Federal cabinet ministers now have their own special hotline to report suspected hacking incidents.
Officials at the Canadian Centre for Cyber Security set up the round-the-clock telephone service last year to respond swiftly to possible security breaches, newly released documents show.
The hotline, one of several protective measures for ministers, is an indication of how seriously the government takes the prospect of a cyberattack on cabinet members.
The phone service is a “front-line response to address compromise and limit damage,” says a confidential information circular for ministers.
The hotline is operated by the Ottawa-based Centre for Cyber Security, a division of the Communications Security Establishment, the federal government’s electronic spy service.
The centre has access to a cabinet member’s deputy minister and departmental security officer, the House of Commons and online service providers, the circular adds, and can lock down or help regain control of accounts.
The Canadian Press used the Access to Information Act to obtain a copy of the circular, portions of which were withheld due to the sensitivity of the subject.
It was part of a briefing package on ministerial security prepared last August for Privy Council clerk Ian Shugart by Greta Bossenmaier, Prime Minister Justin Trudeau’s national security and intelligence adviser at the time.
Since publication of the CSE’s 2017 report on threats to Canada’s democratic process, political parties, candidates and their staff have continued to be targeted worldwide by cyberthreats, the agency said in a statement to The Canadian Press.
In advance of the October federal election, the CSE and its Centre for Cyber Security decided to offer cabinet ministers the 24/7 hotline service, and it “is still operational today,” the cyberspy agency said.
The centre provided online security guidance to ministers at a briefing last March and all cabinet members subsequently registered for the hotline service, Shugart was advised in August.
Ministers are supposed to call the hotline immediately if they suspect a compromise of their ministerial, parliamentary or personal email, or their social-media accounts, the information circular says.
Operators “who have an awareness of your online footprint” are ready to help deal with any breach and contain the fallout.
The CSE and the centre provided a similar service for political parties, but only during the election campaign.
“Due to operational security reasons, we are unable provide a specific breakdown of the incidents reported through the hotline, but we can confirm that the service was used effectively by ministers, as well as political parties throughout the 2019 general election,” the CSE said.
“As per Cyber Centre standard policy, we do not comment on specific meetings with individual political parties, candidates and their staff, nor do we comment on any specific incident.”
For both the pre-election cabinet and the current one, the Privy Council Office co-ordinated a briefing for ministers’ chiefs of staff on cybersecurity and other protective services, attended by representatives from the CSE and RCMP.
In addition, following the October election, all ministers received “tailored, individual briefings” in which the security programs were discussed, the PCO said.
Jim Bronskill , The Canadian Press