The Communications Security Establishment complex is seen in Ottawa, on Oct. 15, 2013.Sean Kilpatrick/The Canadian Press
Canada’s electronic spy agency for the first time named countries such as China and Russia as the greatest “strategic threat” to this country, warning that foreign actors are developing cyber capabilities to disrupt critical infrastructure.
The Communications Security Establishment (CSE) released its annual threat-assessment report Wednesday, identifying China, Russia, North Korea and Iran as the most active countries attempting to steal technology or create divisions within Canadian society.
“During the COVID-19 pandemic, large medical and biopharmaceutical companies in Canada and abroad have been targeted by state-sponsored cyberthreat actors attempting to steal intellectual property related to COVID-19 tests, treatments and vaccines,” CSE said.
“We assess that it is almost certain that state-sponsored actors will continue attempting to steal Canadian intellectual property related to combatting COVID-19 in order to support their own domestic public-health response or to profit from its illegal reproduction by their own firms.”
Since the start of COVID-19, these countries have also gained access to hospitals in Canada and around the world “compromising both IT networks and … imaging products used in the health care industry.”
These countries are also developing cyber capabilities to disrupt Canadian critical infrastructure, such as the electricity supply, but are unlikely to act in ways to cause major damage unless there is an outbreak of “international hostilities,” the report said.
The 2020 report is the first time CSE has listed states by name in its annual survey of cyberthreats. Scott Jones, head of CSE’s Canadian Centre for Cyber Security, said the agency felt it was “important to relay that information in the context of the threats Canada will face.”
He said, however, that Canada must be ready to defend “against any actor, no matter where they come from.”
The report also takes aim at proposals by China and Russia to reshape how the internet is managed in a way that would enable greater border controls over the free flow of information between countries and around the globe.
In a foreword to the report, Defence Minister Harjit Sajjan warned that the internet is at a “crossroads” because Russia and China are proposing “to turn it into a tool for censorship, surveillance and state control.”
The report named this drive by Beijing and Moscow as one of five trends that could affect cybersecurity, noting that these countries “continue to push their agenda at international forums” such as the International Telecommunication Union (ITU), a United Nations body responsible for communications technology.
CSE said that China and Chinese companies, including Huawei Technologies, have tabled a proposal with the ITU for a “New Internet Protocol” that would “fundamentally transform the way the internet works.”
Mr. Jones said the internet today remains a federation of interconnected networks where “you can communicate openly and freely” but China’s New Internet Protocol “would allow a nation to impose its will” on the content and functioning of the internet.
He said this alternative model might strengthen cybersecurity but is a fundamentally different approach to the internet.
CSE said Russia and Iran are also active as online trolls, using fraudulent Twitter accounts to highlight divisions in Canadian society over immigration, pipeline politics or terrorism. It cited the January, 2017 Quebec City mosque shooting and the June, 2019 approval of the Trans Mountain pipeline expansion project as examples of events targeted by trolls.
The cybersecurity agency warned about the increasing use of “deepfake” technology, where state-sponsored actors can produce a video of a “full person from scratch, and audio deepfake software that is capable of cloning human voices.”
While countries such as China and Russia have the most “sophisticated capabilities,” CSE said cybercriminals are the most “pervasive threat” to Canadians and are difficult to apprehend, especially if they operate outside Canada.
“For example, in Russia, China and Iran, cybercriminals are very unlikely to be prosecuted for financially motivated cyberthreat activity against targets outside of the country,” the report said.
Online criminals conduct the most threat activities against Canadians, including ransomware attacks, theft of personal, financial information and denial-of-service attacks.
“The development of cryptocurrency has facilitated the activities of cybercriminals and states as a means of exchanging and laundering money with greater anonymity,” CSE said. “Without cryptocurrencies, many forms of cybercrime would be cost-prohibitive for cybercriminals.”
Cybercriminals target payment card data by stealing credit-card details and other information that victims enter on e-commerce sites, which is called “formjacking.” CSE said many large websites have been compromised using this technique, including airline companies and ticket sellers.
“In 2019, more than 200 campus stores at universities and colleges in Canada and the U.S. were affected by formjacking. We assess that this trend will likely increase over the next two years as Canadians are increasingly relying on e-commerce, in part due to the COVID-19 pandemic,” the agency said.
Know what is happening in the halls of power with the day’s top political headlines and commentary as selected by Globe editors (subscribers only). Sign up today.
Robert Fife
Steven Chase