Ottawa’s ‘secret network’ in question following alleged hack

OTTAWA — The integrity of a federal “secret network” launched last year at a cost of millions to taxpayers is in question following an alleged hack this week that resulted in highly sensitive information becoming public.

The network in question lives at the Treasury Board, a key financial and policy hub, and was first conceived after hackers crippled the department’s servers in 2011.

This week, however, the digital hacking collective known as Anonymous allegedly made good on its threat to release what it said was the first in a series of secret documents.

READ MORE: Opposition demands government do more to fight cyber attacks

Global News has not been able to confirm the authenticity of the document which appeared to come from Treasury Board and contained classified information about the country’s spy agency, CSIS.

Back in 2011, the hack into Treasury Board’s servers (which also compromised servers at Finance Canada) prompted a report from the federal auditor general critical of the government’s accounting for millions of dollars intended to fund cyber-security efforts.

The auditor general’s report helped highlight the fact the government was storing some sensitive information on precarious servers.

READ MORE: Cyberattack breached system holding personal data, privacy watchdog finds

After years spent developing and implementing the “secret network” at Treasury Board, the project has ballooned; it includes five times the number of employees originally intended and has run over budget, according to figures released this week to Global News.

The network, called TBS-2, was to cost $3.9 million and less than $185,000 annually thereafter to grant access to 200 users, according to a November 2013 memo to Treasury Board President Tony Clement previously released through access to information.

Treasury Board’s share of the initial costs increased from $1.18 million to $1.3 million, while ongoing maintenance ballooned to an estimated “up to $1 million per year,” according to an email received this week from a spokesman for the department.

The department also required last year $1.05 million to purchase hardware and software to help implement the system and expand it to new offices in Ottawa, according to a document obtained by Global News.

READ MORE: Public safety minister says Anonymous threats against RCMP taken seriously

Though the costs of implementing and maintaining the network would likely have little direct effect on its efficacy, the number of employees with access to it could, said one expert.

The plans shared with Clement in 2013 specified 200 or fewer employees would have access to the network, at least partly in an effort to keep costs down.

Since the network was introduced a year and a half ago, however, the project has expanded to include 1,000 Treasury Board employees, the department’s spokesman said. The department’s most recent estimates show it employs slightly more than 1,800 full-time equivalents.

READ MORE: Government reacts cautiously to possible classified document breach

It is possible, of course, to maintain the integrity of a network regardless of the number of people authorized for access, said Christopher Parsons, a fellow with the Citizen Lab at the Munk School of Global Affairs.

It’s just difficult, he said.

“The goal with these secured networks is to keep classified material in the classified space,” Parsons said in an interview. “If that firewall is maintained between classified and unclassified material, the number of people doesn’t immediately cause a problem.”

The potential for problems arises, however, when a weak link presents itself —and the more people brought in, the higher the chance a weak link will show up, Parsons explained, speaking broadly of classification and secure-network issues.

READ MORE: RCMP national website goes offline, Anonymous claims responsibility

“It’s just the fact of the matter that the more people you have on any of these networks, the higher the chance someone accidentally moves a document where they weren’t supposed to, or intentionally moves a document somewhere they weren’t supposed to, or, in a worst case scenario, there’s an insider threat,” he said.

Regardless of the network’s expansion and this week’s incident involving Anonymous, the department maintains the network is essential and effective.

“Treasury Board is committed to protecting classified information on its networks and modernizing its process,” the departmental spokesman wrote in an email. “The intention of the network is to handle classified information both internally and with key partners.”

READ MORE: Anonymous responds after Dawson Creek man fatally shot by police

Based on the bit of information available at this point on this week’s incident, which comes mostly from Anonymous, it’s difficult to say whether the document was made available through a leak or a hack, Parsons said before offering five hypotheses making their way around:

The first is that some individuals found a way to remove redactions on a previously released document. Secondly, it’s feasible someone within Treasury Board accidentally shared the file through a program, innocuously moving it from the classified to unclassified network. The third possibility is similar, only the move from a secure to un-secure environment was intentional.

Another option still is that an employee’s laptop or device was infected with malware.

“Or, it could be, legitimately, the individuals calling themselves Anonymous this time successfully penetrated some element of the Treasury Board’s network,” Parsons said.

“Some of the government’s Crown Jewels lie in the Treasury Board’s networks. Having unauthorized parties within them would be a serious breach of not just cyber security, but national security … If one party is doing it, there’s no reason to think another party, like a foreign government isn’t doing the same thing.”

With a file from The Canadian Press