Canada aware of two cyber attacks, second one on energy firm
Canada said on Friday it was aware of an attempt by hackers to target a domestic energy company, the second time in 24 hours Ottawa had acknowledged a cyber security attack against a Canadian firm.
In both cases the Canadian government declined to comment on reports which suggested a Chinese connection.
The news comes at an awkward time for Canada’s Conservative government, which is deciding whether to approve a landmark US$15.1 billion bid by China’s CNOOC Ltd to take over Canadian oil producer Nexen Inc.
Some Conservative legislators are wary of the proposed CNOOC takeover, in part because of what they say are China’s unfair business practices.
Ottawa revealed the second case after being asked about a security report from computer manufacturer Dell Inc, which said it had tracked hackers who targeted a number of firms around the world, including an unnamed energy company in Canada. Dell said on its website that the hackers had used a Chinese service provider based in Beijing.
“The Canadian Cyber Incident Response Centre is aware of this incident,” said Jean-Paul Duval, a spokesman for Canada’s public safety ministry. Dell did not name the firm and Duval declined to comment further.
Less than 24 hours earlier Duval said Canada knew hackers had breached security at a domestic manufacturer of software used by big energy companies.
Calgary-based Telvent Canada Ltd, which is owned by France’s Schneider Electric SA, warned customers about the attack, which hit operations in the United States, Canada and Spain, the cyber security news site KrebsOnSecurity.com reported on Wednesday. It cited experts who said digital fingerprints left during the attack pointed to Chinese hackers.
China is often cited as a suspect in various hacking attacks on companies in the United States and other nations. Beijing dismisses allegations it is involved.
The US Cyber Command’s top intelligence officer accused China on Thursday of persistent efforts to pierce Pentagon computer networks.
Candice Bergen, an aide to Canadian Public Safety Minister Vic Toews, did not directly address the Telvent incident when asked about it in Parliament.
The opposition New Democratic Party said the Conservatives needed to pay more attention to security concerns when looking at foreign takeover bids.
“Cyber security is something we have to pay attention to and that ... includes how deals are set up and trade deals are set up and acquisitions are made,” said legislator Paul Dewar, the party’s foreign affairs spokesman.
Although Industry Minister Christian Paradis is responsible for deciding whether the CNOOC bid should be approved, independent Conservative legislator Peter Goldring says a parliamentary committee ought to examine it.
“One of the main priorities of this committee will be to determine whether a foreign state-owned enterprise is an acceptable bidder ... for taking over a Canadian corporation,” he said in a statement.
If a committee were set up it could delay the government’s timetable for a ruling on the CNOOC deal. Paradis is expected to announce that decision by Nov 12.
An organisation that regulates US electric utilities is looking into the breach at Telvent Canada Ltd, which makes software that energy companies use to manage production and distribution of electricity. Telvent acknowledged a breach had taken place but gave few details.
The government’s Canadian Security Intelligence Service says hackers try to break into government networks every day.
“Another traditional economic espionage target we often come across is the oil and gas industry,” the spy agency said in its annual report released last week.
CSIS did not identify nations it said were responsible for the attacks. In 2010, the head of CSIS said ministers in two of Canada’s 10 provinces were under “the general influence of a foreign government” and made clear he was talking about China.