On the 25th of January 2022 CNN reports an unpleasant news for the public.2 Claiming that there has been a cyberattack on the foreign affairs ministry of Canada also known as Global Affairs Canada (GAC), causing disruption to internet – based activities.
What is Global Affairs Canada?
In order to fully explain the magnitude of the situation it is necessary to give a little background about the organization itself. According to Wikipedia GAC is the department of the Government of Canada that maintains Canada’s diplomatic and consular relations, promotes Canadian international trade, and leads Canada’s international development and humanitarian assistance.3 Considering they handle many various activities on different levels, they contain a tremendous amount of data. So now you know what’s at risk here.
About the Cyberattack
A day before the incident was detected, the Canadian intelligence agency advised GAC to strengthen their defenses against possible attacks from Russia. Do you smell something fishy? Me too!! According to a source it was later discovered that GAC had been a predicted target of cyberattack4. After the attack the government claims that they weren’t able to locate the origin of the attack. Turns out the government suspects this particular cyberattack was from the Russians. Their reason behind this alleged accusation was that there has been rising tension between both countries over political reason, so this attack was meant to provoke the Canadian government. Considering the increasing number of reinforcements of the Russian army on the Ukrainian border, this claim might be true, but the government does not have sufficient evidence to prove that Russia was behind the attack.
How did it happen?
If we talk about how the hackers were able to bypass all security measures and easily grant themselves access to GAC’s network, it is suspected that hackers used phishing emails. However, the article by Oh Canada1 states, “It is unclear how the hackers obtained access to the GAC network” showing that with all the resources and advanced technology the government still was not able to identify the hackers. This incident caught eye of many residents in Canada since the government has a huge amount of data on its citizens. Many Canadian residents are now having second thoughts about their data’s security. Questions like, “Since the government was not able to protect themselves from such hackers, what about us? Are we safe?” overwhelm their mind continuously. It is indeed the right question because we have put a lot of trust in the government hoping they would go to extreme measures in order to keep our data secure. So, what happens when they fail?
New Measures and Takeaway
After recovering from this incident, the government strictly informed the public that they will be enhancing their data security from now onwards, they claim that with the use of tokenization it will reduce the chances of such incidents from happening again. In addition to that they plan on using a new form of encryption i.e. format – preserving encryption which will be applied to all sensitive data in order to make it worthless even if hackers got a hold of it.
Hopefully these measures will in reality help boost the government’s defense mechanisms, but on an individual level everyone is responsible for their own privacy. We have just seen a government fail in their security measures, therefore, now we cannot just rely on governments to provide us with the necessary security. Rather we should take a step for ourselves and find out how secure our data actually is in the real world.
What is your take on the Canadian Government? Feel free to comment below and share your thoughts.
References
- Suciu , P. (2022, January 28). Oh Canada – foreign affairs ministry gets hacked. ClearanceJobs. https://news.clearancejobs.com/2022/01/28/oh-canada-foreign-affairs-ministry-gets-hacked/
- Lyngaas, S. (2022, January 25). Hackers Target Canada’s Foreign Ministry in Cyber Attack. CNN. https://www.cnn.com/2022/01/25/politics/hackers-canada-cyber-attack/index.html
- Wikimedia Foundation. (2022, January 6). Global Affairs Canada. Wikipedia. https://en.wikipedia.org/wiki/Global_Affairs_Canada
- Global Affairs Canada suffers a cyberattack amid Russia-Ukraine tensions. teiss. (2022, January 26). https://www.teiss.co.uk/news/global-affairs-canada-suffers-a-cyberattack-amid-russia-ukraine-tensions-9482
- Global Affairs Canada Logo. Global Affairs Canada Logo. https://newpathway.ca/global-affairs-sidesteps-np-un-questions/
- Cyberattack. https://www.netsparker.com/blog/web-security/5-ways-a-cyberattack-can-hurt/
It doesn’t feel good to see your own government be the victim of cyberattacks. I get the sense from your post that you think citizens should be concerned about their own security. How will the security breach of the GAC impact Canadian citizens?
As we are exploring in the course, security is constantly evolving, and no system seems to be perfectly secure. I personally don’t see this event as a “failure” by the government. I think that this kind of breach is scary for citizens, and I hope that the government agencies in charge of security are motivated by this event to improve security measures.
You raise an interesting question. Firstly the message I want to convey is that I want the citizens to not just rely on the government for their data security. I want them to take out some time in their lives and do some research of their own. How to chose strong passwords, how to surf the web safely etc.
