n a rather unusual notice, Canadian security agencies have released a joint statement warning that COVID-19 research has become a target for ‘state actor” hacking attempts.
The Canadian Security Establishment (CSE) and the Canadian Security Intelligence Service (CSIS) said in the statement, yeaterday “that it is near certain that state sponsored actors have shifted their focus during the pandemic, and that Canadian intellectual property represents a valuable target”
An alert in March on the Canadian Centre for Cyber Security website had warned that there is ” an elevated level of risk to the cyber security of Canadian health organizations involved in the national response to the pandemic, including but not limited to medical research, manufacturing, distribution and policy-making organizations”.
it added, “Sophisticated threat actors may attempt to steal the intellectual property (IP) of organizations engaged in research and development related to COVID-19, or sensitive data related to Canada’s response to COVID-19”.
There is the added concern that many staff involved in such work are also working from home with computers having less sophisticated security systems and connected to the research mainframes throught VPN’s (virtual private networks). Housebound workers may be more vulnerable to spear-phishing efforts to collect sensitive COVID-19 research, or unwittingly install ransomware.
The Canadian warning does not specifically name the “state actors” although the top secret National Security and Intelligence Committee of Parliamentarians (NSICOP) in a report on foreign interference in Canada does name China and Russia, while other nations identities had been blanked out. It did say that if the government did not do better, ” foreign interference will slowly erode the foundations of our fundamental institutions, including our system of democracy itself.” While not specifically dealing with cyber threats it did note threats seen in political affairs, and with Canada’s cultural and university communities, and through media adding that Canada is an “attractive and permissive target”.
Security experts have often noted that Canada is a desired cyber target as part of the ‘Five Eyes’ international security group of nations and that intelligence network.
This latest Canadian security service warning comes a day after the U.S. had publicly accused China of “attempting to steal U.S. intellectual property and data related to COVID-19 research”.
While the warming concerns medical research efforts, the security service does say much of the threat activity seen during the pandemic has involved criminal activity.
additional information – sources
- CBC: C. Tunney: Increased foreign threat to COVID-19 research prompts extraordinary warning from Canada’s spy agencies
- Canadian Centre for Cyber Security: Mar 20/20- Alert
- Wired: LH Newman MAy 14/20: The U.S. says Chinese hackers went too far during COVID-19 crisis
- CTV: R.Aiello: Mar 12/20″ ‘The threat is real’ top secret committee says of foreign interference in Canada
- NSICOP- security report
- NATO Assoc. of Canada: A.Darred: Jan 7/20: Huawei- a threat to Canadian Five Eyes membership?
- Policy Options: W. Wark (PhD): Apr 14/20: It’s a tall order but there are ways Canada can contribute to the intelligence mission to globally monitor COVID-19