Matthew Braga | 13/02/19 | Last Updated: 13/02/19 7:27 PM ET
More from Matthew Braga | @mattbraga
Canada needs to develop better strategies for handling cyber attacks, security experts say, after a study from U.S. internet firm Mandiant detailed the extent of Chinese hacking, allegedly led by that country’s government, against organizations in Canada and the U.S.
“The Canadian government has been somewhat remiss in its approach to the problem” of cyber security, said Queen’s University professor and internet security expert David Skillicorn.
“APT1: Exposing One of China’s Cyber Espionage Units,” the title of the Mandiant study published Tuesday morning, allegedly traces hundreds of terabytes of information stolen from North American military contractors, energy companies and other critical industries to a Chinese military unit in Shanghai.
Among those targeted were seven organizations either based in Canada, or with operations in this country, which have been subject to attacks since 2006 when Mandiant began observing what it refers to as the Advanced Persistent Threat group one (APT1).
The Mandiant report also revealed that three servers linked to the alleged Chinese hackers were located in Canada, and used to funnel data back home. When asked what industries the Canadian organizations belonged to or where in the country they were located, a Mandiant spokesperson said the company would “not [be] providing that level of detail.”
“It lines up with what we already suspected to a high degree,” said Martin Rudner, distinguished research professor emeritus at Carleton University. He added that “suspicions that a dedicated People’s Liberation Army unit was engaged in mainly industrial espionage” have been circulated for at least a year.
In a statement faxed to The Associated Press, China’s Foreign Ministry dismissed the report as “groundless,” and the country’s Defense Ministry denied any involvement in the cyber attacks. The New York Times reported that the Canadian arm of Telvent, now owned by Schneider Electric, was one of the companies affected by the multi-year attack. The company designs software for remote access to energy production and distribution systems in the oil and gas industries. The attack itself was revealed to customers in September.
A forthcoming report to be released in late April from the International Cyber Security Protection Alliance (ICSPA), a business-led coalition which includes large Canadian companies such as BlackBerry, McAfee and Lockheed Martin, intends to gauge the impact of cyber espionage crimes against critical Canadian businesses.
Canada’s problem, said Professor Rudner, is that the country not only lacks the necessary talent to defend from comprehensive cyber attacks, but few programs and resources are in place for cyber security training.
In the U.S., for example, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a part of the Department of Homeland Security, offers a number of training courses designed “to improve the security posture of control systems within the nation’s critical infrastructure”.
The department considers companies involved in such sectors as energy, communications, banking and more to be part of America’s critical infrastructure.
In 2005, Public Safety Canada established the Canadian Cyber Incident Response Centre (CCIRC) with similar goals to help owners and operators of the country’s critical infrastructure reduce the risk of cyber-oriented threats.
One of the organization’s goals was to share “standards, best practices, awareness, and education,” according to the Auditor General’s Fall 2012 report. The report was critical of the CCIRC’s efforts, finding the organization had progressed slowly in making such information available.
“It was scathing on how little was being done,” said Professor Skillicorn.
These responsibilities have since been shifted to another department within Public Safety Canada following the introduction of Canada’s Cyber Security Strategy in 2010.
Aside from programs operated by the National Research Council and National Resources Canada, which are not accessible to civilians, according to Professor Skillicorn and Professor Rudner, neither knew of training or education initiatives in Canada similar to those in the U.S. or U.K.
“To get training, one has to have access to the federal system,” Professor Rudner said.
Public Safety Canada, which oversees matters of cyber security affecting the government, did not respond to a request for comment in time for publication.
This is not first time that foreign entities — namely, China — have been accused of illegally gaining access to Canadian corporate interests.
And as reported by the Wall Street Journal and Financial Post almost a year ago, hackers, apparently from China, had unfettered access to the computer network of former Canadian telecommunications giant Nortel for over a decade, until the company’s bankruptcy in 2009.
According to reports, Chinese hackers were alleged to have targeted law firms involved in BHP Billiton Ltd.’s takeover bid for Saskatchewan’s Potash Corp. — companies that deal in natural resources relevant to Chinese state interests — with the intent of influencing negotiations.
The Mandiant report comes on the same day that Apple Inc., revealed some of its employees’ computers had also been infiltrated by hackers, according to the Wall Street Journal, using the same malware used to target Facebook Inc. last week. The malware, some security experts believe, originated in China.