New data reveal that hackers compromised systems in Canadian government agencies dealing with natural resources, energy, and environment 2,078 times this year.
Last month, Canada’s Communications Security Establishment (CSE) reported that it had detected 4,571 instances when government systems were compromised by hackers since 1 January. By a large margin, the majority were in natural resources, energy, and environmental agencies. It found less in other areas of government—the next most-targeted sector was industry and business development (with 954) and then government administration (with 387). The statistics are the first of their kind, Globe and Mail reports.
Out of the 4,571 system compromises, the CSE only found three cases where data was “ex-filtrated”—once in the natural resources, energy, and environment sector. It reports that stolen information was unclassified.
“These statistics are a clear indication of the very real threat that exists,” says Canadian parliament member Matt Jeneroux, who requested the data from the CSE.
In the report, the CSE broke down the statistics into 11 sectors, instead of individual departments, because disclosing departments “could provide hostile actors with an understanding of the vulnerabilities of the Government of Canada” and how well the government can detect cyberattacks. Agencies within the affected sector had little to say about the report. Canada’s National Energy Board and Atomic Energy of Canada Limited did not respond to requests for comment. Environment and Climate Change Canada as well as Natural Resources Canada referred IEEE Spectrum to the CSE.
The agencies list some of their responsibilities on their public websites. Canada’s National Energy Board, for example, is involved in energy regulation and evaluation during pipeline or power line projects. Natural Resources Canada, meanwhile, offers policy or helps conduct research in fields from explosives to energy sources and distribution.
The news comes while around the world, electricity grid cybersecurity has become a growing concern. In December 2015, hackers cut off power to over 200,000 people in Ukraine—the first confirmed cyberattack to take out an electricity system.
The Canadian numbers appear quite high when compared to those available in the United states. A Freedom of Information Act request by USA Today revealed that the U.S. Department of Energy detected 159 successful intrusions between 2010 and 2014. At the time, officials didn’t say whether any data was accessed that related to the operation and security of the U.S. power grid, USA Today reports.
A spokesman for the CSE writes in an email that the CSE will not provide details about “specific cyber threat actors or cyber security incidents,” in order to protect the efficiency of classified cyber-defense methods that secure the government’s networks. However, he writes that the CSE blocks over 100 million attempts to find vulnerabilities or compromise government networks every day. These hacks can come from “hacktivists” acting for political reasons, criminals, terrorists, and nation states.
Jeneroux will consider whether to request further information from the CSE. “It is important that the Government of Canada continue to identify these threats and determine ways to secure our information and protect our national security,” he writes.