Canada’s cybersecurity agency is warning regional and local governments about cyber espionage by the Chinese regime, citing repeated and ongoing attempts to infiltrate all levels of government to access sensitive information on decision-making, regional affairs, and Canadians’ personal data.
The People’s Republic of China (PRC) “almost certainly” poses the “greatest ongoing” cyber espionage threat to Canada, the Canadian Centre for Cyber Security said in a bulletin updated on March 4.
“We have observed repeated targeting of all levels of government, as well as multiple compromises of government networks,” said the cyber centre, noting that federal agencies and departments have been compromised by PRC cyber threat actors “more than 20 times over the past few years.”
“PRC actors are well resourced, persistent, and capable of sustaining multiple concurrent operations in Canada,” the agency added, reinforcing earlier warnings that PRC cyber threat activity surpasses that of other nation-states in volume, sophistication, and targeting breadth.
The Chinese regime “almost certainly” views provincial, territorial, indigenous, and municipal governments as “valuable” targets for cyber espionage, according to the bulletin.
The scope and scale of cyber activity targeting regional and local governments remains “largely unknown,” the cyber centre said, urging these governments to strengthen their protection against cyber threats and collaborate to facilitate threat detection.
Objectives and Methods of PRC Cyber Espionage
The PRC’s cyber activity targets often reflect national policy objectives. With its infiltration of Canadian networks, the Chinese communist regime seeks to gain economic or diplomatic advantage in its bilateral relationship with Canada, the cyber centre said.
Related Stories
Gathering information related to technologies “prioritized in the PRC’s central planning” is another cyber espionage objective, along with the collection of large datasets of personal information, “likely for the purposes of bulk data analysis and further targeting.”
The PRC has previously accessed victims by “exploiting” software vendors and managed service providers (MSPs). The reliance of governments at all levels on MSPs and third-party vendors to handle large networks may create opportunities for cyber actors to access government information, the organization said.
Some of the Chinese regime’s cyber activity likely goes unnoticed by Canadian network defenders because cyber actors avoid detection, blend into normal system traffic, and access multiple victims at once, the agency said.
Defending Against Cyber Threats
While threats to federal networks is the cyber centre’s “most significant” concern, the threat to regional and local governments remains unclear due to the lack of information from potential victims, the agency said.
“Information sharing is necessary to enable effective detection and remediation, particularly when dealing with sophisticated cyber threat actors like those sponsored by the PRC,” said the cyber centre, calling for greater information sharing across all levels of government to strengthen cooperation.
“Information sharing allows the Cyber Centre to better assess threats, collectively mitigate and respond, and inform potential victims and targets as soon as possible.”
The agency is also advising regional and local governments to adopt a series of measures it says can be implemented by any organization in Canada to improve its cyber security posture.
The measures include using phishing-resistant multi-factor authentication, maintaining comprehensive and historical logging information, reducing the response time for critical breaches, and establishing a cyber incident response and recovery plan.
