The statement was contained in the Canadian Security Intelligence Service's (CSIS) annual report to Parliament, which was tabled in early June. In the report, CSIS chief Richard Fadden noted that “hostile actors” are targeting a wide range of organizations, including government, business, educational and personal computer systems. Their goal, he wrote, is the acquisition of “technology, intellectual property, military strategy and commercial or weapons-related information.”
His report underlined the confirmation – obtained by CBC News through an Access to Information request – that the cyber intrusion into government sites announced in February had done more damage than initially admitted. At the time, Stockwell Day, then-Treasury Board of Canada president, said that security systems had prevented hackers from accessing sensitive data. In fact, the attack, which originated in China, stole protected information from both Treasury Board and the Department of Finance.
The CSIS report noted that vulnerabilities in the systems and networks used by public and private sectors leave them open to compromise and exploitation.
Attributing blame is difficult, it concluded, because of the “secure and low-risk” tools and techniques used in cyberattacks. “The threat of cyberattacks is one of the most complicated issues affecting the public and private sectors…Attacks on the latter have grown substantially and are becoming more complex and difficult to detect.”
As a matter of policy, CSIS views some private-sector attacks as a national security issue. The agency regularly meets with organizations to discuss ways of blocking cybercriminals. Fadden's report says that CSIS focuses on “politically motivated threats or incidents.”