Canada responds to Shady RAT with tougher ICT measures

Neil Waghorn

On 4 August Canada responded to the cyber attacks unveiled by the internet security firm McAfee. Operation Shady RAT, as it was christened, involved a single state actor gaining access to more than 70 networks around the world.

4 of these infiltrated networks were in Canada. These were:
  • A Canadian Information Technology Company (Infiltrated for 4 months)
  • The World Anti-Doping Agency (Infiltrated for 14 months)
  • Canadian Government Agency #1 (Infiltrated for 6 months)
  • Canadian Government Agency #21 (Infiltrated for 1 month)

Faced with these penetrations, and the current economic climate, Public Works Minister Rona Ambrose and Treasury Board President Tony Clement, announced on Thursday, 5 August that the Canadian Government would consolidate and streamline its ICT and email systems to increase security and lower costs. The new Shared Services Canada department will be responsible for the new system.

Canadian departments currently use over ’100 different email systems, over 300 data centres, and over 3,000 network services’. The overhall will result in their being only one email system, and ‘reduce the overall number of data centres from 300 to less than 20.’ These changes will ‘improve services to Canadians, make IT more secure and reliable, and save taxpayers’ dollars.’