OTTAWA – CSIS Director David Vigneault says he had “taken for granted” that the House of Commons would tell some MPs they were the target of a Chinese-backed hacker group in 2021.

Speaking to MPs on the Commons procedure committee Tuesday, the head of Canada’s spy agency said the organization needs to be better at warning parliamentarians when they are targeted by foreign states or hostile organizations.

During his testimony, Vigneault was contrite about MPs of all stripes who were members of the Inter-Parliamentary Alliance on China (IPAC) not being warned they were targeted by a China-backed cybercriminal group in 2021, but stopped short of apologizing.

Though they were targeted three years ago, 18 MPs of all political stripes that are part of IPAC were only told of the attempted intrusions by Advanced Persistent Threat 31 (APT31) group — Chinese state-sponsored cyber hackers — after the FBI unsealed an indictment in late March 2024.

“It became apparent subsequently that the politicians targeted had, for the most part, not been informed by their respective governments,” IPAC wrote on its website.

Vigneault said CSIS and its intelligence partners, including the Communications Security Establishment (CSE), caught wind of the attempted intrusions in 2021 and warned House of Commons security. He said he incorrectly assumed the message would be transferred to MPs.

“What we took for granted was that when we worked with the House of Commons, House of Commons leadership would talk to the MPs. That approach did not work for different reasons,” he said.

“We should all approach this issue with humility and ponder how we can do better in the future,” he added.

House of Commons spokesperson Mathieu Gravel said in a statement that MPs were not warned because the attempted cyberattack by APT31 was successfully thwarted and that “there were no cybersecurity impacts to any Members or their communications.”

That answer and those by Vigneault and CSE leadership to the committee last week evidently didn’t satisfy MPs Tuesday, who said they felt as though no one was taking responsibility for the fact parliamentarians were left in the dark about the threat for three years.

“What we’ve been hearing during this study is almost like a Shaggy song: It wasn’t me,” said Liberal MP Sherry Romanado.

“I’ve got the House of Commons saying, ‘no, it wasn’t us.’ I’ve got CSE saying, ‘no, it’s not us.’ We have CSIS saying, ‘it’s not us.’ But in the meantime, parliamentarians in both the Senate and the House of Commons are sitting here, targets.”

Bloc Québécois MP Marie-Hélène Gaudreau said it was “urgent” for the government to figure out how it would better communicate threats to parliamentarians and urged CSIS to communicate threats to MPs directly in the future.

Vigneault told the committee that targeted MPs should have been warned back in 2021 and committed to ensure that didn’t happen again.

“I’m not sure that I would say that the role of CSIS would have been to organization such a briefing, but I think that what is clear is that the outcome for parliamentarians was not what anyone wanted,” Vigneault said of the fact MPs were not informed of the thwarted APT31 attacks.

“My commitment to this committee is to learn from this,” he added. “Working with parliamentarians through the House of Commons is something we all need to get better at.”

He also noted that Prime Minister Justin Trudeau issued a directive last year to CSIS requiring that parliamentarians be informed of threats by foreign entities going forward.

National Post

[email protected]

Get more deep-dive National Post political coverage and analysis in your inbox with the Political Hack newsletter, where Ottawa bureau chief Stuart Thomson and political analyst Tasha Kheiriddin get at what’s really going on behind the scenes on Parliament Hill every Wednesday and Friday, exclusively for subscribers. Sign up here.

Our website is the place for the latest breaking news, exclusive scoops, longreads and provocative commentary. Please bookmark and sign up for our daily newsletter, Posted, here.