Cyber attack on NRC comes as agency developing hack-proof system
NRC has been working with private sector, universities on physics-based encryption system to prevent cyber attacks
OTTAWA—The recent infiltration of National Research Council of Canada (NRC) computers by Chinese hackers comes as the agency is working on an advanced computer encryption system that is supposed to prevent such attacks.
The cyber assault has been met with sharp criticism of the Chinese government by Ottawa—even as Foreign Affairs Minister John Baird is in China laying a path for a visit there this fall by Prime Minister Stephen Harper.
The federal government revealed this week that the NRC’s networks were the target of a cyber attack, resulting in the shutdown of its IT network for an extended period.
The Chinese embassy in Ottawa denied any such attack.
Curiously, the NRC has been working with private sector and university research teams on a physics-based, state-of-the-art computer encryption system.
“The emerging field of quantum communication promises unhackable, secure communication that can be applied to protect our digital infrastructure,” says the NRC’s website.
“NRC is developing photonics-based, quantum-enhanced cyber security solutions … collaborating to develop technologies that address increased demands for high-performance security for communications, data storage and data processing.”
The research agency had hoped that such technology would position Canada as a global leader in field of quantum cyber security.
The Treasury Board Secretariat has not said when the NRC’s computer systems were infiltrated or what the hackers might have been able to access, but said there is no evidence that other government computer systems or data have been compromised.
For now the NRC’s computers have been isolated from the rest of the government’s systems as a precaution, a move that the agency said “will affect ongoing business operations.”
The council said it could be some time before a new, more secure system is up and running.
“NRC is continuing to work closely with its IT experts and security partners to create a new secure IT infrastructure,” the council said in a statement. “This could take approximately one year however; every step is being taken to minimize disruption.”
In a separate statement, the government said one of Canada’s spy agencies, the Communications Security Establishment (CSE), detected and confirmed the cyber attack.
The intrusion came from “a highly sophisticated Chinese state-sponsored actor,” said the Treasury Board.
“We have no evidence that data compromises have occurred on the broader Government of Canada network.”
Still, the NRC said it has notified the Privacy Commissioner and its clients and stakeholders about the breach.
The agency said it would not release further information, citing security and confidentiality reasons.
However, in a recording of an internal briefing obtained by CTV News, NRC president John McDougall warned that employee and client data could have been compromised.
He also told employees in a conference call not to connect their memory sticks, smartphones or tablets to their work computers.
A spokesperson for the Chinese embassy in Ottawa denied his country’s involvement in any hacking action.
“The Chinese government has always firmly opposed to and combated cyber attacks in accordance with the law. In fact, China is a major victim of cyber attacks,” Yang Yundong said in a statement.
“We do not accept the groundless allegation of so-called China’s involvement in any cyber intrusion or attacks.”
Baird, who is on a three-country visit to Asia, raised concerns over the breach with Chinese government officials in Beijing, according to a spokesperson for the minister.
“The minister took the opportunity to discuss the situation with his counterpart, and they had a full and frank exchange of views on the matter,” said Adam Hodge.
“The government takes this issue very seriously and we are addressing it at the highest levels in both Beijing and Ottawa.”
The cyber attack is awkward timing for Ottawa, since Harper has been planning for a possible state visit to China in November, coinciding with his attendance at an Asian economic summit in Beijing at the end of that month.
Canada and China have been wrestling with several thorny issues—such as Canada’s delay in signing an investment treaty with China and new Canadian rules imposed on state-owned foreign investors—and the cyber attack does not make the diplomatic dance any more graceful.
The NRC houses some important intellectual property.
It touts itself as “the Government of Canada’s premier organization for research and development,” which partners its scientists, engineers and business experts with private industry to bring new technologies to market.
Aside from computer network encryption research, it has also been working to co-develop a new treatment against aggressive brain cancers.
It is also been developing DNA sequencing through genomics research that could have implications for a wide range of industries involved in agriculture, the environment, fisheries, forestry and health.
Attacks on computer systems owned by Canadian governments and businesses are becoming increasingly prevalent, says the International Cyber Security Protection Alliance.
The global not-for-profit group released a study in May 2013 showing that 69 per cent of Canadian businesses reported some kind of attack within a twelve-month period in 2012.
The attacks included unauthorized access or misuse of corporate websites and telecommunication fraud, with more than one quarter of businesses saying the attacks had a considerable impact on their business.
In the United States, the Pentagon began to expand its cyber-security forces last year in the wake of attempted cyber attacks by China-based hackers.