OTTAWA–Federal government networks blocked an average of 474 million hacking attempts per day over a 12-month period, a “top secret” memo to Defence Minister Harjit Sajjan reveals.
The heavily-censored report, obtained by the Star under access to information law, stated federal cyber defences blocked an average of 474 million “malicious cyber activities” daily between July 2016 and July 2017.
According to the Communications Security Establishment, Canada’s electronic spy and cyber defence agency, those “activities” run the gamut. They include any attempt to exploit vulnerabilities in Canadian cyber defences to gain access to government networks, devices or information.
It’s not clear who’s behind those attacks, at least not from the censored version of the report released publicly, and single hackers or groups could be responsible for multiple malicious “activities.”
But the sheer number of attempts gives a sense of the scale of the task ahead of CSE, which has recently been given responsibility for Ottawa’s overall cyber-defence efforts.
“It’s not surprising to me. It’s in line with what I’ve heard both people from the government and people from public services talk about their systems being under constant threat,” said Stephanie MacLellan, a senior research associate on cybersecurity with the Centre for International Governance Innovation.
“It’s not necessarily successful attacks, it’s not necessarily attempts at bringing down the entire system, this is just continuous probing of the system to look for vulnerabilities. I think it’s pretty standard.”
Governments, in particular, tend to have a large target on their backs for hackers, MacLellan added.
According to CSE, the majority of “malicious cyber activities” observed over the 12-month period were simply “reconnaissance scans” to detect vulnerabilities in Canadian defences. On a given day, according to the agency, they could see as many as 1 billion — with a “b” — such scans.
But the numbers also included more serious cyber attacks.
The agency’s latest figures suggest an average of 25 million attempts to install “malicious software”, like viruses, are made each day, along with more than 90,000 attempts to access the Canadian government’s data holdings.
An internal government audit found that between 2013 and 2015, Ottawa detected an average of 2,500 state-sponsored “cyber activities” against government networks each year. In 2013, 6 per cent of those campaigns were successful. By 2015, only 2 per cent were successful — about one incident per week.
MacLellan said that leaves a range of actors — from hackers looking for kicks to criminals looking for government secrets — doing most of the probing.
The Star requested an interview with CSE about the figures on Tuesday, but nobody was available as of Wednesday afternoon.
“These activities are becoming more frequent and more sophisticated,” wrote CSE spokesperson Evan Koronewski in a written statement.
“If a vulnerability or threat is discovered, CSE works with its partners to defend government networks and mitigate potential damage.”
Alex Boutilier is an Ottawa-based reporter covering national politics. Follow him on Twitter: @alexboutilier