The Communications Security Establishment (CSE) of Canada has warned that Beijing-linked hackers are likely infiltrating critical infrastructure networks in the U.S. in order to prepare for a potential conflict with America. The hackers are believed to be integrating cyber operations into military planning to gain an advantage in the event of a crisis or conflict. The concept of “pre-positioning” refers to gaining access to networks to exploit them if necessary. Because of Canada’s connection to U.S. critical infrastructure networks, such as transportation, energy, and telecommunications, these compromises pose a threat to Canada as well. The alleged goal of the hacking operation is to slow the U.S. military response and create societal panic in the event of a conflict.
The report by CSE highlights that a Beijing-linked hacking group known as “Volt Typhoon” is likely already attempting to breach U.S. networks as part of their preparations for a potential conflict with the U.S. This group is particularly significant because China has not historically engaged in disruptive or destructive cyber operations against critical infrastructure. Over the past four years, 20 networks associated with Canadian government departments and agencies have been compromised by PRC-linked hacking groups. The Chinese government is identified as the most comprehensive threat to Canadian networks, with an expansive and aggressive cyber program that includes surveillance, espionage, and attack capabilities.
The Chinese state-sponsored cyber threat actors have been conducting cyber espionage against various levels of government networks in Canada, collecting valuable information and compromising multiple government networks over the past five years. While all known federal government compromises have been addressed, it is believed that the actors responsible for these intrusions have dedicated significant resources to learn about the target networks. Despite China being the primary threat actor, the CSE report also mentions the potential for cyber threat activity from the Indian government. Relations between Canada and India have been strained following the assassination of Sikh independence activist Hardeep Singh Nijjar, with Canadian officials suggesting possible involvement of Indian government officials.
According to the CSE report, the Indian government’s current cyber capabilities are limited, with aspirations to build a modernized cyber program in the future. While it is assessed that Indian state-sponsored cyber threat actors likely engage in cyber espionage against Government of Canada networks, the agency does not believe that India currently has a modern cyber program. The official bilateral relations between Canada and India are expected to drive Indian cyber threat activity against Canada, although the extent of this activity remains to be seen. Overall, both China and India pose potential cyber threats to Canadian infrastructure and networks, requiring continued vigilance and cybersecurity measures to protect against malicious attacks.
In conclusion, the CSE’s annual cyber threat report emphasizes the growing concern over the infiltration of critical infrastructure networks by Beijing-linked hackers and the potential impact of such compromises on Canada. The aggression and expansive cyber programs of China pose a significant threat to Canadian networks, with state-sponsored cyber threat actors persistently conducting cyber espionage against various levels of government networks. While the report also highlights the potential for cyber threat activity from the Indian government, the current limitations on their cyber capabilities suggest a lesser immediate threat. However, ongoing developments in the cyber domain underscore the importance of strong cybersecurity measures and collaboration among nations to defend against malicious cyber attacks.
