Friday May 10 2024 | VICTORIA, BC [Last updated 8:50 pm]
by Mary P Brooke | Island Social Trends
[See previous post on May 8, 2024]
Today Public Safety Minister Mike Farnworth will address media at 1:45 pm today May 10 about the recent cybersecurity incident that the BC Government has experienced.
This will be in followup to a May 8 release that some BC government networks had been exposed to “sophisticated cybersecurity incidents”.
The BC Government was criticized yesterday for releasing that news at 5:50 pm during a busy Canucks game celebratory Wednesday evening (though Island Social Trends reported it right away – including the Premier’s May 8 Statement on the cybersecurity incidents).
Pretty much all your personal data is held by the BC Government in some form or another, including medical and taxation-related.
Last week all government staff were advised to immediately change their passwords. Employees are expected to regularly change their passwords, and have in the past been asked to change passwords on short notice.
Technical briefing:
The head of the BC Public Service, Shannon Salter, gave a technical briefing to media at 12 noon today. She provided a timeline of a series of cybersecurity incidents that occurred on April 8 (system flag started to be investigated on April 10 to confirm and validate the incident, which was confirmed on April 11 and was reported to the Canadian Centre for Cyber Security and as well the Microsoft Detection and Response Team aka DART was engaged for their expertise). On April 16 Salter was briefed on this issue, and in turn she briefed the Premier on April 17.
On April 29 ‘additional broader activities’ were detected as having been attempted by the same threat actor, said Salter. On April 29 all public service were asked to change their passwords and enhance their password strength, she said. Changing passwords is a visible measure taken but it’s just one of a number of measures that have been implemented. On a rolling basis, recommendations have been implemented, said Salter.
Again on May 6 another incident was identified by the same ‘state actor’ or ‘state sponsored actor’. Which country or what part of the world was attempting to create the attack was not revealed today.
On May 8, the Premier and Salter had a classified briefing by the head of the Cyber Centre. Cabinet was first briefed on May 8. At that point it was considered that ‘sufficient protections’ had been put in place, so that the public could be safely notified.
Three incidents has added to the complexity of the investigation, said Salter today. All systems have been kept up and running during the ongoing investigation. There has been no interruption to user-experience.
Painstaking work to analyze over 40 Terrabytes of data has been undertaken, said Salter. Continued investigation will take some time it was stated today in the technical briefing for media.
State of the art defences are maintained in the BC Government IT system. Today’s briefing revealed that that BC Government successfully deflects 1.4 billion unauthorized access requests per day.
There is no evidence that sensitive information has been compromised, said Salter. Government systems and programs have been kept up and running, said Salter.
Salter said she could not specify a motivation for the attacks and she was not able to comment on what state might be involved.
The Cyber Centre’s initial recommendation was to “not* make the incident public, so as not to tip off the state actor that was causing the problem, Salter explained. The investigation is continuing and ongoing, said Salter today.
Work from home arrangements are considered secure through a data storing network, it was stated today. Credentials and email addresses on phones and laptops have been constantly evolving.
Best practices are evolving over time, said Salter.
In Budget 2022 the BC Government invested $58.8 million over three years for improving the government’s ability to prevent, detect and respond to cyberattacks, to ensure the protection of government-held data. That includes advanced monitoring and cyber-threat intelligence tools.
Farnworth’s comments at 1:45 pm:
Public Safety Minister Farnworth commended BC government staff acting to “ensure there has not been an interruption to government operations or services to British Columbians”, as stated in his media event today from Vancouver.
Cybersecurity incidents “are unfortunately a constant reality in the modern world”, said Farnworth.
In the Ministry of Citizens Service’s there are 76 staff whose sole role is to protect the running and management of government services, said Farnworth. As well, each ministry has a tech security team, he said.
The cost to run that department to enable digital security across government is about $25 million per year, it was stated today.
It was not a ransomware attack but was a “very sophisticated” effort by the bad actors, as evidenced by “the way they tried to cover up their tracks”.
Support was received from Microsoft and the Canadian Cybersecurity Agency, said Farnworth today.
The initial sense that “something is going on here” was detected internally by BC Government technicians.
A full review of the incidents and “lessons learned’ will be released to the public, said Farnworth today.
===== RELATED:
Cybersecurity incidents impact BC Government (May 8, 2024)