Employee info may have been compromised in NRC cyberattack: president
Published Tuesday, July 29, 2014 8:57AM EDT
Last Updated Tuesday, July 29, 2014 11:02PM EDT
A “highly sophisticated” cyberattack on the National Research Council’s computer systems may have compromised employees’ personal information and client data, along with Canada’s scientific and industrial trade secrets.
NRC President John McDougall told employees in a conference call Tuesday that “any information held in our systems, including employees’ personal information, may have been compromised.”
“Client information and data may also have been compromised. We’re informing clients and stakeholders about this situation,” he said.
CTV News obtained audio of that call, during which McDougall also instructed employees not to connect their memory sticks, smartphones or tablets to their work computers.
“We’re now accelerating our previously planned work to create a new, better, stronger and more secure IT infrastructure,” he said.
Ottawa confirmed Tuesday a CTV News report that the computer systems at the National Research Council had been targeted over the last month "by a highly sophisticated Chinese state-sponsored actor."
The Chinese Embassy in Canada is denying the “groundless allegation” that China was behind the cyberattack.
In a strongly worded statement released Tuesday afternoon, embassy spokesperson Yang Yundong said they do not accept accusations or speculation about China’s involvement.
“The Chinese government has always (been) firmly opposed to and combated cyberattacks in accordance with the law,” Yundong said. “In fact, China is a major victim of cyberattacks.”
The Treasury Board of Canada said the NRC's computer networks have been isolated from the government’s IT network, as a precautionary measure. CTV’s Ottawa Bureau Chief Robert Fife says the shutdown occurred Monday.
"We have no evidence that data compromises have occurred on the broader Government of Canada network," the agency said in a statement Tuesday. It added it could take security experts up to a year before a more secure computer system could be put in place.
In an email to CTV News, the Communications Security Establishment Canada said it detected and confirmed a “cyber-intrusion” on the NRC computer networks, and is now actively working with the NRC, Shared Services Canada and other government information technology security partners to “assess and mitigate” the cyberattack.
Foreign Affairs Minister John Baird, who is on a three-country tour through Asia, raised the cyber-attack issue directly with his counterpart in Beijing during "full and frank discussions," on Tuesday, says Fife.
But the Chinese Embassy says cyber security and cyberattacks are a “common challenge” faced by the international community.
This is not the first time Chinese hackers have penetrated Canadian government computers. They have previously targeted the Finance department, the Treasury Board, the Bank of Canada, and even the email accounts of members of Parliament.
The U.S. government has also blamed Chinese hackers for data breaches and computer intrusions.
The NRC said while ongoing business operations will be affected while its computer security system is being reconfigured, "every step is being taken to minimize its impact on our clients and stakeholders." The agency added that, "due to security and confidentiality reasons," further details could not be released, although it promised an update on Thursday.
CTV News first reported Monday night that Chinese hackers have been trying to break into NRC computers for the past month.
The National Research Council is Canada's top science and technology research organization. It handles research related to satellite technology, space and industrial innovations and genetically modified foods, among others.