Canada’s spy agencies are warning that Canadian intellectual property linked to the pandemic is a “valuable target” for state-sponsored actors — just a day after U.S. intelligence agencies warned of China-backed hacking of institutions and companies researching vaccines, treatments and tests for the novel coronavirus.
“The Communications Security Establishment has assessed that it is near certain that state-sponsored actors have shifted their focus during the pandemic and that Canadian intellectual property represents a valuable target,” reads a rare joint statement from the Communications Security Establishment (CSE), Canada’s foreign signals intelligence agency, and the Canadian Security Intelligence Service (CSIS).
“With regards to the specific threats, the Cyber Centre has assessed that the COVID-19 pandemic presents an elevated level of risk to the cyber security of Canadian health organizations involved in the national response to the COVID-19 pandemic.”
‘Foreign interference and espionage’
CSIS reported “an increased risk of foreign interference and espionage due to the extraordinary effort of our businesses and research centres.”
“As a result, CSIS is working with these organizations to ensure that their work and proprietary information remains safely in their control. Its focus is on protecting Canadian intellectual property from these threats — and jobs and economic interests with it.”
The statement doesn’t name the state actors suspected of posing a threat and neither agency would say whether they’ve witnessed specific attacks.
The warning comes a day after the FBI and the Cybersecurity and Infrastructure Security Agency in the U.S. publicly accused China of targeting U.S. organizations running COVID-19-related research.
“The United States condemns attempts by cyber actors and non-traditional collectors affiliated with the People’s Republic of China (PRC) to steal U.S. intellectual property and data related to COVID-19 research,” said Secretary of State Mike Pompeo in a statement today.
“The potential theft of this information jeopardizes the delivery of secure, effective and efficient treatment options.”
The joint statement from the Canadian intelligence agencies follows an alert the CSE put out in March warning about potential online attacks against the Canadian health sector, including research facilities.
Scott Jones, head of the CSE’s Cyber Centre, warned at the time that sophisticated threat actors could target Canadian medical research labs working on vaccines or other remedies through manipulation or spear-phishing campaigns — or by going after critical vulnerabilities as more housebound employees connect with their workplaces through VPNs (virtual private networks).
Jones said intellectual property theft — through stealing or corrupting data generated by Canadian researchers — is a “lower probability” threat but one that would be “very high impact.”
“We’re saying, ‘OK this is a time to maintain vigilance, because you will be targeted,'” he said.
Working with Five Eyes allies
While today’s statement doesn’t mention specific state actors, it does point out that both agencies work closely with the Five Eyes intelligence-sharing alliance, which includes the United States.
“We regularly share information with our partners, including the U.S., which has a significant impact on protecting our respective countries’ safety and security,” says the statement.
The Cyber Centre said it also regularly shares threat information with health care and research sectors, provincial and territorial governments.
In today’s statement, the CSE stressed that most of the malicious threat activity it’s seen during the pandemic period has been criminal in nature.