When I was working for one of Ontario’s large nuclear power facilities as the person responsible for the Information Systems’ security, I was approached by members of the Canadian Intelligence Service (CSIS) who were conducting an investigation into possible terrorist threats against that nuclear facility. During the course of the investigation, I took the opportunity to ask one of the CSIS agents what data I should be protecting the most. Initially I thought that it would have been engineering drawings of the plant or our physical security response plan to a terrorist threat. Both of these of course would be extremely valuable to someone planning an attack against the facility. He indicated to me that the most important data we had was the reactor simulation data. I

 was surprised at his answer. “That has nothing to do with terrorism,” I responded. “Besides”, I continued, “China has 13 nuclear power reactors with more than 25 under construction.” The agent’s response was enlightening, “They have more reactors, but we run them better. Any information they can get to help them is always of use."
 
In February of 2010 I was called in to investigate a security breach in a very large Canadian company. One of their servers was compromised and subsequently used to launch the attack against the company. What was interesting about this attack is that the firewall rule set had been changed just prior to the attack allowing one of their servers to be exposed and compromised.  Was the firewall rule change done remotely or was it done by someone on the inside?

Clearly the attack was from China, but I was never able to answer the question on how the firewall rule was changed which allowed the attack to be successful. It was clear that the attacker from China was not running a script. There was actually a person on the other end typing commands in, viewing the results and continuing their attack. They were sophisticated and knowledgeable. Now I cannot speak to the motive or person behind the attack, outside of its origin, but the words of the CSIS agent still ring in my ears. “China does lots of things, but we do them better”. Knowledge and information is valuable.

This brings us to the attacks on the Finance Department and the Treasury Board of Canada.  CBC termed the attack "unprecedented" in that hackers hijacked the "online identities" of top bureaucrats and then sent documents infected with a virus to employees throughout the departments. The hackers are believed to have accessed classified information.