#CyberFLASH: Cyber attack at NRC kept secret from other departments

118521-stock-pix-for-files-national-research-council-nrc-2Federal cyber security officials kept a tight lid on who was aware of a serious cyber attack at the National Research Council last year, a move one security officer suggested may have robbed other departments of a fighting chance to protect their systems as well.

Internal government emails show that officials were aware of the hack at least a week before they went public with the news.

Hackers infiltrated systems of the NRC, one of the most important research organizations in the Canadian government, in 2014. The hack led the organization to shut down its systems, and prompted a year-long IT overhaul that will cost $32.5 million. The NRC’s systems were also isolated from other federal systems.

When the government went public about the hack on July 29, at least one department was caught off-guard, with a security officer at Environment Canada complaining about the lack of communication between federal organizations. Environment Canada and the NRC are part of the same IT portfolio.

“Senior management at EC is very concerned about the incident, since we are also part of the science portfolio. We would like to know if there is anything we can do to prevent a similar compromise on our networks,” senior IT security specialist Peggy Cho wrote in an email that was sent to the top cyber security official at Treasury Board.

“As a government, we should be much better at sharing incident information, in order to protect those that still have a chance to apply mitigating measures and protect the GC (government of Canada) further.”

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.