Spy agency official 'really worried' about how hackers try to access government info

Protecting the Canadian government's most sensitive information requires constant investment and education in an ever-accelerating technology environment, says a top official at the Communications Security Establishment.

"It's always about constant vigilance," said Scott Jones, assistant deputy minister of the Information Technology Security program at the Communications Security Establishment, in an interview with Rosemary Barton on CBC's Power & Politics.

• Canada's electronic spy agency stops sharing some metadata with partners
• 'Make good' on promise for parking for Canada's spy agencies​

"New vulnerabilities are found every day, and it's not about any single actor. I'm actually not concerned about who it would be at the [other] end, because at the end of the day, any time the government is compromised, to me that's a big problem," he said.

"We're really worried about how they're going about it.… We are really worried about how they are trying to get into the system and what exploit could they be using. So what's the vulnerability they're using?" 

The Communications Security Establishment is Canada's national cyberspy agency, tasked with providing and protecting information of national interest. Jones said his job is to defend against cyber threats to government systems.

'Great strides' made

Across the government, Jones said, the agency blocks over 100 million malicious cyber attempts a day, and some days that number exceeds a billion.

"Sometimes it's just probing, poking at our systems, looking to see what's vulnerable. Or, frankly, just looking, doing reconnaissance. Trying to find out what are we running," the usually media-shy official explained after a talk sponsored by the University of Ottawa's Centre for International Policy Studies.

• Chinese cyberattack hits Canada's National Research Council
• Trump 'accepts' findings that Russia tried to meddle in U.S. election

"We protect ourselves from those types of things. Things that can be used to then further exploit, further attack the government of Canada. So, we really try to take that away from the adversary so they can't see where our vulnerabilities are."

Jones said the federal government has made some "great strides" in the last few years to improve Canadian cybersecurity.  

"We've actually made significant progress in the last few years in terms of improving that, making the investments we need to, but also taking the defensive mission very seriously," he said.

Election hacking fears

On the same day the federal government abandoned its promise of electoral reform, the Minister of Democratic Institutions Karina Gould received a new mandate letter directing her to ask the Canadian Security Establishment to "analyze risks to Canada's political and electoral activities from hackers."

Jones said that he thinks the Canadian electoral process is pretty robust, but the agency is looking at the entire system put together.

"There are things that we just don't know about yet for the cyber side of things that we need to start exploring to prepare for the future. I think this is a domain that is going to change over the next few years. It's not necessarily what happened in the last two, it's where is it going in the next 10," said Jones.

The agency's threat assessment will be made public upon completion.