Any business that’s suffered a cyber security breach knows that it can be a costly experience, but few could stomach a report from the federal government that a 2014 breach at the National Research Council (NRC) cost “100s of millions of dollars,” as reported by the Globe and Mail.
The newspaper obtained a PowerPoint presentation used by government officials to discuss the fallout from the hack. The slide detailing the 2014 attack says the NRC was “a victim of Chinese Computer Network Exploitation (CNE) activities.” It also notes that this sort of state-sponsored attack has the highest impact in terms of hurting national interest and public confidence.
The Globe reports that the cost was an estimate of the potential cost of a total IT compromise involving multiple departments and that it would take lost productivity into account. But officials were vague about any actual calculations that went into the estimate.
At the time of the breach in 2014, NRC said that an intrusion on its IT infrastructure was detected by the Communicatons Security Establishment. A treasure trove of intellectual property, the NRC is a plum target for hackers. Not only would it be host to secret information about developments in military defence, but privy to all sorts of innovations that could lead to private sector advantages.
The Conservative-led government at the time blamed state-sponsored hackers from China at the time. But the Chinese embassy called those allegations “groundless” and said that China itself was a victim of thousands of cyberattacks every year.
Now Canada is trying to get a deal with China agreeing that neither country would direct cyber attacks to steal corporate data for economic benefit, similar to the ‘cyber truce’ that China signed with the U.S. last year.
But some experts question whether such a deal would be effective at reeling in hackers. Some divisions of state hackers may not pay heed to a truce, and such a deal wouldn’t dissuade rogue actors or individuals out for personal gain.