A Conservative MP is challenging claims by House of Commons administration that a China-backed hacking attempt did not impact any members of Parliament, because the attack was on his personal email.
Garnett Genuis rose in the House Wednesday saying the cyberattack by the group known as APT31 targeted this personal email account, not his parliamentary account, meaning he wasn’t sure if the attack was successful or not.
"I have no idea how APT31 came to access my personal non-parliamentary account, because it is not publicly available," said Genius while rising on a point of privilege in Parliament.
"I was attacked at my personal account because of my parliamentary activities in order to access information about and disrupt my parliamentary activities," said Genius who is the co-chair of Inter-Parliamentary Alliance on China (IPAC). The alliance is an international cross-party group of legislators who look at reforming how democratic countries deal with China.
House of Commons administration determined that there were no cybersecurity impacts to any members or their communications, Mathieu Gravel, a spokesperson for the Office of the Speaker of the House of Commons, told CTV News on Tuesday.
"The House employs layers of robust cybersecurity protections and monitoring programs to ensure the integrity of the parliamentary environment and works closely with national security partners to detect and mitigate threats," said Mathieu Gravel from the office of the Speaker.
The Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security share information on potential and emerging cybersecurity threats with Parliament on an ongoing basis, added Gravel.
Exactly when and how parliamentarians found out about the China-backed hacking attack continues to be contentious as a number of them only learned their email accounts were targeted last week, following the unsealing of a U.S. Department of Justice indictment in March. Those documents revealed a 2021 Chinese cyberattack targeted 18 parliamentarians. The indictment said the People's Republic of China's state-backed hacking group, had "sent malicious tracking-link emails to government officials across the world who expressed criticism of the PRC (People's Republic of China) government."
The CSE says it shared information about the incident with parliamentary officials in June of 2022. CSE spokesperson Ryan Foreman told CTV News on Tuesday that CSE shared "specific, actionable technical information on this threat," with both House and Senate IT officials.
"Questions related to how MPs are engaged on situations like this would be best addressed by HoC officials," he added, in an updated statement after another spokesperson indicated that in this case, the House briefed and informed MPs with a general message about cybersecurity.
Liberal MP Judy Sgro, a parliamentarian whose email was targeted by the hacking and was not informed by the House of Commons staff, found the response "disgraceful," she told CTV News.
The Ontario MP was told House of Commons officials did a check of the firewall system and then sent an email to all 338 MPs asking them to pay closer attention to their computer systems to avoid being hacked.
"I want to know how much of a threat I'm under," Sgro said. "I would have expected that my IP address would have been changed. I would have felt much better. But that didn't happen."
Genuis echoed that sentiment Wednesday in the House of Commons pointing out "It is the responsibility of the government to inform parliamentarians of threats against them."
"If someone tries to hurt me but their attempts are thwarted, I would still like to know I have been targeted in order to plan to protect myself going forward," said Genuis.
