#CyberFLASH: Canada’s national cyber threat centre looking to expand

a-woman-uses-her-computer-keyboard-to-type-while-surfing-the-internet-in-north-vEveryone looks forward to April 1 as a sign that spring will really be here. Gwen Beauchemin, director of the federal government’s Canadian Cyber Incident Response Centre (CCIRC) is looking forward to it even more.

That’s because her budget for the new fiscal year starting on that date will allow here to up its staff to 87 from 43, which will help it expand its threat gathering capabilities as well as its threat intelligence services to Canadian organizations.

“We’re very thankful that we’re seeing messages now that the [new Liberal] government would like us to be more forward leaning and outward,” she said in an interview, “so I can only think that will raise awareness and the success of getting that information out to all.”

The centre, part of Public Safety Canada, has 1,200 provincial, municipal and private sector subscribers in the country — largely organizations in critical infrastructure — a number she’d like to substantially increase.

It pulls in over 1 million pieces of spam a day and identifies 300,000 different vulnerabilities. In 2015 it discovered over 87 million new pieces of malware.

The centre categorizes information in four levels based on the Traffic Light Protocol used by 14 countries. Each level carries increased risk to privacy or operations if misused: White, data that can be share with anyone (like a publicly announced Microsoft bug); Green, information that can be shared only with peers, and not via publicly accessible channels.; Amber (shared only with people the centre knows in its trusted community, and only with those who need to know,); and Red (limited distribution, unless it’s urgent).

Unlike the U.S., where a wide range of association-led private sector threat information sharing and analysis centres (ISACs) have sprung up, most of CIRC’s members are organizations.

Read more here

#CyberFLASH: Who’s behind NRCan hack? If feds know, nobody’s telling

images-126Nearly a week after a spate of lifestyle ads touting belly dancing lessons and mole removal invaded the Natural Resources Canada website, the country’s cyber security officials are keeping mum on the origin of the attack.

Was it a hack by a radical environmental group? By anti-Keystone cyber-guerrillas? Slow week for North Korea’s Unit 121?

If the government knows, it isn’t telling.

A spokesperson for Public Safety Canada acknowledged the “problem,” but would not elaborate on the “specific remedial actions being taken to resolve the issue.”

The department also acknowledged the work of the Canadian Cyber Incident Response Centre (CCIRC), the national computer security incident response team. However, a second spokesperson would comment only on the CCIRC’s broader mandate — not on the role the team played in addressing this issue, specifically.

“While we respectfully decline your request for an interview, we will say that our Government is defending Canada’s cyber security and protecting and advancing our national security and economic interests,” Jean Paul Duval wrote in an email to iPolitics Tuesday evening.

Read more here

#CyberFLASH: NRC cyber-security breach sign of bigger problem

ottawa-on-july-05-2012-gas-leak-at-national-research-council-at-100-suss

The attack on computer systems within the National Research Council that was revealed this week is another example of a concerning trend regarding the federal government’s efforts when it comes to protecting this country’s computer networks.

The attack has left the lead scientific organization in Canada crippled; officials say it could be more than a year before operations at the agency resume in a normal fashion.

While the government seems to be giving itself kudos for discovering the intrusion, the real question that needs to be asked is whether it could have been prevented in the first place.

Read more here

#CyberFLASH: Canada – Banks, insurers must watch out for cyber attacks, OSFI warns

Canada’s financial regulator is warning banks and insurance companies they need to beef up protection against advanced cyber intrusions from a growing list of actors.

“The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile for many organizations around the world,” the Office of the Superintendent of Financial Institutions said in a note earlier this week. “As a result, significant attention has recently been paid to the overall level of preparedness against such attacks by these organizations, including financial institutions…”

OSFI said it expects financial institutions to monitor their level of preparedness, and to this end it provided guidance on how companies should conduct a “self-assessment.”

Salim Hasham, an associate partner at PwC Consulting, said banks “have been at the forefront of [cyber] security for a long time” because they realize “they are really just very complex information organizations.”

“If you look at a bank today, it’s really just an IT company that takes deposits,” he said.

Read more National Post

Was Halifax’s e-vote hacked?

vote

It’s been several weeks since I revealed evidence that the online voting in last fall’s municipal elections in Halifax was not secure. Now I’m starting to wonder, does anyone care? How many people care about defending our most basic pillar of democracy—our elections?

I obtained the damning documents through an Access to Information request to the Canadian Cyber Incident Response Centre (CCIRC) of Public Safety Canada—the federal government agency charged with helping ensure internet safety. Although the documents were heavily censored, they made clear that right up until the day before online voting began on October 6, 2012, an outside security researcher, the CCIRC, the election software vendor (Scytl) and the Halifax Regional Municipality Elections Office were grappling with a myriad of security vulnerabilities.

Read more here

Information from the Canadian Cyber Incident Response Centre on Fraudulent Calls

images-114

OTTAWA – Public Safety Canada has recently noted an increase in the reported number of fraudulent calls to Canadians by someone claiming to work for the Cyber Incident Response Centre (CCIRC).

Impersonating a CCIRC employee, the fraudster calls unsuspecting Canadians with false claims about their computers, stating they have a virus, or that some credentials need to be verified. The fraudster then offers to repair the computer over the Internet for a fee, either by installing software or obtaining remote access to the computer. If remote access is granted, the fraudster has the capability of installing malware, creating a backdoor access, or obtaining financial or other sensitive information stored on the device.

While CCIRC employees may call individuals working for organizations that fall within Canada’s critical infrastructure sectors; under no circumstance would CCIRC request remote access to their computer.

Read more here

Government could be handcuffed during cyber attack affecting private sector

blackout-resize

OTTAWA — A targeted cyber attack on a private company or organization controlling a piece of Canada’s critical infrastructure could leave the federal government on the sidelines, able to offer help but with no guarantee that it would be accepted.

Nor would there be any way for the federal government to force companies to accept its involvement should a targeted hack take down critical infrastructure such as electrical plants, water systems or rail, an issue identified during two cyber exercises last year.

“Not clear what the federal government could actually do. The federal government does not ‘solve’ the problem for the affected entity, only coordination and providing advice. Ultimately, it’s up to the entity to fix the problem,” reads a summary of issues and questions arising from the summer exercise.

Read more here

Tories prepared to spend $200,000 for better cyber intelligence

A command post for war games shows US and South Korean soldiers working together in a US military camp in the centre of Seoul on March 15, 2013. The computer screens in the room were off during a visit by journalists. North Korea accused the United States and South Korea of carrying out a cyber attack against its official websites this week after troops in the South launched annual military exercises amid high tensions.    AFP PHOTO / POOL/ KIM JAE-HWANKIM JAE-HWAN/AFP/Getty Images

OTTAWA — The federal government is set to spend up to $200,000 a year for an outside company to track all cyber attacks in Canada and rank how bad the attacks are relative to those in the rest of the world.

The statement of work details precisely what the government requires. It says that the monthly, quarterly and annual reports needed should be “truly representative of the actual cyber threat activity around the world.”

The reports would fill a blind spot in intelligence.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.