least one cyber security expert said the attack should serve as a “wake up call” for government organizations and Canadian businesses.
“This breach is a wake up call not only for the NRC but also other organizations that don’t think they have much of a reason to be targeted by industrial or digital spies,” said Claudiu Popa, security and privacy advisor and CEO of Toronto based security consulting firm Informatica Corp. “Canadian businesses must take this very seriously and begin by examining their security posture.”
The United States has bamed China in the past for data breaches and cyber espionage. This is also not the first time Canada has been hit by a cyber attack traced to China. In January 2011, the government had to take the comouter systems of the Finance Department and the Treasury Board off the Internet due to a cyber attack that is said to have originated from China.
Popa said the latest incident illustrates that businesses are “not just up against faceless hackers or rogue employees.” He said cyber espionage is now played out in “an even larger, global scale, where trade secret information is the most valuable currency.”
Failure to protect these sensitive, intangible assets can affect any company’s reputation, and on a national and international scale, such attacks can also negatively impact Canada’s competitiveness, said Popa.
News of the attack comes as Foreign Affairs Minister John Baird continues his official visit in Beijing. Baird was scheduled to give a press conference today but the event was cancelled.
Baird’s office said it did not cancel any event because they were guests in the country. Rick Roth, Foreign Affairs spokesperson said the minister raised the issue of the cyber attack with his Chinese counterpart. Roth said the two officials had a “full and frank exchange of views.”