A number of federal departments and agencies say they are working together to respond to a recent cyberattack on systems at Global Affairs Canada [GAC].
According to a government statement, the “cyber incident” took place on Jan. 19 and was limited to that one government department.
“There is no indication that any other government departments have been impacted by this incident,” said a government media statement.
“This investigation is ongoing. We are unable to comment further on any specific details for operational reasons.”
The statement says the Treasury Board Secretariat, the Office of the Chief Information Officer, Shared Services Canada, the Communications Security Establishment and its Canadian Centre for Cyber Security are working to respond to the incident.
The federal government did not say which systems were targeted or whether any damage was done, but confirmed that GAC’s systems still have not returned to normal use.
“Critical services for Canadians through Global Affairs Canada are currently functioning,” the statement said. “Some … internet-based services are not currently available as part of the mitigation measures and work is underway to restore them.”
The statement did not say where the attack originated or who might have been responsible. A government source told CBC News that, given the complexity of cyberattacks, it may be days before the source of the attack is identified.
CBC News has seen internal emails showing that Canadian missions abroad are experiencing electronic communications issues today and that emailing these embassies wasn’t possible for a number of hours.
A ‘known’ threat from Russia
On the day of the incident, the Canadian Centre for Cyber Security put out a bulletin urging those responsible for Canada’s online infrastructure to “raise awareness and take mitigations against known Russian-backed cyber threat activity.”
The centre said it “is aware of foreign cyber threat activities, including by Russian-backed actors, to target Canadian critical infrastructure network operators, their operational and information technology.”
That statement followed similar warnings from the U.S. on Jan. 11 and from the U.K. on Jan. 12.
Russia’s aggressive posture against Ukraine is straining its relations with the West.
Russia has massed an estimated 100,000 troops near Ukraine’s border and is demanding that NATO promise it will never allow Ukraine to join. Moscow also has demanded that allied nations pull back troops now stationed in former Soviet bloc countries.
Some of these demands — like the call to permanently bar Ukraine from NATO — are non-starters for the alliance, increasing the likelihood of open conflict.
Last month, experts told CBC News that Moscow likely would not sanction direct, attributable attacks on NATO members but would almost certainly use its vast cyber and disinformation capabilities to sow confusion and strife among Ukraine’s closest supporters and allies during a crisis.
“I think they could expect high-level cyberattacks just short of Article 5, just short of war, whether or not Putin goes into Ukraine,” said Matthew Schmidt, an associate professor and national security expert at the University of New Haven, Connecticut.
“That has become a constant background fixture of modern warfare. It’s going on now.”
Schmidt said he believes the Baltic countries in NATO will be singled out because of their Russian-speaking populations.
Canada leads the Western military alliance’s forward presence battle groups in Latvia and has been on the receiving end of Russian cyberattacks and disinformation campaigns in the past.