COVID-19 has had a profound impact on our country and the world. This uncertain environment is ripe for exploitation by threat actors seeking to advance their own interests. Canada’s security and intelligence organizations, the Communications Security Establishment (CSE) and the Canadian Security Intelligence Service (CSIS), recognize these unique conditions and are working tirelessly to mitigate these threats. For instance, CSE, and its Canadian Centre for Cyber Security (Cyber Centre), is continuously raising public awareness of cyber threats to Canadian health organizations by proactively issuing cyber threat alerts, and providing tailored advice and guidance to Canadian health organizations, government partners, and industry stakeholders.
With regards to the specific threats, the Cyber Centre has assessed that the COVID-19 pandemic presents an elevated level of risk to the cyber security of Canadian health organizations involved in the national response to the COVID-19 pandemic.
CSIS, sees an increased risk of foreign interference and espionage due to the extraordinary effort of our businesses and research centres. As a result, CSIS is working with these organizations to ensure that their work and proprietary information remains safely in their control. Its focus is on protecting Canadian intellectual property from these threats - and jobs and economic interests with it.
Both CSIS and CSE are working in line with their respective mandates to ensure that as many Canadian businesses, research entities and different levels of government as possible are aware of the threat environment and that they have the tools and information they need to protect themselves. For example, the Cyber Centre has recently partnered with the Canadian Internet Registration Authority (CIRA) on the CIRA Canadian Shield, a free protected DNS service that prevents users from connecting to malicious websites that might infect their devices or steals personal information. The service uses threat intelligence from the Cyber Centre.
Given the current situation in Canada, especially with Canadian researchers and health organizations focused on COVID 19, the Cyber Centre issued a proactive Alert on March 20, 2020. The Cyber Centre also continues to meet regularly with and share threat information derived from CSE’s foreign intelligence and cyber defence mandate with Canadian health care and research sectors, provincial and territorial governments as well as other partners as appropriate.
CSE, including the Canadian Centre for Cyber Security, is always monitoring for threats that may be directed against Canada and Canadians, and regularly sharing threat information with our allies. As a general rule, neither CSE or CSIS comment on specific details of our operations. We can say that CSE has assessed that it is near certain that state sponsored actors have shifted their focus during the pandemic, and that Canadian intellectual property represents a valuable target. However, it is equally important to note that the bulk of the malicious threat activity we have observed during the COVID 19 pandemic continues to be criminal in nature. CSE has issued alerts and cyber security advice and guidance related to COVID-related phishing campaigns and a broader Canadian statement was issued by Global Affairs Canada on this topic on 30 April. As a result, the Cyber Centre has and continues to recommend that Canadian health organizations remain vigilant and take the time to ensure that they are applying cyber defence best practices, including increased monitoring of network logs, reminding employees to be alert to suspicious emails, use secure teleworking practices, ensuring that servers and critical systems are patched for all known security vulnerabilities.
Finally, it is important to note that the Government of Canada has a strong and valuable relationship with its Five Eyes alliance partners. We regularly share information with our partners, including the U.S., which has a significant impact on protecting our respective countries’ safety and security.