by Richard Tardif
Reports from Ottawa suggest the Canadian government over the next year will spend upwards of $100-million to hack-proof, or in the least, protect sensitive information in the National Research Council database, a reactive move after a six-month investigation allegedly accusing Chinese state-backed hackers.
A senior official, speaking on condition of anonymity, told the Globe and mail on January 14 that the cost could exceed $100-million because the amount is not finalized because the work is continuing and the effort required to upgrade the security system has gone beyond merely patching the immediate hole.
The National Research Council, known for its scientific research agency, had their computers shuts down last July in an attempt to prevent data theft. The government reported that “a highly sophisticated Chinese state-sponsored actor” was responsible. Previous intrusions Past targets are believed to be the Finance Department and Treasury Board, both reported as Chinese based hacks.
The government has taken some criticism, being accused of knowing about the hack, and in particular, not shutting down the site. The decision to monitor rather than shut down was the right decision, according to Terry Cutler, a cyber-security expert based in Montreal.
“It would serve better to track the hackers and this would be a proactive approach,” he said. “Part of the problem with shutting down is having to work backwards to determine who the intruders were, because by that time the hackers have covered their tracks.” Prime Minister Stephen Harper has said that China will continue to breach Canadian government computers.
“Security experts will tell you these issues are very real and that’s why we take those into account in some of the decisions we take,” the Prime Minister said in the January interview with The Globe and Mail.
“We need more tools at the ready when these hacks occur,” said Cutler. Cutler is against patching holes because by then it is already too late and the amount of money required to stay ahead of the intruders is far from the $100-milllion proposed.
I’m a government cleared cybersecurity expert (a Certified Ethical Hacker), and the Vice-President of Cyber at SIRCO, an investigations and protections firm in Montréal, Canada.
I’m also a frequent contributor to National & Global media reportage about cyber-crime, spying, security failures, internet scams, and the real social network dangers that families and individuals face every day.