Global Affairs Canada is still coping with the fallout from a hack last week, which raised concerns that it was tied to international tensions with Russia.
The Treasury Board of Canada Secretariat said in a statement on January 25 that limited access to the internet and internet-based services are now unavailable as part of mitigation efforts that began on January 19, when the cyber issue was identified. Work is being done to re-establish such services.
“Critical services for Canadians are presently available through Global Relations Canada,” said Geneviève Sicard, the Treasury Board’s chief of public affairs. At this time, there is no evidence that this issue has affected any other government departments.
The probe is still underway. We are unable to speak further on particular information due to operational constraints.
Shared Services Canada provides some of Global Affairs Canada’s IT services. The chief information officer (CIO) of the federal government is a member of the Treasury Board.
According to the government statement, both the CIO and Shared Services are working with the Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security. The CSE is in charge of the security of government information technology networks.
According to Queen’s University professor
According to Christian Leuprecht, a Queen’s University professor and senior fellow in security and defence at the Macdonald Laurier Institute, public reporting does not indicate if Global Affairs’ secure internal network or its external-facing network was compromised.
It’s also unclear if the threat actor breached one of the networks or whether the authorities temporarily shut down access when the suspicious activity was discovered. “If the secure network were compromised, we’d be in big danger,” he continued.
However, he believes it is no coincidence that this occurred when NATO nations, including Canada, are taking action and issuing stern words to Russia over its soldiers massed on its border with Ukraine. “Things don’t just fall,” he explained.
He mentioned that the Cyber Centre had warned Canadian critical infrastructure providers last week to be on the lookout for Russian-based cyber threats.
He added that the foreign affairs ministry is a “Russian favourite” target. “This does not necessarily imply that they were attempting to bring our systems down. We may have shut down the network because we detected Russian attempts to penetrate, exfiltrate, and reroute traffic.”
“The issue is that intent is difficult to interpret.” Is the Russians’ intention to demonstrate that they are in our networks and that they can grab us at anytime, anyplace, as a warning shot—’Be cautious what you do.’ We can escalate in response to your help to Ukraine.’ Or is this the best the Russians can do to bring down the open Global Affairs network?
Interestingly
Interestingly, one of CSE’s responsibilities is to secure the government of Canada’s network infrastructure. That is not negligible. On the other hand, the Russians appear to have thwarted CSE’s mission.
On the other hand, he continued, government networks haven’t been shut down in recent years, as they were during the attacks on the Treasury Board in 2011 and the National Research Council in 2014. The attack on the Royal Military College and the Canadian Defence Academy in 2020 was the most recent failure. Both were attributed to China.
“The larger interpretation has been that CSE now has a grasp on this,” said Leuprecht.
He admits that networks can fall due to server problems, but they can also be brought down on purpose by IT as a precaution when an attack is identified. For example, in 2020, the government shut down the Canada Revenue Agency website after a successful credential stuffing assault compromised 11,000 Canadians’ tax and service accounts.
He said that most of Global Affairs’ external networks had returned to service rather rapidly, implying no hostile actor within its servers or deep within the network. The RCM network, on the other hand, had been down for months.
“It might have been a network failure, a network hack of some form, and the government chose to shut down the network [as a precaution], or the Russians ended up purposely taking down the network,” I believe.
Published By – Ranjit Gohite
Edited By – Kritika Kashyap
