OTTAWA (Reuters) - Canada said it was aware hackers had breached security at a domestic manufacturer of software used by big energy companies, but declined to comment on a report that a Chinese group could be responsible.
Calgary-based Telvent Canada Ltd, which is owned by France’s Schneider Electric SA, warned customers about the attack, which hit operations in the United States, Canada and Spain, the cyber security news site KrebsOnSecurity.com reported on Wednesday.
“The Canadian Cyber Incident Response Centre is aware of this incident and is already working with stakeholders in government and the private sector,” public safety ministry spokesman Jean-Paul Duval said in an email late on Thursday.
KrebsOnSecurity.com cited experts who said digital fingerprints left during the attack pointed to Chinese hackers.
If a Chinese group were involved it could complicate matters for Canada’s Conservative government, which is deciding whether to approve a landmark $15.1 billion bid by China’s CNOOC Ltd to take over Canadian oil producer Nexen Inc.
Some legislators are wary of the proposed takeover, in part because of what they say are China’s unfair business practices.
Duval, citing operational reasons, declined to comment when asked whether Canada thought Chinese hackers were responsible.
Nexen is based in the oil-rich province of Alberta, the political stronghold of the governing Conservatives.
Candice Bergen, an aide to Public Safety Minister Vic Toews, did not directly address the incident when asked about it in Parliament on Friday. She said Ottawa had recently spent C$90 million ($92 million) on measures to combat electronic threats.
The opposition New Democratic Party said the Conservatives needed to pay more attention to security concerns when looking at foreign takeover bids.
“Cyber security is something we have to pay attention to and that ... includes how deals are set up and trade deals are set up and acquisitions are made,” said legislator Paul Dewar, the party’s foreign affairs spokesman.
Although Industry Minister Christian Paradis is responsible for deciding whether the CNOOC bid should be approved, independent Conservative legislator Peter Goldring says a parliamentary committee ought to examine it.
“One of the main priorities of this committee will be to determine whether a foreign state-owned enterprise is an acceptable bidder ... for taking over a Canadian corporation,” he said in a statement.
If a committee were set up it could delay the government’s timetable for a ruling on the CNOOC deal. Paradis is expected to announce that decision by Nov 12.
China is often cited as a suspect in various hacking attacks on companies in the United States and other nations. Beijing dismisses allegations it is involved.
An organization that regulates U.S. electric utilities is looking into the breach at Telvent Canada Ltd, which makes software that energy companies use to manage production and distribution of electricity. Telvent acknowledged a breach had taken place but gave few details.
The government’s Canadian Security Intelligence Service says hackers try to break into government networks every day.
“Another traditional economic espionage target we often come across is the oil and gas industry ... Canada remains an attractive target for economic espionage,” the spy agency said in its annual report released last week.
CSIS did not identify nations it said were responsible for the attacks. In 2010, the head of CSIS said ministers in two of Canada’s 10 provinces were under “the general influence of a foreign government” and made clear he was talking about China.
Reporting by David Ljunggren; Editing by Peter Galloway