WASHINGTON — U.S. government officials spent the weekend briefing impacted allies and partners, including Canada, following reports detailing a leak of sensitive U.S. intelligence about Russia's war with Ukraine and its potential ramifications.
The trove of documents reportedly included an assessment of claims that Russian-backed hackers managed back in February to access the systems controlling part of Canada's natural gas infrastructure.
The Canadian Press has not independently verified those claims. Some of the material — discovered Friday after it had been posted to online forums and social media channels — appeared to have been altered.
"We're still working through the validity of all the documents that we know are out there," said National Security Council spokesman John Kirby.
"U.S. officials have … communicated with relevant nations, relevant allies and partners as appropriate, at very high levels."
Federal officials in Ottawa acknowledged Monday that Canada was involved in those briefings. A statement from the Communications Security Establishment, the country's cyberspy agency, refused to comment on specifics.
"We do not comment on specific cybersecurity incidents, nor do we confirm businesses or critical infrastructure partners that we work with," said spokesman Ryan Foreman.
"We further do not comment, whether to confirm or deny, on allegedly leaked intelligence."
The bulk of the material appears focused on assessments of the war in Ukraine — in particular, U.S. training efforts, the timing of equipment deliveries, losses on each side and American evaluations of broader support for the effort.
One of the documents is a graphic that illustrates troop losses on both sides, with an estimate of Russian deaths that is significantly lower than what Pentagon officials have stated publicly. Kirby called the document "doctored."
The trove of intel also goes into what specific efforts Russia may be engaged in to undermine those broader global alliances, which appears to be where Canada enters the picture.
A New York Times report Monday characterized the hacking incident as an example of how Russia could be expected to retaliate beyond Ukraine's borders in the event the war continues to drag on.
The report doesn't name a specific energy company, but says hackers were instructed by a Russian intelligence officer to maintain access to the computer network and "wait for further instruction."
The Times reported that the hackers were able to show they had the ability to increase valve pressure, disable alarms and trigger an emergency shutdown at an unidentified gas distribution station.
U.S. officials have acknowledged publicly that gaining access to a network and maintaining it, without necessarily taking action, is a tactic common to Russian-backed hacking efforts, said Jamil Jaffer, executive director of the National Security Institute at Virginia's George Mason University.
"Canada has to probably do a damage assessment as to what the revelations in this information mean for its relationship with other nation states, but in particular with its adversaries," Jaffer said.
But the bigger problem for the U.S. and its allies is likely not so much what's in the documents, but the fact that it could compromise intelligence sources, he added.
"More often than not, when classified information is revealed, it's less about the specific information itself and more about the fact that the persons who are communicating know what methodology they use to communicate," he said.
"They now know the source or method of your access, and they're going to be able to cut it off."
State Department spokesman Vedant Patel also described high-level international briefings with allies Monday, "including to reassure them of our commitment to safeguarding intelligence and the fidelity of securing our partnerships."
Experts say the documents are believed to have circulated for months in obscure, private corners of the internet, including in chat rooms on the gaming discussion platform Discord, before their disclosure was discovered.
"We don't know what else might be out there," Kirby said.
"One of the things we have to protect is information, not only the information itself, but the manner in which we glean that information. So I think you can understand why everybody is taking this particular set of disclosures very, very seriously."
Foreman's statement acknowledged the very real risks of cyberattacks, including by state actors, aimed at disrupting the operation of critical public and private-sector facilities.
The CSE is "concerned about the opportunities for critical infrastructure disruption, particularly with regard to internet-connected operational technology that underpins industrial processes," he said.
"State-sponsored cyberthreat actors may also target critical infrastructure to collect information through espionage; pre-position in case of future hostilities; or as a form of power projection and intimidation."
This report by The Canadian Press was first published April 10, 2023.
— With files from Jim Bronskill in Ottawa
James McCarten, The Canadian Press