Ottawa will spend as much as $100-million to safeguard Canadian government computers after a Chinese state-backed hacker broke into the National Research Council's system last summer – and the 2015 budget is expected to help underwrite the bill for upgrading network security.
Senior government officials say they were aware of the hacking effort some time before they acted to shut it down and instead lurked in the background gathering information on the cyberintruders.
A senior official, speaking on condition of anonymity, said the cost could even exceed $100-million, would be spread over more than one year and is not finalized because the work is continuing and the effort required to upgrade the security system has gone beyond merely patching the immediate hole.
There's a request from inside government for extra money in the 2015 federal budget to fund long-term cyberprotection measures.
This request is a sign of how seriously the increased threat of Chinese state hacking is being taken inside Ottawa.
In late July, Canada shut down computers at the National Research Council, the country's premier scientific research agency, to thwart the theft of data by what the government identified at the time as "a highly sophisticated Chinese state-sponsored actor."
It was not the first penetration of Canadian government computers by hackers from the People's Republic of China. Past targets are believed to include Parliament Hill, the Finance Department and Treasury Board, the agency that tracks spending and priorities.
Cyberwarfare and computer-based espionage are growing threats to governments, including Canada and the United States, as well as private companies. The Federal Bureau of Investigation blamed North Korea last month for breaking into Sony's computer systems in retribution for a film mocking the Asian country's dictatorship. On Tuesday, U.S. President Barack Obama unveiled new measures to boost cybersecurity.
The Canadian government has already devoted more than $240-million over the past five years to guard against intrusions.
Sources say there's more to the National Research Council hacking episode.
In fact, they say, Canadian officials were aware of the intrusion well before they acted to shut down the science agency's computer network last July and sever National Research Council connections to other government computers.
After detecting the hackers, Canadian information security officials decided to monitor them rather than immediately bar entry, according to two government sources.
For some time – one source will only say it was "more than a couple of days" – the Canadian government watched the Chinese-backed hackers probe the network.
"We were trying to gauge how they were going about doing what they were doing," a government source said. "We wanted to see what they were up to."
Sources said Ottawa was able to bide its time because the hackers were probing, rather than stealing data, and because "the stuff they were looking at was judged to be of minor consequence."
The intruders managed to break into the National Research Council computers because its firewall, or security system, was not as strong as the ones that protect other government computers, including those in the Shared Services Canada network, a government source said. The science agency's security seemed to be the "weak link in the fence."
Officials determined the hackers were trying to use the National Research Council computers as a conduit to reach the rest of the federal government. "They were trying to use that as an entry point into other systems," a source said.
"It was the most sophisticated thing we've seen," the source said. "The concern was this [is] just a prelude to getting more sensitive information."
By the time the government eventually shut down National Research Council computers and disconnected them from other public service networks, security officials were confident they had identified the origin of the cyberespionage.
The Harper government publicly fingered China for the hacking attack in July. In previous cyberespionage incidents, government officials had only privately blamed the Chinese.
In a year-end interview last month, Prime Minister Stephen Harper said the threat of cyberattacks from Beijing persists when asked whether Canadians should assume the Chinese government is still trying to break into Ottawa's computers.
"Security experts will tell you these issues are very real and that's why we take those into account in some of the decisions we take," Mr. Harper told The Globe and Mail.
The affected computer network is being rebuilt and broader safeguards enacted in stages, a government source said.
"You basically have to rebuild a computer system from scratch," the government official said, adding protecting networks is a constant game of catchup.
"They get more sophisticated and then we get more sophisticated and then they get even more sophisticated."