State actor blamed for cyberattack on B.C. government systems
The head of B.C.'s public service has announced that there is a high degree of confidence a state or state-sponsored actor attempted to breach government systems in a cyberattack.
Shannon Salter, head of the public service, announced that three separate attempts were made to breach government systems over the last month, with attackers being directed to do so by a foreign state.
Salter said that investigations remain ongoing, and did not share which state could have been involved in the cyberattack or which systems they attempted to access.
Premier David Eby announced the cyberattack on Wednesday, saying the Canadian Centre for Cyber Security (CCCS) and other agencies are involved in the investigation.
Public Safety Minister and Solicitor General Mike Farnworth told reporters Friday there is no evidence that sensitive information, such as health data, has been compromised in the attack.
Farnworth added there was no evidence the cyberattack succeeded in accessing the information and there had been no ransom demand.
Mike Farnworth, minister of public safety and solicitor general, has said the recently announced cyberattack on B.C. government systems was likely carried out by a state or state-sponsored actor. (Ben Nelms/CBC)
"Government staff, with support from other agencies, have worked to protect government systems and respond to the incident," he said at the news conference. "They have been able to ensure that there has not been an interruption to government operations or services."
He added that 76 staff are employed year-round to protect government systems from cyberattacks, with officials saying a large number of attempts are made on government systems daily.
Timeline of attack
Salter told reporters in a technical briefing Friday afternoon that the B.C. government first began investigating an attempted breach of its systems on April 10.
On April 11, the cybersecurity incident was confirmed and reported to the CCCS, and the government also notified Microsoft's Detection and Response Team (DART) of the suspected breach attempt.
A few weeks later, on April 29, Salter said the same threat actor was involved in additional activity on government systems, and public service workers were told to change their passwords.
On May 6, another cyberattack was identified, with Salter saying the same threat actor was responsible for all three incidents.
Two days later, B.C.'s premier went public with news of the attack, after the CCCS told officials that safeguards had been put in place that would allow the public to be notified.
The CCCS is part of Canada's national cryptological agency, the Communications Security Establishment, providing guidance, services and support to government on cybersecurity.
Motivation behind cyberattack unknown
Salter said that the investigation into the cyberattacks will continue, and emphasized that over 40 terabytes of data is being analyzed — more than what is held in the U.S. Library of Congress.
Farnworth said that the CCCS believes a state or state-sponsored actor is behind the attack based on the sophistication of the attempted breaches.
"Being able to do what [technical experts] were seeing, and covering up their tracks, is the hallmarks of a state actor or a state-sponsored actor," he said.
The B.C. government has said no sensitive information was compromised in the cyberattack, but did not disclose which systems exactly were attempted to be accessed. (Tammy54/Shutterstock)
Salter said the motivation behind the cyberattack remains unknown.
She added that previous investments in B.C.'s cybersecurity infrastructure helped detect the attack last month, and the government spends more than $25 million a year to beef up its security controls, in addition to working closely with its federal partners.
Workers told to change passwords
The premier said last week that the province's chief information officer had directed public service employees to change their passwords to "ensure the security of government email systems."
The Opposition B.C. United party questioned why the government took a week to update the public about the cyberattack, given the password change notification last week.
Salter said on Friday that the CCCS was clear all along that the cyberattacks could not be made public until appropriate measures had been put in place in order to avoid further attacks.
B.C. Premier David Eby first went public with news of the cyberattack on Wednesday, with public service workers being told to change their passwords a little over a week before that. (Ben Nelms/CBC)
Eby said, to his knowledge, the cyberattack isn't connected to the recent attack on London Drugs.
The pharmacy and retail chain based in Richmond, B.C., had to close all of its stores in Western Canada for a week in response, with the chain's CEO remaining tight-lipped about the exact cause of the attack.
The B.C. Libraries Co-operative said last week that it was also targeted by a hacker who threatened to release user data if a ransom was not paid.