While Canada is getting better at protecting government computer systems, a new report says they were breached on average about once a week between 2010-2016 by state-sponsored hackers.
Photo Credit: CBC
In a way it’s a form of modern non-invasive warfare.
Certain nations are using special government supported teams to hack into Canadian government computers to steal information, and a new port says its happening at an alarming rate
David Skillicorn (PhD) is a Professor in the School of Computing for Queens University in Kingston, Ontario.
According to a recent report by the Communications Security Establishment (CSE), the secretive agency charged with preventing such attacks, various government computers are attacked about 50 times a week, or about 2, 500 state-sponsored attacks annually between 2010 and 2015.
The Public Safety Report says Canada is getting better at protecting its computers and information noting that a staggering 600 million attempts are made every day to break into systems. He notes most of those however are from individuals and pose little threat.
The report says that, “..though more than six percent of these attempts breached the Government of Canada’s systems in 2013, this number had fallen to less than two percent in 2015”.
They may be called *cyber warriors*. These are individuals working for a nation in state-sponsored cyber attacks seeking to steal information from government or industry. Canada is a regular target says a new report © CBC
Even so, it also notes that of those more serious state-sponsored attacks, at least one such penetration is successful each week.
It does not however specify what, if any, information was stolen before the breaches were detected.
The Communications Security Establishment (CSE) has acknowledged that sophisticated state-sponsored cyberattacks have hit Canadian government systems about 2,500 times each year. © Sean Kilpatrick/The Canadian Press
While the report says progress has been made, it also highlighted a number of problem issues.
Some of these included lack of coordination among government agencies resulting in duplication of protective measures.
US computer firm Mandiant traced some cyber attacks against the U.S. to this building in Shanghai © Mandiant
It also indicated ongoing difficulties in communication and information sharing among various levels of government.
In its “evaluation findings and conclusions” the report also says, “Participating organizations share information, for the most part, on an ad hoc and selective basis. No clear policy states what information should be shared with whom and when”.
It also notes confusion in the private sector about which agency should be advised of cyber attacks and thefts of information i.e. the federal police agency RCMP, or CSE, which is supposed to address issues related to systems of importance to Canada, or the Canadian Cyber Incident Response Centre (CIRC) a branch of Public Safety, which puts out public alerts is supposed co-ordinate public-private information-sharing and incident management.
Canada’s Cyber Security Strategy was first developed in 2010 and this latest report was produced as part of an effort to upgrade and improve the cyber-security strategy for 2016-2020 including outlining future initiatives.