Secondly I do not blame the government for this incident. Yes, you are indeed right that no system is perfect and this incident is an example of that. I just meant to reference this event as an eye opener for everyone, to realize that every individual should care about their privacy and know how their data is handled by the government at the very least.
Thank you for your comment!
I agree with you that this event should serve as an eye-opener to citizens and to the government! I hope that citizens see that data breaches do happen, and no one is guaranteed to be safe! I like how you mentioned doing their own research to come up with good passwords and to protect themselves.
This was an interesting read and well structured! It’s always so surprising that a government’s networks fail to stop hackers. But as the other comments mentioned, data privacy is always evolving and there is always a chance of getting hacked. I believe the government needs to hire the best talents in order to stay on top of the latest security measures and reduce the risk of such hackings. I agree with you that as individuals we should be extra cautious when browsing the web and always securing our accounts, but in this case, it seems that some aspects of our data privacy is out of control and in the hands of big tech, governments, etc. Thanks for sharing!
It makes sense that the government is a major target for cyberattacks, as a successful attack could provide the hackers with a lot of leverage for demanding ransom, or in this case influencing foreign relations. I’d be interested to know why the government blames Russia, when as you state there is not enough evidence to clearly state so…
I agree with your last point, we definitely need to be careful with what data we entrust to the government, as it is a large target for hackers. No security system is foolproof, and even the most up to date system has its weaknesses. That being said, there is no way that we could possibly keep all of our data from the government, and so I am glad that additional security measures are being put in place.
This was an interesting read.
Governments are always in the radar of the hackers, as government holds tremendous set of data. It is sad to see that even after the warning issued by the intelligence agency about the possible attack, the GAC still didn’t do enough to save itself from this cyberattack. It awful that the government was not able to locate the origin of the attack.
Its good to see that the government is taking measure to strengthen the security to reduce the chances of successful cyberattacks.
Lastly, I agree with you that, we, as individuals need to keep our data secure and take all possible measure to prevent cyberattacks.
Nice post! To be candid, I’m not entirely unsurprised that Russia is suspected to have perpetrated this cyberattack. In January, Ukrainian government systems were victims of a similar cyberattack, which is also believed to have been perpetrated by Russia. In light of the recent political and social tensions between Russia and the West, it seems as though these attacks may be a form of retaliation against the West, or at the very least a warning for Western countries to maintain neutrality in the conflict between Russia and Ukraine. I find it very interesting that governments are now using cyberattacks as a means of violence, as opposed to physical weapons. It speaks to the changing face of battle in this century! We are certainly slowly moving away from the era of strictly physical attacks.
Yikes. While I’m hopefully not being too overconfident, this type of occurrence makes me less concerned with with my data being leaked by my own doing, and much more concerned that it will happen as the result of terrible government security procedures. It’s increasingly concerning when you think about just how much sensitive data these federal agencies have on us. All this data, and yet I still have to physically mail in a passport application covered in very sensitive identification information. Whenever I’ve dealt with a government agency requesting personal information in the past everything has always felt outdated. Unfortunately, I think this could be just the tip of the iceberg.
Interesting post! I was not even aware that this attack occured and it is concerning to see our government fall to an attack. It is even more concerning that the governments security experts could not figure out how this attack occured or even confirm who the assailants were. I do not think that data on Canadian citizens would be in danger given the agency that was attacked but the ministry of foreign affairs is an integral part of the government and would hold confidential information. With rising tensions in Europe this information would be even more valuable to attacking parties. As other comments mentioned I do believe that the government was not at fault for this attack. As soon as they were notified of the possibility of the attack they informed the vulnerable parties but unfortunately it was not enough. With the fast paced nature of software development and new hacking and cyberwarfare methods being developed it is understandable that current defense procedures would fall short. It is also interesting to see whether users will be the cause of security vulnerabilities or if the systems that store data will be the downfall.
A very interesting read! Like many other commenters have noted, once your own government falls victim to a cyber attack, it’s difficult to really feel secure on your own. Your article notes that the Canadian Security Agency (presumably CSIS) warned GAC of a potential cyber attack, and yet they still fell victim to it. In your opinion, should protection of data against attacks and theft be a greater priority for the Government? Furthermore, if we assume that the attack was phishing related, is it really the best tactic for the government to take to invest in tokenization, or should they first look towards ensuring that their own employees don’t fall victim to hacking attempts?