One of Canada’s spy agencies says it shared details of Chinese hacking targeting Parliamentarians directly with House of Commons and Senate officials back in 2022.
The Communications Security Establishment, which specializes in cyberdefences and intercepting foreign signals communications, couldn’t, however, explain why a group of MPs and senators never got the warning.
As The Globe and Mail first reported Monday, Canadian MPs and senators who belong to a global interparliamentary organization critical of the Chinese government say the FBI recently informed their group that 18 legislators in Canada were targeted in 2021 by hackers linked to Beijing.
The Federal Bureau of Investigation told the Inter-Parliamentary Alliance on China last week that it passed this on to foreign governments in 2022.
On Monday, the same MPs were adamant nobody told them they were under attack because of their affiliation with a global parliamentary alliance critical of Beijing. The Chinese hacking group in question is known as APT31.
The Communications Security Establishment said it did its job.
“CSE shared information with House of Commons and Senate officials shortly after receiving this information in June 2022. This included regular engagement with House of Commons and Senate officials on a range of cyber threats,” CSE spokesperson Janny Bender Asselin said in a statement.
A senior government official said CSE shared detailed information about the APT31 hacking with House of Commons and Senate officials but could not explain why it was not passed on to Parliamentarians. The Globe is not identifying the source because they were not authorized to discuss the matter publicly.
A spokesman for Commons Speaker Greg Fergus declined to answer why the House of Commons failed to tell MPs.
“The House of Commons’ Administration investigates all incidents brought to its attention by security partners. In this case, it determined that the risk-mitigation measures in place had successfully prevented any attack. There were no cybersecurity impacts to any Members or their communications,” spokesman Mathieu Gravel said.
He declined when pressed to explain why MPs were not informed. “We will not be commenting any further on this security matter,” Mr. Gravel said.
Senate officials declined to discuss whether they informed Senators.
“All communications between the Senate and cybersecurity partners remain confidential in nature and are not divulged,” Senate spokesperson Alison Korn said in a statement.
“We can confirm that in all instances when the Senate is informed of, or detects a credible cyberthreat, the Senate’s Information Services Directorate takes prompt action to mitigate the risk and address it going forward. The specific way in which internal communications occur varies, as do specific actions taken, and these are not discussed publicly.”
The six MPs who first went public Sunday with their concerns about not being notified said Tuesday they are upset nobody told them. They include Liberal MPs John McKay and Judy Sgro as well as Conservative MPs Garnett Genuis, James Bezan, Stephanie Kusie and Tom Kmiec.
Mr. Genuis said Tuesday it should not be left to House of Commons IT staff to inform MPs. He said government security agencies should be responsible for it.
~More to come
——————————————————–