In a way it’s a form of modern non-invasive warfare.
Certain nations are using special government supported teams to hack into Canadian government computers to steal information, and a new port says its happening at an alarming rate.
David Skillicorn (PhD) is a Professor in the School of Computing for Queens University in Kingston, Ontario.Listen
According to a recent report by the Communications Security Establishment (CSE), the secretive agency charged with preventing such attacks, various government computers are attacked about 50 times a week, or about 2,500 state-sponsored attacks annually between 2010 and 2015.
The Public Safety Report says Canada is getting better at protecting its computers and information noting that a staggering 600 million attempts are made every day to break into systems. He notes most of those however are from individuals and pose little threat.
The report says that, “..though more than six percent of these attempts breached the Government of Canada’s systems in 2013, this number had fallen to less than two percent in 2015”.
Even so, it also notes that of those more serious state-sponsored attacks, at least one such penetration is successful each week.
It does not however specify what, if any, information was stolen before the breaches were detected.
While the report says progress has been made, it also highlighted a number of problem issues.
Some of these included lack of coordination among government agencies resulting in duplication of protective measures.
It also indicated ongoing difficulties in communication and information sharing among various levels of government.
In its “evaluation findings and conclusions” the report also says, “Participating organizations share information, for the most part, on an ad hoc and selective basis. No clear policy states what information should be shared with whom and when”.
It also notes confusion in the private sector about which agency should be advised of cyber attacks and thefts of information i.e. the federal police agency RCMP, or CSE, which is supposed to address issues related to systems of importance to Canada, or the Canadian Cyber Incident Response Centre (CIRC) a branch of Public Safety, which puts out public alerts is supposed co-ordinate public-private information-sharing and incident management.
Canada’s Cyber Security Strategy was first developed in 2010 and this latest report was produced as part of an effort to upgrade and improve the cyber-security strategy for 2016-2020 including outlining future initiatives.