Skip to main content

The Globe and Mail

To guard government computers from hacking, Ottawa to spend $100-million on security

A senior official, speaking on condition of anonymity, said the cost of safeguarding Canadian government computers could even exceed $100-million, would be spread over more than one year and is not finalized because the work is continuing and the effort required to upgrade the security system has gone beyond merely patching the immediate hole.

Kacper Pempel/Reuters

Ottawa will spend as much as $100-million to safeguard Canadian government computers after a Chinese state-backed hacker broke into the National Research Council's system last summer – and the 2015 budget is expected to help underwrite the bill for upgrading network security.

Senior government officials say they were aware of the hacking effort some time before they acted to shut it down and instead lurked in the background gathering information on the cyberintruders.

A senior official, speaking on condition of anonymity, said the cost could even exceed $100-million, would be spread over more than one year and is not finalized because the work is continuing and the effort required to upgrade the security system has gone beyond merely patching the immediate hole.

Story continues below advertisement

There's a request from inside government for extra money in the 2015 federal budget to fund long-term cyberprotection measures.

This request is a sign of how seriously the increased threat of Chinese state hacking is being taken inside Ottawa.

In late July, Canada shut down computers at the National Research Council, the country's premier scientific research agency, to thwart the theft of data by what the government identified at the time as "a highly sophisticated Chinese state-sponsored actor."

It was not the first penetration of Canadian government computers by hackers from the People's Republic of China. Past targets are believed to include Parliament Hill, the Finance Department and Treasury Board, the agency that tracks spending and priorities.

Cyberwarfare and computer-based espionage are growing threats to governments, including Canada and the United States, as well as private companies. The Federal Bureau of Investigation blamed North Korea last month for breaking into Sony's computer systems in retribution for a film mocking the Asian country's dictatorship. On Tuesday, U.S. President Barack Obama unveiled new measures to boost cybersecurity.

The Canadian government has already devoted more than $240-million over the past five years to guard against intrusions.

Sources say there's more to the National Research Council hacking episode.

Story continues below advertisement

In fact, they say, Canadian officials were aware of the intrusion well before they acted to shut down the science agency's computer network last July and sever National Research Council connections to other government computers.

After detecting the hackers, Canadian information security officials decided to monitor them rather than immediately bar entry, according to two government sources.

For some time – one source will only say it was "more than a couple of days" – the Canadian government watched the Chinese-backed hackers probe the network.

"We were trying to gauge how they were going about doing what they were doing," a government source said. "We wanted to see what they were up to."

Sources said Ottawa was able to bide its time because the hackers were probing, rather than stealing data, and because "the stuff they were looking at was judged to be of minor consequence."

The intruders managed to break into the National Research Council computers because its firewall, or security system, was not as strong as the ones that protect other government computers, including those in the Shared Services Canada network, a government source said. The science agency's security seemed to be the "weak link in the fence."

Story continues below advertisement

Officials determined the hackers were trying to use the National Research Council computers as a conduit to reach the rest of the federal government. "They were trying to use that as an entry point into other systems," a source said.

"It was the most sophisticated thing we've seen," the source said. "The concern was this [is] just a prelude to getting more sensitive information."

By the time the government eventually shut down National Research Council computers and disconnected them from other public service networks, security officials were confident they had identified the origin of the cyberespionage.

The Harper government publicly fingered China for the hacking attack in July. In previous cyberespionage incidents, government officials had only privately blamed the Chinese.

In a year-end interview last month, Prime Minister Stephen Harper said the threat of cyberattacks from Beijing persists when asked whether Canadians should assume the Chinese government is still trying to break into Ottawa's computers.

"Security experts will tell you these issues are very real and that's why we take those into account in some of the decisions we take," Mr. Harper told The Globe and Mail.

The affected computer network is being rebuilt and broader safeguards enacted in stages, a government source said.

"You basically have to rebuild a computer system from scratch," the government official said, adding protecting networks is a constant game of catchup.

"They get more sophisticated and then we get more sophisticated and then they get even more sophisticated."

Report an error Licensing Options
About the Author
Parliamentary reporter

Steven Chase has covered federal politics in Ottawa for The Globe since mid-2001, arriving there a few months before 9/11. He previously worked in the paper's Vancouver and Calgary bureaus. Prior to that, he reported on Alberta politics for the Calgary Herald and the Calgary Sun, and on national issues for Alberta Report. More

Comments

The Globe invites you to share your views. Please stay on topic and be respectful to everyone. For more information on our commenting policies and how our community-based moderation works, please read our Community Guidelines and our Terms and Conditions.

We’ve made some technical updates to our commenting software. If you are experiencing any issues posting comments, simply log out and log back in.

Discussion loading… ✨

Combined Shape Created with Sketch.

Combined Shape Created with Sketch.

Thank you!

You are now subscribed to the newsletter at

You can unsubscribe from this newsletter or Globe promotions at any time by clicking the link at the bottom of the newsletter, or by emailing us at privacy@globeandmail.com.