OTTAWA — Federal security agencies are working to deal with cyber threats, Prime Minister Stephen Harper said Thursday.
He wouldn’t speak directly to what the government calls an “unauthorized attempt” to access computer networks at the Treasury Board. The attack left civil servants in key departments without Internet access.
“I can’t comment on any specific reports,” Harper said. “But this is an issue we are aware of and our security personnel are engaged in dealing with.”
The Canadian Security Intelligence Service, the RCMP and the Communications Security Establishment, which helps secure federal computers, also refused to comment.
Jay Denney, a spokesman for Treasury Board President Stockwell Day, said security officials have taken action against the threat in line with the government’s security policy.
“There are no indications that any data relating to Canadians was compromised by this unauthorized attempt,” said Denney.
Details of the federal budget, expected to be delivered next month, are also apparently still secret. Chris McCluskey, a spokesman for Public Safety Minister Vic Toews, said “we have no indication that budget security has been compromised.”
Experts believe similar attacks have been happening for years and reflect Ottawa’s lack of attention to cyber security.
“This is probably more of a significant wake-up moment than anything else,” said Rafal Rohozinski, a senior scholar with the University of Toronto’s Munk School of Global Affairs.
“If they had looked three years ago they probably would have seen similar kinds of breaches. It’s just that now they’re a lot more aware of it, and they’re starting to look for it, and they’re finding it.”
Rohozinski said between 10 and 12 per cent of all computers in Canada — including those belonging to governments, businesses and individuals — are infected at any given time.
“That’s a fairly significant number. Your computer and mine being infected at home may mean that we may lose some pictures, a few documents and emails.”
“But when it happens within government departments, obviously it becomes a lot more serious.”
He said the latest attack is a reflection of the lack of attention that the government has given to cyber security for a long time.
“When you look at the U.K. government, for example, spending or committing 600 million pounds (C$951 million) to cyber security last year, at a time of real cutbacks across governments, and the Canadian government only putting forward $90 million — there’s a really big difference ... in terms of how seriously the problem is being seen.”
Denney confirmed that employee access to the Internet has been limited at the Treasury Board for the time being, but said the government “has plans in place to prevent, minimize and address the impacts of cyber threats.”
Meanwhile, media reports said the attacks extended to the Finance Department, although a department spokesman referred all questions to the Treasury Board.
The reports cited sources saying the attacks have been traced to computer servers in China.
The reports said attackers infiltrated highly classified documents on computer systems as part of a scheme to steal key passwords that unlock entire government data systems.
Security experts have been warning Ottawa that its computer networks are vulnerable.
A team of researchers from the University of Toronto and Ottawa-based SecDev Group released a report in April 2010, documenting a complex cyber espionage system of Chinese hackers.
They warned the government must take urgent action on cyberspace security, or risk becoming the next victim of a targeted attack by hackers using social media like Twitter to glean secret government or corporate information.
Rohozinski, who is the CEO of SecDev Group, said cyber security is complex and it’s difficult for politicians to ascertain the level of risk.
“It’s not a policy issue that’s as easy to understand as child poverty, or northern communities, or building a road.”
“Committing funds to it is considerable because the expertise is hard to source, hard to find, and the scale of the problem could be massive.”
The test now, he said, is what will the government do to prevent it from happening again.