British Columbia’s public safety minister says he is confident that a cyberattack targeting government networks was led by a “state or state-sponsored actor.”
In the update delivered Friday, Mike Farnworth said he did not know and could not comment on what country may have been involved.
The “sophisticated” nature of the attack and methods used by the intruders to try and cover their tracks led government and private sector experts to conclude the attackers were state-backed, Farnworth said.
Earlier Friday, the head of B.C.’s Public Service, Shannon Salter, said the initial intrusion was detected on April 10 and confirmed the following day.
B.C. Premier David Eby was briefed about the incident on April 17, while the public service was directed to strengthen their passwords on April 19. Cabinet was not briefed until Wednesday of this week, the same day the cyberattack was publicly revealed.
Farnworth said the information was held back on the advice of cybersecurity experts for security reasons, as they worked to understand and secure against the attack.
"If you give that information out, or say there has been an intrusion or attack before that work is done, what you end up doing is leaving the system open for even greater compromising and even greater intrusion,” Farnworth said.
“So, the first priority is to make sure the system is secure … and then and only then are you able to provide information to the public. We follow the advice of the experts.”
Farnworth said the province was working with the Canadian Centre for Cybersecurity and Microsoft’s Detection and Response Team. Police are also involved and Farnworth said he has been in regular contact with the federal government over the incident.
The intrusion was not a ransomware attack, Farnworth said. He did not specify what the intruders may have been looking for, other than to suggest that governments are always a target.
The minister added that the province is confident in its information security, pointing to a staff of 76 people in the Ministry of Citizens Services tasked with cybersecurity. He added the province is also confident measures are in place to ensure remote work by government employees is secure.
“The reality is this is the world we live in, and it is constantly evolving and government places a high priority on making sure we are also evolving and keeping up with the changes that we are seeing,” he said.
On Thursday, BC United Official Opposition Leader Kevin Falcon said the government owes it to the public to provide more detail.
He pointed to the recent London Drugs cybersecurity incident, noting the company provided near-daily updates on the situation.
“We know that for at least eight days they have known this was an issue,” Falcon said.
“And last night, they quietly released a statement in the midst of a Canucks playoff hockey game, which is part of their pattern of always being secretive about things and not transparent.”
Farnworth said once an investigation is complete into the incident, the province will undertake a “full review” of the incident and provide more information to the public.
I’ll be interested to find out when the intrusion happened and what the target was. So far all we know is when the intrusion was discovered and when it was announced to whom.