World NewsCanada

Pandemic Disruption Partly Responsible for Parliamentarians Not Being Informed of Chinese Cyberattack: CSIS Chief

Save
Pandemic Disruption Partly Responsible for Parliamentarians Not Being Informed of Chinese Cyberattack: CSIS Chief
CSIS Director David Vigneault appears as a witness at the Public Inquiry Into Foreign Interference in Federal Electoral Processes and Democratic Institutions in Ottawa on April 4, 2024. The Canadian Press/Sean Kilpatrick
Andrew Chen
Updated:
0:00

The COVID-19 pandemic’s disruption to government operations was part of the reason parliamentarians were not informed about being targets of a Chinese cyberattack in 2021, an intelligence chief said.

“It was the COVID period. There were a lot of restrictions in terms of the number of people in the office. This was before we came up with a vaccine. So our intelligence services were working out of hand throughout the pandemic. I think this is a factor that added to the confusion in terms of who should play what role,” said David Vigneault, director of the Canadian Security Intelligence Service (CSIS).

He was testifying before the House of Commons Procedure and House Affairs committee on June 11. The committee is studying a 2021 cyberattack incident in which 18 Canadian parliamentarians were targeted by APT31, a hacker group backed by the Chinese regime.
It was the FBI that disclosed the attack in a U.S. indictment released in March. The indictment said APT31 has been targeting U.S. elected and government officials, academics, and journalists; American companies; as well as political dissidents in the United States and other countries for some 14 years.
Among the victims were members of the Inter-Parliamentary Alliance on China (IPAC), an international cross-party group of legislators working toward reform on how democratic countries approach Beijing. The indictment laid charges against seven Chinese nationals involved with the hacker group.
On May 9, MPs voted unanimously to refer the matter to the House committee for study after Conservative MP Garnett Genuis, one of the 18 targeted and an IPAC co-chair, raised a question of privilege on April 29. IPAC involvement is an integral part of what those MPs do, informing their ongoing parliamentary work, and the cyberattacks interfered with this work, he said.
Related Stories
House of Commons Thwarted Another Cyber Threat Before Learning of 2021 Attack: Spy Agency Chief
6/7/2024
House of Commons Thwarted Another Cyber Threat Before Learning of 2021 Attack: Spy Agency Chief
House Committee Begins Study of Chinese Cyberattack Against Lawmakers
6/4/2024
House Committee Begins Study of Chinese Cyberattack Against Lawmakers
Mr. Genuis and the other affected MPs, including Liberals Judy Sgro and John McKay, expressed concerns that the government did not inform them of the cyberattack despite having received shared intelligence from the FBI in June 2022.

Addressing this concern, Mr. Vigneault told the committee that CSIS received intelligence on cyber threat activity from the Communications Security Establishment (CSE) back in January 2021, and that the two agencies subsequently briefed the House of Commons information technology staff.

“CSIS’s work with the House of Commons predates the FBI reporting that was shared with both CSIS and CSE on any information that was released to the public by the [United States] in 2024,” he said.

However, Mr. Vigneault acknowledged that ultimately “what was desired” wasn’t achieved, as parliamentarians weren’t informed.

“We took it for granted that once we worked with the House of Commons, the authorities in the House of Commons administration would discuss matters with MPs. It seems this approach was deficient for a number of reasons.”

Mr. Vigneault also said that CSIS had broadly disseminated intelligence to various government departments, agencies, and other organizations, detailing APT31’s email tracking attempts on IPAC members in Canada.

Conservative MP Michael Cooper, a vice-chair of the committee, said this effort was carried out on Nov. 19, 2021, when CSIS issued a classified analytical brief to 35 federal government clients on the topic of the Beijing-directed APT31.

‘We Will Learn From This’

Mr. Cooper was referring to a CSIS-produced chronology of events. He highlighted that on Aug. 25, 2023, CSIS issued a second classified intelligence assessment to what the agency described as “relevant Government of Canada clients.”
He raised concerns about the timing of the second report’s release, noting that it came after a ministerial direction dated May 16, 2023, requesting CSIS to “ensure that parliamentarians are informed of threats to the security of Canada directed at them.”

“Why were the parliamentarians not informed pursuant to the ministerial direction?” Mr. Cooper asked.

In response, Mr. Vigneault said the cyber ecosystem involves different actors with various responsibilities, leading to parallel efforts. CSIS is still adapting to the ministerial directive on informing parliamentarians, he said, adding that he believed at the time that the necessary information had been shared with the House of Commons to mitigate the threat.

“Clearly, for the people who were targeted by APT31, the outcome was not the one that people would have expected,” Mr. Vigneault said. “My undertaking to this committee is that, with my colleagues, we will learn from this and make sure ... that we are achieving different outcomes in the future.”

Andrew Chen
Andrew Chen
Author
Andrew Chen is a news reporter with the Canadian edition of The Epoch Times.