Careful attention to government statements and legislation is required to get a handle on the level of risk British Columbians’ information is under, as investigators probe multiple breaches under a continued barrage of attacks.
Government sources have confirmed to CTV News that various government ministries and agencies, along with their associated websites, networks, and servers, face approximately 1.5 billion “unauthorized access” or hacking attempts daily. That represents an increase over the last few years, and explains why the province adds millions of dollars per year to its cybersecurity budget.
Public Safety Minister, Mike Farnworth, sought to reassure the public that “there’s no evidence at this point that any sensitive personal information was accessed” and was adamant that no ransom demands have been made yet. He confirmed police and federal agencies are involved.
But Wednesday’s late-afternoon statement from the premier’s office acknowledging the provincial IT infrastructure had been compromised, a week after CTV News was first to report public employees began receiving urgent bulletins to immediately change their passwords, includes important clues.
It notes “sophisticated cybersecurity incidents,” plural and that government has notified the Office of the Information and Privacy Commissioner. The OIPC declined our interview request and referred us to provincial legislation requiring public bodies to notify his office when there are privacy breaches that “could reasonably be expected to result in significant harm” to physical well-being, reputation, finances, employment, or property.
While Opposition Leader, Kevin Falcon, blasted the government for withholding notification of the attack for at least a week, and doing so an hour before a highly-anticipated Canucks playoff game, one expert is siding with Farnworth’s insistence that delay was necessary.
University of British Columbia associate professor, Thomas Pasquier, specializes in cybersecurity investigations and agrees with government technology experts and third-party advisors who prioritized securing the networks and finding where the breaches were successful.
“It’s important to understand the source and understand what has been done after the initial compromise and how it propagated,” he said. “It could be multiple things, including a phishing attack or a misconfigured database and an attacker got access.”
The federal Communications Security Establishment, which oversees the Canadian Centre for Cyber Security, confirms: “we are working with officials in British Columbia to support their efforts to mitigate the incident” but wouldn’t provide further details. In their email statement they emphasized “cyber threats remain a persistent threat to Canadian organizations, as well as critical infrastructure owners and operators.”
Pasquier urged the government to provide more transparency, but also speculated “the attack may be still ongoing and the investigation is not clear, potentially, about the exact source and the exact extent of the compromise.”
