The “cyber incident” that was responsible for knocking the National Research Council (NRC) offline last year was of foreign origin, according to a news report.
The federal agency said in a recent statement that the audit report on the incident won’t be published due to security concerns.
“The Research Council has diligently considered the need for openness, accountability and transparency. In doing so the Council has thoroughly weighed the public interest for disclosure against the need to ensure security of its network and systems,” the Jan. 11 statement said.
The NRC initially announced on March 18, 2022, that some of its website’s applications had been “taken offline” and were temporarily unavailable due to a “cyber incident,” which it never elaborated on besides stating it was “working to bring applications back online as soon as possible,” according to ISA Cybersecurity.
However, a short internal report titled “Audit Of Cyber Incident Response” and obtained by Blacklock’s Reporter through Access to Information law confirmed that the “cyber incident” was a foreign attack.
However, the NRC invoked certain sections of the Access to Information Act in order to withhold some records.
“The head of a government institution may refuse to disclose any record that contains information the disclosure of which could reasonably be expected to be injurious to the conduct of international affairs, the defence of Canada or any state allied or associated with Canada,” reads section 16.2 of the law.
A state-sponsored cyberattack by the Beijing regime on the NRC in 2014 cost Ottawa hundreds of millions of dollars, according to federal documents obtained by the Globe and Mail.
300 Cyberattacks in 2021
Federal Treasury Board figures submitted to a House of Commons committee last year indicated that there were over 300 reported cyberattacks made against federal departments and agencies in 2021.
“Departments and agencies are responsible for reporting cyber incidents to the Canadian Centre for Cyber Security,” read the “Follow-up Responses to the House of Commons Standing Committee on Government Operations and Estimates,” dated March 1, 2022.
“In the last year, there were a total of 308 cyber incidents reported. The Government of Canada works continuously to enhance cyber security in government services by preventing attacks through implementation of protective security measures, identifying cyber threats and vulnerabilities, and by preparing for and responding to cyber incidents to better protect Canada.”
The report also said that between March 2021 and January 2022, there were 358 reported “material privacy breaches.”
“At this time, reporting does not correlate cyber incidents and material privacy breaches,” it added.