Question Period Note: PROC Appearance on Cyber Incident Targeting Members of Parliament (MPs)

The National Post has published an article about Director Vigneault’s Standing Committee on Procedure and House Affairs (PROC) appearance on 2024-06-11, where he expressed that he had “taken for granted” that the House of Commons would inform MPs they had been targeted by APT31.

• Democratic institutions and processes are vulnerable and valuable targets for hostile activities by state actors. Cyber operations in particular provide foreign actors with a powerful tool to target Canadians, including elected officials.

• Cyber security requires a collaborative effort: The Communications Security Establishment, Canadian Centre for Cyber Security, Canadian Security Intelligence Service (CSIS), Public Safety, Royal Canadian Mounted Police (RCMP) and others work together to respond to cyber incidents and protect Canadians.

• When government departments became aware of the 2021 incident, they followed the appropriate protocols to protect parliamentarians, in cooperation with the House of Commons IT Security Staff.

• While the investigation found no instances of compromise on the system, nor any follow-on activity, I think we can all agree that there is room for improvement to ensure that MPs are notified in these cases.

• This Government is always seeking to deliver the best possible outcomes to Canadians. Policies have since evolved, for example through the 2023 Ministerial Direction on Threats to Parliamentarians, which emphasizes the need to inform parliamentarians of threats directed at them.

• Canadians can rest assured that if our security agencies became aware of credible cyber threats targeting Members of Parliament today, they would ensure that the targeted individuals were informed of the threats in question.

The National Post has published an article on Director Vigneault’s June 11, 2024 appearance at PROC’s study of APT31’s 2021 cyber-targeting of Canadian members of the International Parliamentary Alliance on China (IPAC). MPs expressed concerns that they were not notified by the Government of Canada, but learned that they were targeted by APT31 through an Federal Bureau of Investigation (FBI) indictment unsealed in March 2024. The CSIS Director informed PROC members that he expected the House of Commons leadership to brief affected MPs after being notified in 2021.

None