Saturday, February 19, 2011

Cyberattack defences in place, PM says

Cyberattack defences in place, PM says

Harper acknowledges 'growing' threats after 3 departments hacked

 Prime Minister Stephen Harper assured Canadians on Thursday that the government does have a strategy in place to protect computer networks, following the revelation that at least three key departments had their systems compromised by hackers.

Harper would not comment specifically on unprecedented attacks that targeted the Finance Department, the Treasury Board, and Defence Research and Development Canada.

But he said at a press conference in Toronto that he recognized cybersecurity was "a growing issue of importance, not just in this country, but across the world."

He added that in anticipating potential cyberattacks, "we have a strategy in place to try and evolve our systems as those who would attack them become more sophisticated."

Public Safety Minister Vic Toews said he could not speak about details pertaining to security-related incidents, but he said the government takes such threats seriously and has "measures in place" to address them.

A cyberattack, apparently from computers based in China, gave hackers access to highly classified information and was first detected in early January.

The attacks forced the government departments that were targeted to disconnect temporarily from the internet.

It appeared at first that only the systems of Canada's financial nerve centres — the Finance Department and the Treasury Board — were threatened.

But CBC News also learned Thursday of an attack on Defence Research and Development Canada, a civilian agency of the Department of National Defence. Reporters are trying to confirm whether a fourth department also had its computer system penetrated.

Treasury Board President Stockwell Day said the breach was not the worst the department had ever experienced.

"I wouldn't say it's the most aggressive [attack], but it was a significant one," Day said, "significant [in] that they were going after financial records."

Day said government cyberalarms worked and detected the hackers' attack.

"Everything that we have seen shows that we were able to slam the door on some of this stuff," he said.
Auditor general warning in 2002

In 2002, Auditor General Sheila Fraser had raised alarms, saying that cybersecurity was not up to snuff, warning about "weaknesses in the system."

She urged an overhaul to deal with the vulnerabilities, but found not much had changed when she checked again three years later.

The government said it recently announced $90 million over five years to help improve the protection of digital information, but some critics said that is a pittance compared to what other countries are spending.

"The U.K. last year committed £650 million [$1.03 billion Cdn] against national cyber security," said cyber secruity expert Rafal Rohozinski, who has tracked hackers around the world.

Rohozinski said the government needs to build "secure channels" to safely connect its networks to the internet.

"A secure channel, in broad terms, is simply a channel that centralizes all access to the internet, puts it through specific gateways and ensures that at least a modicum of security exists at those gateways preventing bad traffic from getting in," he said.