While several MPs and senators say they recently learned they were being targeted by Chinese-backed hackers, the Communications Security Establishment (CSE), one of Canada’s intelligence agencies, says it shared information about the incident with parliamentary officials in June. of 2022.
After the question of when MPs were informed was raised in the House of Commons on Monday, CSE spokesperson Ryan Foreman told CTV News on Tuesday that the CSE shared “specific, actionable technical information about this threat.” ” with IT officials from both the House and Senate.
“As would be our normal process with other Government of Canada partners when threats are detected,” Foreman said. “Once Canada’s security agencies received the FBI report, information including the names of the targeted MPs was immediately shared.”
“Questions relating to how MPs engage in situations like this would be best addressed by HoC officials,” he added, in a statement updated after another spokesperson indicated that in this case, the House “informed and briefed MPs with a general message.”
It’s unclear what that overall message entailed.
Conservative MP Garnett Genuis said on Monday that he and other members of the Inter-Parliamentary Alliance on China (IPAC), of which Genuis is co-chair, learned that their email accounts had been attacked last week, after revealed a document from the United States Department of Justice. accusation in March.
“I would hope that our government would make sure that we have the information that we need to protect ourselves and make sure that our systems are protected,” Liberal MP Judy Sgro said in the House of Commons on Monday. She was one of the parliamentarians affected by the hack.
The CSE said its engagement with the House of Commons and Senate began before the agency received the FBI report, as the agency had been tracking and helping to protect its network and its users against threats to its systems.
House says there are no impacts on cybersecurity
The CSE and its Canadian Cyber Security Center share information on potential and emerging cybersecurity threats with Parliament on an ongoing basis, said Mathieu Gravel, spokesperson for the Office of the Speaker of the House of Commons.
“The House employs layers of robust cybersecurity protections and monitoring programs to ensure the integrity of the parliamentary environment and works closely with national security partners to detect and mitigate threats,” Gravel said in a statement to CTV News.
In this case, he adds, the agency determined that risk mitigation measures had successfully prevented any attacks and that there were no impacts to the cybersecurity of any member or their communications. On Monday night, another parliamentarian made an impact; fellow IPAC co-chair John McKay did not appear to be aware of this.
“I just don’t know the nature of the threat, it has been explained to me,” he said. “It’s a bit of a strange situation.”
According to revealed documents from the US Department of Justice, around January 2021, hackers sent more than 1,000 emails to more than 400 unique accounts of people associated with IPAC.
LeBlanc asks for exact chronology
Genuis says IPAC members were told that American intelligence officials from the FBI were not allowed to brief lawmakers in other countries. However, foreign broadcast requests were sent to all governments with political figures affected in 2022.
Public Safety Minister Dominic LeBlanc told reporters on his way to Cabinet Tuesday morning that he asked his department for an exact timeline of when information about the hack was received, what agency received it and whether they followed protocols. suitable.
“With the information I have, I’m not prepared to say that no notifications were given. We are determining the exact facts of what occurred a couple of years ago,” Leblanc said.