CSIS warns of threats to vaccine distribution chain


The country’s spy agency is warning companies in the vaccine supply chain that malicious foreign actors could threaten the largest inoculation program in Canadian history – by targeting their workers, among other tactics.
Just before hundreds of thousands of doses of vaccine arrived in Canada, the Canadian Security Intelligence Service (CSIS) recently offered a briefing to industry players on the emerging threat.

One of the people who attended this briefing was Pina Melchionna, President of the Canadian Institute of Traffic and Transportation. The non-profit association helps Canadian businesses manage delivery logistics.

Melchionna said some of its corporate members are involved in the vaccine rollout, including Air Canada Cargo and Shoppers Drug Mart.

“We have been told that Canada’s supply chain in particular has been of interest to many foreign players, and possibly bad players in that regard,” she told CBC News.

“I think… what I took away from this session was clearly that it’s not like television, where spies come looking for our data. They target people who already work in companies that have vulnerabilities or who may be negligent because of the tight timelines we have to bring the vaccine to market. ”

WATCH | Who could target vaccine deployment in Canada?

Former CSIS director Ward Elcock said governments are likely monitoring threats from organized crime and state actors when preparing vaccine security plans. 0:59

Many foreign intelligence agencies are known to manipulate individuals abroad – often through threats, harassment, or detention of family members. It’s an old-fashioned spy tactic described in a landmark intelligence report earlier this year.

But the threat is more alarming now, as Canadian government officials and distributors prepare to vaccinate millions of people against COVID-19 by the end of next year.

A CSIS spokesperson said the agency has reached out to supply chain associations and industry to tell them what to watch out for as they prepare for threats to the vaccine rollout. .

“CSIS observes persistent and sophisticated state-sponsored threat activity, including damage to individual Canadian companies, as well as the growing toll on Canada’s vital assets and the knowledge-based economy,” the door said. – agency speech, John Townsend.

“Therefore, CSIS works closely with government partners to ensure that as many Canadian businesses and different levels of government as possible are aware of the threat environment and have the necessary resources. information they need to implement preventive security measures.

When asked which foreign actors might target vaccine deployment in Canada, Townsend referred to a briefing CSIS gave in July to the Canadian Chamber of Commerce, which flagged China and Russia as actively involved countries. in commercial espionage.

Earlier this summer, intelligence agencies warned that a Russian-backed hacker group “almost certainly” was trying to steal research for COVID-19-related vaccines in Canada, the UK and the US and the United States recently confirmed that the Moscow-backed hackers hit several federal departments during a multi-month operation.

An attempt to “undermine trust”?

Jessica Davis is a former senior intelligence analyst at CSIS who now heads the private consulting firm Insight Threat Intelligence. She said state-sponsored actors have a long list of motivations for interfering with the vaccine deployment strategy in Canada.

“Perhaps to gain access to the vaccine again, or also to prevent adversaries from accessing the vaccine or to a fully vaccinated population. There are economic and security advantages to being the first or one of the first countries to achieve this status, ”she told me.

“If they can get into the supply chain, it shows [their] ability to enter it, probably at various points. So that undermines confidence in that distribution system… that could be one of the main goals there.

“Access to a vaccine or a distribution site is not necessarily the end goal, but undermining that process could be the end goal of a state actor. ”

Other antagonists, such as terrorist organizations, could seek to disrupt the deployment itself, Davis said.

“Or it could also be people who are actually opposed to vaccines in themselves and who seek to take action against this distribution,” she said. “So there is a wide variety of players here. And with CSIS and potentially other law enforcement agencies briefing members of the supply chain, it really tells me that the number of players could be really large and the threats are very real. ”

Former CSIS director Ward Elcock said organized crime would also be interested in getting their hands on vaccines as shipments spread across the country.

“It’s as precious as gold right now,” he told CBC. Power and politics last week. “If you’re a criminal organization, you can make money with anything. People make money from cigarettes. They make money with drugs. It is no different from any other product. ”

The first doses of the Pfizer-BioNTech COVID-19 vaccine were unloaded in Ontario on Sunday, triggering a complex deployment plan. (Office of Premier Doug Ford)

Melchionna said CSIS has also warned companies about the need to protect their data. For example, a small business with more flexible security protocols could put others at risk if a breach occurs.

“A chain is only as strong as its weakest link and I think this is absolutely true for the supply chain,” she said.

“The project’s vaccine rollout is so large and involves so many organizations working under tight deadlines that I think the bad actors are hoping to capitalize on the lack of rigor in the supply chain. And [the] the supply chain is very rich in data. ”

CSE monitors foreign threats

A spokesperson for the Telecommunications Security Establishment, the country’s foreign signals intelligence agency, said the intelligence agency also provides cybersecurity advice, through regular calls with the telecommunications industry. health care to share information about threats.

“CST and its Canadian Center for Cyber ​​Security continue to work with our national and international partners to support the Government of Canada’s response to the COVID-19 pandemic, including vaccine research and distribution,” said Evan Koronewski .

“It is always important to note that we continue to monitor cyber threats as part of our foreign intelligence mandate. We are working with our Canadian security and intelligence partners, including the Department of National Defense and the Canadian Armed Forces, to address cyber threats to Canada. ”

Maj.-Gen. Dany Fortin, the military commander responsible for immunization logistics at the Public Health Agency of Canada, said the agency is aware of threats to its mass distribution plan.

Britain, the United States and Canada accused Russia in July of trying to steal information from researchers looking for a COVID-19 vaccine. (Ted Warren / Associated Press)

“So we pay attention to the wide range of threats. Agencies, police services pay for threats that fall … in their corridors, and [are] while ensuring that the appropriate levels in the provinces and territories are made aware of what it is. And they will continue to do so in the future, ”he said at a briefing in Ottawa last week.

“But I think the underlying issue you’re raising here is that we have to make sure that certain information is not disclosed, for obvious reasons. So, regarding the exact routing [of vaccine shipments], we prefer not to disclose the route, exact location or transfer points in the cold chain to protect the integrity of the… supply chain. ”

Identifying anomalies more difficult in 2020

While the threat is serious, industry players say they take it seriously and Canadians shouldn’t be concerned.

“Every key player, from manufacturing to distribution, is keenly aware of the security risks inherent in this operation and therefore continually assesses and actively prepares for the full range of potential threats, including [threats] infrastructure, personnel and cybersecurity, among others, ”said Simona Zara, spokesperson for Supply Chain Canada, a group that represents the supply chain sector in this country.

“Such a complex operation requires collaboration and clear communication between government, the private sector and stakeholders. ”

Drone Delivery Canada, which is in talks with the federal government about delivering vaccines to remote communities, said it immediately knew if a drone was tampered with or went missing.

“Our drones are regulated by the federal government. They have a tail number. So if you plan to interfere with any of our drones, it’s [not even] transporting… vaccines, even just PPE or just ordinary goods, would be a federal offense, ”said President Michael Zahra.

“I think that’s highly unlikely, given the security we have at the point of origin and at the point of destination. We are constantly tracking our drones exactly where they are. So we know what the situation is with a drone. If anything were to happen – which is, again, highly unlikely – we know exactly where everything is in real time. ”


Please enter your comment!
Please enter your name here