Parliamentary Committee Notes: Cyber Security During COVID-19 Pandemic

Date: February 3, 2023
Classification: Unclassified
Fully releasable (ATIP)? Yes (except name)
Branch / Agency: NCSB/NCSD

Proposed Response:

Background:

The COVID-19 pandemic has required an increasing shift to online platforms across both the public and private sectors. Indeed, the pandemic has underscored the importance of accessible and reliable Internet connections. It made it necessary to move previously physical interactions online and required the quick adoption of technologies related to telework and education, contact tracing, and online retail and banking. The widespread adoption of contactless technologies for Canadians’ day-to-day activities has increased their exposure to cyber threat activity, such as data theft, fraud and extortion. The increasing online presence of Canadians during this pandemic has provided new vectors for malicious actors to exploit, especially as there has been a rush to deploy online solutions. 

While the aggregate amount of cyber malicious activity remained relatively stable since the outbreak of COVID-19, states and cyber criminals have been using the pandemic as a means of furthering malicious activity, such as ransomware, theft and espionage. For example, malicious cyber actors launched a variety of scams that exploited the topic of the pandemic from just about every angle, from advertisements to masks, when they were in short supply, to special refunds from the government. Scammers often imitated leading authority figures on the pandemic, like the CDC and the World Health Organization, to give their emails additional authority — and increase the chances that users would click a malicious link.

Additionally, as more Canadians have come to rely on the internet as their source of information, misinformation, disinformation and malinformation (MDM) pollute the online information space by spreading false and potentially harmful information. This has made it difficult for Canadians to separate truth from falsehoods. Of the Canadians who sought information about COVID-19 online, 96% reported being exposed to content they suspected was misleading, false or inaccurate.

The Government of Canada responded quickly to these threats during the pandemic. As early as March 20, 2020, the Canadian Centre for Cyber Security (CCCS) issued a proactive alert assessing that there is an elevated risk to the cyber security of Canadian health organizations, especially those engaged in responding to the COVID-19 pandemic. CCCS continued to meet regularly and share threat information derived from its foreign intelligence and cyber defence mandate with Canadian health care and research sectors as necessary throughout the pandemic.  To combat the increase in scams/phishing referencing COVID-19 benefits, CCCS has worked with other federal departments, including the RCMP and CRTC, to detect, deter, and disrupt, cyber incidents. The Canadian Anti-Fraud Centre also tracked incidences of cybercrimes linked to fraudulent COVID‐19 themed activities. The RCMP is investigating those responsible and enforcement/disruption action has been taken.

Moreover, in response to this elevated risk, Canada has heightened cyber security surveillance and sharing of cyber incident information. Canada actively participated in developing cyber security responses to the COVID-19 themed cyber threats with its international partners, and in particular with Five Eyes allies. Canada has also worked at securing scientific research, in particular in academia. With many Canadian universities (a) moving to online classes, (b) dependent on foreign students (who, in some cases, will be accessing classes online from their home countries), and (c) working with foreign researchers engaged in joint research from their home countries with Canadian scientists and institutions, cyber security has become an increasingly complex and critically important aspect of academic integrity.

Internationally, Canada has issued a statements in solidarity with our allies on malicious cyber activity, including to the health sector. These statements promote the framework for responsible State behaviour in cyberspace and upholding of the Rules-Based International Order. 

Contacts:

Responsible manager: NCSB/NCSD (name and number not releasable)
Approved by: Sébastien Aubertin-Giguère, Acting Senior Assistant Deputy Minister, 613-614-4715

Date modified: