Politics

Investigation launched after National Research Council is hit by 'cyber incident'

An investigation is underway after the National Research Council reported being hit Friday by what it's calling a "cyber incident."

It's not clear yet what was behind Friday's incident

CSE said the Government of Canada is subject to ongoing and persistent cyber threats.  (CBC)

An investigation is underway after the National Research Council reported being hit Friday by what it's calling a "cyber incident."

"Due to a cyber incident, some applications on our website were taken offline and may be unavailable. We are working to bring applications back online as soon as possible," says a banner on the agency's website.

It's not clear yet what caused the incident.

A spokesperson for the NRC — which works on science and technology research and development — said it was detected Friday and steps were taken to mitigate the attack.

The banner on the National Research Council's website on Monday, March 21. (National Research Council)

"As a scientific organization, the NRC remains constantly vigilant to the risk of cyber-attacks," said Matt Ellis in an email.

Ellis said the investigation is ongoing and the NRC is working with other departments, including the Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security.

Innovation Minister François-Philippe Champagne, whose portfolio includes the NRC, said it's too early to know whether this was a state-sponsored attack.

"We've been made aware of a security breach at the NRC," he said Monday.

"Obviously we take national security as a primary concern so we took immediate action to prevent any damage."

In a statement issued to CBC News, CSE said the Government of Canada is subject to ongoing and persistent cyber threats.

"Cyber threats can result from system or application vulnerabilities, or from deliberate, persistent and targeted attacks by outside actors to gain access to information," said CSE spokesperson Evan Koronewski.

"At this point, we are unable to comment further on any specific details regarding this incident."

China targeted NRC back in 2014

A Chinese state-sponsored actor targeted the NRC back in 2014, according to the federal government.

The government reported that malware was used to infiltrate the NRC's network and steal 40,000 files, including documents involving intellectual property, advanced research and proprietary business information from the agency's partners.

"China also leveraged its access to the NRC network to infiltrate a number of government organizations," said a recent report by the National Security and Intelligence Committee of Parliamentarians (NSICOP).

"The National Research Council possesses information related to Canadian advancements in technology and intellectual property that can be vital to the technical success of Canadian and international companies."

NSICOP's report, released just last month, pointed to gaps in Ottawa's cyber defences that could leave government agencies vulnerable to hacks, including state-sponsored attacks.

The committee warned that policies intended to secure government systems are not uniformly applied across the federal government.

Recently, CSE has been warning power companies, banks and other critical elements of Canada's infrastructure and economy to shore up their defences against Russia-based cyber threat activity as the Western world responds to Moscow's invasion of Ukraine.

With files from Chris Rands

Add some “good” to your morning and evening.

Your weekly guide to what you need to know about federal politics and the minority Liberal government. Get the latest news and sharp analysis delivered to your inbox every Sunday morning.

...

The next issue of Minority Report will soon be in your inbox.

Discover all CBC newsletters in the Subscription Centre.opens new window

This site is protected by reCAPTCHA and the Google Privacy Policy and Google Terms of Service apply.