The Communications Security Establishment (CSE) sides with its allies and identifies China as being responsible for compromising the country’s cyber-security.
A December 20th, 2018 notice on CSE’s website says it is “almost certain that actors likely associated with the People’s Republic of China Ministry of State Security are responsible for the compromise of several Managed Service Providers (MSPs), beginning as early as 2016.”
The security organization noted that MSPs have access to client networks in order to do any IT related job.
“The compromise of one MSP can affect multiple clients globally and provides a threat actor with access to multiple client systems and large amounts of sensitive data, leading to loss of proprietary information, disruption to business operations, financial loss, and potential harm to the affected organization’s reputation,” CSE said.
After the threat was detected, CSE said it and the Canadian Cyber Incident Response Centre (CCIRC), which is now part of the CSE, notified MSPs in Canada.
“With this in mind, the Cyber Centre works as a single unified source of expert advice, guidance, and services and support on cyber security, and works closely with its partners in government, critical infrastructure, the private sector, and all Canadians to help defend Canadian networks against cyber threats like this one,” CSE said.
It did not identify any of these “actors” but it is important to note that Huawei, the Shenzhen-based telecommunications giant, has been in constant interaction with the CSE. Huawei has been under scrutiny the past month after its global chief financial officer Meng Wanzhou was arrested on fraud allegations for breaking U.S. trade sanctions against Iran.
She was arrested in Vancouver on December 1st, 2018 and was granted bail, but currently faces a decision for an extradition request to the U.S.
Three members (Australia, New Zealand, U.S.) of the Five Eyes-intelligence sharing alliance have banned Huawei equipment from testing in its 5G networks for fear of cybersecurity threats. The members include Australia, New Zealand, U.S., U.K. and Canada.
The CSE announced in September this year that it conducts security testing of all Huawei equipment in Canada.
Huawei Canada has been in the country since 2008 and as a requirement of being in the country is not allowed to bid on any government telecom offerings.