Members of the Canadian Parliament have been asked to change their email passwords and some internet-based services on Parliament Hill have been restricted after what’s being described as a “cyber incident.”
The threat to the government’s information technology infrastructure was identified last Wednesday.
All users served by the House of Commons infrastructure — including members of Parliament and their staff, as well as staff of the House of Commons administration, the Senate, the Library of Parliament, the Parliamentary Protective Service and the Conflict of Interest and Ethics Commissioner — have been affected by the cyber incident.
Critical services for parliamentarians and House of Commons staff continue to function, but some internet-based services remain restricted as mitigation measures continue.
An email sent to all members of Parliament said the incident is still under investigation, and asked users who have not updated their passwords in a previous alert on Oct. 14 to do so the next time they log on to the network.
The Speaker’s office doesn’t have any information to share regarding who might be behind (the cyber-attack) or what kind of information could be compromised.
The warning to MPs was far from a routine communication and suggests very strongly that parliamentary IT has been made aware of a significant cybersecurity risk.
The Canadian Centre for Cyber Security, a government agency that provides advice and support for online security, is aware of “a cyber incident,” and is supporting the federal government to ensure critical services remain functioning.
The breach comes just months after Global Affairs Canada was the target of a major cyber-attack in January. In August, a senior RCMP official told parliamentarians he had “little doubt” they were all being targeted by hostile actors. The House Speaker’s Office stated then that MPs and their staffers received specially configured devices and training on cybersecurity.
A February report from the National Security and Intelligence Committee of Parliamentarians said there were weaknesses in the government’s cyber defense system. The report warned of the risks of state-sponsored hackers from countries like China and Russia accessing the system and stealing sensitive data.
From The Shadows Emerges Knowledge