#CyberFLASH: Cyberattacks on infrastructure a ‘major threat,’ says CSIS chief

shutterstock_154242893-680x400The head of Canada’s main spy agency says he views the possibility of a cyberattack by ISIS or other extremist groups on the country’s “critical infrastructure” as “a major threat.”

“Cyber is one of our top priorities,” Michel Coulombe, director the Canadian Security Intelligence Service (CSIS) told an Ottawa news conference on Wednesday.

Coulombe was responding to questions after Britain announced it is nearly doubling funding for cyber counterterrorism amid fears ISIS is looking to target Western infrastructure such as hospitals, airports or power plants by using the internet.

He was flanked by RCMP Commissioner Bob Paulson and Ralph Goodale, Canada’s newly appointed minister of public safety.

“This is an area that I’m beginning to be further briefed on by the department,” Goodale told reporters, deferring to his deputy minister and CSIS.

Read more here

#CyberFLASH: Public Safety mandate includes parliamentary oversight of intelligence agencies

a-woman-uses-her-computer-keyboard-to-type-while-surfing-the-internet-in-north-vAfter nearly a decade of tough-on-crime, security-state expanding governing by Stephen Harper, Prime Minister Justin Trudeau has mandated new Public Safety Minister Ralph Goodale to roll back some of the previous government’s trademark policies, including on intelligence oversight and gun control.

Goodale’s mandate letter, among the 30 Trudeau sent to his new cabinet that were released today, outlines 12 key priorities in the department, chief among them the creation of a parliamentary intelligence oversight committee with special access to classified national security information. The creation of such a committee is long overdue according to the experts, who have repeatedly condemned Canada as the only country among its allies that does not trust its’ parliamentarians with sensitive security information.

Also high on the list is an issue that the Liberals will have to tread very carefully with: the partial repeal of and amendments to C-51, the contentious anti-terrorism legislation pushed through by the Harper government earlier this year that, to the surprise and anger of many supporters, the Liberals had supported in the House.

One promised change to C-51 in Goodale’s mandate letter is the creation of an Office of the Community Outreach and Counter-radicalization Coordinator.

Collaboration with other departments is heavily emphasized in several of the priorities, the largest being a broad review of the cyber capabilities of Canada’s critical infrastructure with the ministers of National Defence, Innovation, Science and Economic Development, Infrastructure and Communities, Public Services and Procurement, and the President of the Treasury Board.

Read more here

#CyberFLASH: Canada not doing enough to protect critical infrastructure: Expert

Energy-power-electric-imageJust before security consultant Ray Boisvert stood to address a Toronto conference on cyber security and Canadian critical infrastructure, the building’s fire alarm went off and filled the room with a warning siren.

It was the perfect prequel for his speech, which warned governments, utilities and financial institutions aren’t doing enough to defend critical infrastructure for online attacks.

In an interview Boisvert — former assistant director of intelligence at the Canadian Security Intelligence Service (CSIS) and currently president of consultancy I-Sec Integrated Strategies, rated the country’s efforts as only B-, although he admitted no country yet has an A. However, he believes the U.S. and Western European countries are ahead of us.

While the federal government has developed a national cyber security strategy for critical infrastructure and pushed provinces and 10 sectors to form groups for sharing information, Boisvert dismissed it as mainly “process” with little action.

At the local level, civic governments “are left to their own devices,” he said. Some hydro systems owned by cities or townships “are really, really vulnerable. They have no funds, and very little awareness of cyber security.”

Provincially, Ontario, New Brunswick and Alberta are the leaders, he said. As for the federal government, it needs a cyber czar with deputy minister authority to lead the charge at that level.

This person would be the “spokesperson in chief to drive the agenda amongst the agencies, because in my estimation there isn’t great co-ordination between agencies in Ottawa, even for those who have the money.”

Read more here

#CyberFLASH: CanSecWest Presenter Self-Censors Risky Critical Infrastructure Talk


A presenter at this week’s CanSecWest security conference has withdrawn his scheduled talk for fear the information could be used to attack critical infrastructure worldwide.

