Industry Committee on May 20th, 2020

Evidence of meeting #16 for Industry, Science and Technology in the 43rd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was fraud.

A recording is available from Parliament.

On the agenda

Canadian Response to the COVID-19 Pandemic

MPs speaking

Sherry Romanado
Sébastien Lemire
Glen Motz
Brian Masse
Majid Jowhari
Emmanuella Lambropoulos
Tako Van Popta
Ali Ehsassi
Marie-Hélène Gaudreau
Earl Dreeshen
Tracy Gray
Nathaniel Erskine-Smith
Lloyd Longfield
Simon-Pierre Savard-Tremblay

Also speaking

Jean-François Fortin  Executive Director, Enforcement, Autorité des marchés financiers
Byron Holland  President and Chief Executive Officer, Canadian Internet Registration Authority
Scott Jones  Head, Canadian Centre for Cyber Security, Communications Security Establishment
Simon Marchand  Certified Fraud Examiner and Certified Administrator, Biometrics and Security, Nuance Communications
Commissioner Eric Slinn  Assistant Commissioner, Federal Policing Criminal Operations, Royal Canadian Mounted Police
Albert Chang  Corporate Counsel, Canadian Internet Registration Authority
Guy Paul Larocque  Acting Inspector, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police

3:40 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Scott Jones

Typically, when there is a report of some type of breach, our first action is to really look at how we can somehow do containment versus some type of attribution, meaning looking for the actor behind it. We always assume that it's the most sophisticated actor possible and that the actor is looking to take information or implement some type of advanced technique, but the fact is that almost every compromise we've seen or every incident we've seen reported is related to cybercrime right now.

We look first to contain, to help the victim make sure they're able to lock down their defences, improve their security, take action to prevent that adversary from spreading throughout their network, then work back from that and engage the right organizations, such as law enforcement, or our partners in the Canadian Security Intelligence Service if it is a foreign actor, and then, of course, CSE's own foreign intelligence mandate as well.

3:40 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

Right.

Attacks on our front-line health workers could be designed to steal information, to sell personal information or to facilitate fraud. Has CSE been called in to deal with any of these intrusions or attacks on our health care institutions and front-line health care workers since the pandemic began? If so, how many times?

3:40 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Scott Jones

There have been instances of cyber-incidents in health care-related fields, research and development organizations. We've intervened in a small number in terms of responding to the incident and giving advice and guidance.

The majority of our activity, though, has been focused on trying to provide information in advance, alerting to vulnerabilities, for example, that are growing or being announced, so that health care organizations can take proactive action. We really try to get information out about what an actor is doing to protect organizations in advance. We really are trying to be proactive in preventing any breach.

3:40 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

Good.

Has CSE been called in to deal with any attacks on our own government's research into COVID vaccines?

3:40 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Scott Jones

The Government of Canada defences are something that we have integrated into the ongoing operations. The way the government has been able to layer its defences over the last decade as we've built them out, it really is to proactively stop any malicious activity. There haven't been any breaches of the government, because our defences are layered in such a way that it is heavily protected.

3:40 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

To reiterate what you just said, we have had attacks but there has been no intrusion, which is good to hear.

What's their intent in these attacks? Is it to take intellectual property or is it to gain economic opportunity? What is your assessment of that?

3:40 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Scott Jones

Our assessment with regard to cybercriminals is that it really is about financial gain. They're looking to see what they can leverage. If you're looking at nation-states, we are seeing that everybody is trying to understand what's happening in the world. This is something that we've become alerted to, that there's a general increase in nation-state interest around these topics.

3:40 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

Okay.

3:45 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Scott Jones

Then, of course, we've seen that targeting Canadian industry intellectual property has been an ongoing activity.

3:45 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

You commented that obviously intrusions into research have occurred. Do you recall back in 2014 the cyber-threat that occurred inside the systems of the National Research Council? It resulted in a complete shutdown of their entire network and, in fact, it had to be entirely replaced right down to the wiring. This intrusion is said to have cost in excess of $100 million to remedy. Do you think the motive behind that was fraud as well or some other purpose?

3:45 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Scott Jones

We assessed that the National Research Council breach was very much focused on intellectual property theft.

3:45 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

You guys were involved in that investigation. Did you also help secure the new network?

3:45 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Scott Jones

We absolutely did both.

3:45 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

Okay, good.

The government of the day pointed the finger at Chinese-state-sponsored actors. Would that be correct in your assessment?

3:45 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Scott Jones

That was the statement given by the government at the time.

3:45 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

Okay, so now, moving forward, was your organization, Mr. Jones, as an adviser on cybersecurity and computer security, consulted on the new partnership agreement between the National Research Council, the Chinese-owned CanSino Biologics and the Chinese Academy of Military Medical Sciences for the development of the new COVID vaccine?

3:45 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Scott Jones

We are regularly working with the research partners across the government, including all of the health sector, to make sure that we're providing the most up-to-date cybersecurity advice so that defences continue to be right at the cutting edge.

3:45 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

Okay, so you were involved in that particular agreement.

3:45 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Scott Jones

We've been involved in working on all matters of cybersecurity with the research areas.

3:45 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

Thank you very much.

3:45 p.m.

Liberal

The Chair Liberal Sherry Romanado

Thank you very much.

Our next round of questions goes to MP Jowhari.

You have six minutes

3:45 p.m.

Liberal

Majid Jowhari Liberal Richmond Hill, ON

Thank you, Madam Chair.

Thank you to all of our witnesses for coming in and providing a lot of helpful information.

I'm going to start with CIRA.

Mr. Holland, you've indicated that roughly 2,000 .ca domains have been registered since the start of COVID-19. Can you share some statistics around the following: How many of them have been registered within Canada? Is it possible to register a domain from outside of Canada, and if so, how many have been registered? Also, with regard to these 2,000, you mentioned that most of them are legit. How many of them have you found to be not legit?

3:45 p.m.

President and Chief Executive Officer, Canadian Internet Registration Authority

Byron Holland

There's an important policy we have in place, which I think merits attention vis-à-vis your question, and that's our Canadian presence requirements. All .ca domain names must be registered by somebody or an organization with a legal tie to Canada, and so every single domain name is bound to Canadian legal jurisdiction and Canadian law.

In terms of the domain names that have been registered with COVID-related terms—and we use a fairly wide search when we do that to make sure we capture them—we've had, as I mentioned, just over 2,000.

I'm going to ask our corporate counsel, Albert Chang, who's also here, to comment regarding some of the specifics in terms of the reviews we've done that have turned up suspect domain names.

Albert.

May 20th, 2020 / 3:45 p.m.

Albert Chang Corporate Counsel, Canadian Internet Registration Authority

As Byron mentioned, we do a daily review of all the COVID-19-related domain name registrations, and the specific terms that we're looking at are “COVID”, “coronavirus” and “pandemic”. To date, since January, we have seen 2,000 of these COVID-19-related domain names. We do a review every day, and it's 2,041 as of yesterday.

Out of these 2,000 domain names, we've identified only 20 that do not have a Canadian address. Under an autoprocess called the registrant information validation process, we email those individuals, those domain name holders, and ask them to confirm their identity and to confirm that they meet CIRA's Canadian presence requirements. In circumstances—

3:45 p.m.

Liberal

Majid Jowhari Liberal Richmond Hill, ON

So roughly 21 out of the 2,000 did not pass your test?