Establishing Digital Trust: Don't Sacrifice Security for Convenience
Canada's Chief Information Officer this week announced that the IT infrastructure of the National Research Council of Canada was recently breached by "a highly sophisticated Chinese state-sponsored actor."
"While the National Research Council's networks do not currently operate within the broader Government of Canada network, since the detection and confirmation of the cyber intrusion, the National Research Council's networks have been isolated from the broader Government of Canada network as a precautionary measure," the CIO said in a statement.
"We have no evidence that data compromises have occurred on the broader Government of Canada network," the CIO added.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
In a separate statement, the National Research Council said it's working closely with its IT experts and security partners to create a new secure IT infrastructure. "This could take approximately one year, however," the statement noted.
"We understand that this incident will affect ongoing business operations and every step is being taken to minimize its impact on our clients and stakeholders," the statement added.
Michel Juneau-Katsuya, a former member of the Canadian Security Intelligence Service, told CBC News that the government's assumption that China was behind the attack is a reasonable one. "China is, by far, at the top of the ranks worldwide when it comes to cyber espionage," he said. "They are devoting hundreds of millions of dollars, thousands of people just specializing in hacking on their behalf."
But a spokesman for the Chinese Embassy in Ottawa told CBC News that his country "does not accept the groundless allegation of [the] Chinese government's involvement in any cyber intrusion or attack."
"The Chinese government has always firmly opposed ... and combated cyber attacks in accordance with the law," the spokesman added.
Just two months ago, however, the U.S. Justice Department charged five Chinese military hackers with computer hacking, economic espionage and other offenses directed at U.S. companies. "The range of trade secrets and other sensitive business information stolen in this case is significant and demands an aggressive response," U.S. Attorney General Eric Holder said at the time.