Eric Filiol, scientific director of the Operational Cryptology and Virology lab. CTO/CSO of the ESIEA in France, pulled his talk on Sunday, informing organizer Dragos Ruiu via email. Filiol, a 22-year military veteran with a background in intelligence and computer security, said he has been studying the reality of cyberwar for four months and came to the decision after discussions with his superiors in the French government.

Filiol said he submitted the presentation, entitled “Hacking 9/11: The next is likely to be even bigger with an ounce of cyber,” to CanSecWest three months ago before his research was complete. Since his lab is under supervision of the French government, he was required to review his findings with authorities.

“They told me that this presentation was unsuitable for being public,” Filiol said in an email. “It would be considered as an [incentive] to terrorism and would give precise ideas to terrorists on the know-how (the methodology) and the details regarding the USA (but also how to find weaknesses in other countries).”

Read more here

#CyberFLASH: Canada – Banks, insurers must watch out for cyber attacks, OSFI warns

Canada’s financial regulator is warning banks and insurance companies they need to beef up protection against advanced cyber intrusions from a growing list of actors.

“The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile for many organizations around the world,” the Office of the Superintendent of Financial Institutions said in a note earlier this week. “As a result, significant attention has recently been paid to the overall level of preparedness against such attacks by these organizations, including financial institutions…”

OSFI said it expects financial institutions to monitor their level of preparedness, and to this end it provided guidance on how companies should conduct a “self-assessment.”

Salim Hasham, an associate partner at PwC Consulting, said banks “have been at the forefront of [cyber] security for a long time” because they realize “they are really just very complex information organizations.”

“If you look at a bank today, it’s really just an IT company that takes deposits,” he said.

Read more National Post

#CyberFLASH: Canada – Aggressive defence needed against cyber threats, expert says


OTTAWA — Canada must aggressively deploy its spies and other intelligence capabilities against accelerating cyber threats to the country’s vital digital infrastructure, says a leading expert.

Angela Gendron, writing in the Canadian Foreign Policy Journal, delivers a meaty 11,000-word assessment of the risks and dangers that digital technologies have wrought for the country’s critical infrastructure, from the machinery of government to public utilities, communications, transportation, energy and finance.

Those sectors and systems, once largely reliant on physical defences and geography for protection, are now heavily interconnected, networked and cyber-dependent. Everything from just-in-time supply chains to our water and money supplies are vulnerable to malicious cyber attacks, whether by foreign states, cyber jihadists, criminals or hackers.

With an estimated 60,000 malware variants launched virtually every day, the threat is beginning to rival that of Islamic terrorism, say Gendron and others.

Even though the current priority in Canada is international terrorism, there are growing concerns about the cyber-instrumented attacks attributed to government-backed hackers from China and Russia,” writes the senior fellow at Carleton University’s Canadian Centre of Intelligence and Security Studies.

Read more on OttawaCitizen.com

Cyber Security In Canada’s Private Sector A ‘Significant’ Problem: Government Records

r-HACKING-large570TORONTO – Gaps in the cyber security efforts of Canadian corporations could be leaving them open to sophisticated attacks by hackers, records show.

“The current situation is that there are an increasing number of new software vulnerabilities that can be exploited to gain access to companies’ networks,” reads a July 2012 memo obtained from Public Safety Canada under the Access to Information Act.

“The scale of the problem is significant. The cost of maintaining a highly secure network is high for each company, and they may not be willing to make that investment.”

Most Canadian critical infrastructure assets — including electricity distribution networks, banking systems, transportation systems and telecommunications networks — are owned by the private sector or by provincial governments.

Read more here

Information from the Canadian Cyber Incident Response Centre on Fraudulent Calls


OTTAWA – Public Safety Canada has recently noted an increase in the reported number of fraudulent calls to Canadians by someone claiming to work for the Cyber Incident Response Centre (CCIRC).

Impersonating a CCIRC employee, the fraudster calls unsuspecting Canadians with false claims about their computers, stating they have a virus, or that some credentials need to be verified. The fraudster then offers to repair the computer over the Internet for a fee, either by installing software or obtaining remote access to the computer. If remote access is granted, the fraudster has the capability of installing malware, creating a backdoor access, or obtaining financial or other sensitive information stored on the device.

While CCIRC employees may call individuals working for organizations that fall within Canada’s critical infrastructure sectors; under no circumstance would CCIRC request remote access to their computer.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.