#CyberFLASH: Public Safety Canada launches public consultation on cybersecurity landscape

image-2Public Safety Canada (PSC) has launched a public consultation on the “evolving cybersecurity landscape.”

On Tuesday, the federal government launched the Consultation on Cyber Security to help identify gaps and opportunities, bring forward new ideas to shape Canada’s renewed approach to cybersecurity and capitalize on the advantages of new technology and the digital economy, PSC said in a statement.

From now until Oct. 15, PSC will be leading the consultation by engaging stakeholders and Canadians on the trends and challenges of cybersecurity, as well as on new initiatives under consideration which will strive to build Canada’s resilience, capability and innovation in cybersecurity, the department said. Topics of the consultation include: the evolution of the cyber threat; the increasing economic significance of cybersecurity; the expanding frontiers of cybersecurity; and Canada’s way forward on cybersecurity.

The statement said that approximately 70% of Canadian businesses have been victim of cyberattacks, with an average cost of $15,000 per incident. In addition, the current global market for cybersecurity products and services is expected to grow to over $170 billion by 2020, and the job market for “cyber pros” is expected to rise by six million in the next four years, PSC reported.

Canada also has more computers per capita than any other country (129 devices per 100 people) and Canadians are the heaviest Internet users in the world, spending more than 40 hours online per person per month.

Read more here

#CyberFLASH: Internet users don’t understand security or privacy, says survey

Apple Hosts Event At Company's Town HallCanadian think-tank CIGI (the Centre for International Governance and Innovation) reckons ordinary citizens are more comfortable with government oversight of the Internet and their privacy than, for example, Apple.

In an international survey (24,000 respondents in 24 countries), the group claims more than 70 per cent want the “dark net” shut down (which rests on the assumption that 70 per cent of people actually know what the “dark net” is).

Dark net hostility is greatest in Indonesia, India and Mexico (all above 80 per cent saying it should be eliminated), with the US and Australia tied at 72 per cent.

At the same time, an average of more than 26 per cent of users don’t trust their governments at all over monitoring their communications without their knowledge (something not highlighted in either of the two CIGI-Ipsos media releases; The Register pulled out those numbers from the survey data.).

In among the scary depiction of the dark-web – “child abuse imagery, the purchase of illegal narcotics or planning an assassination”, for example – CIGI research fellow Eric Jardine concedes that “shuttering anonymity networks is not a viable long-term solution, as it will probably prove ineffective”.

Only 8.47 per cent of respondents, on average, said they trust their governments completely (the citizens that most trust their governments were in Tunisia, at 27 per cent, and Pakistan, at 21 per cent).

The survey also demonstrates that most respondents don’t understand that unbreakable encryption protects things like their online banking and shopping, as well as protecting criminals: 60 per cent of Americans and 63 per cent of the total sample reckon “companies should not develop technologies that protect law enforcement from accessing the content of a user’s online data”.

Read more here

#CyberFLASH: Ontario Education department suffers loss of email addresses

10712553An Ontario government department has learned the hard way about the need to secure a Web site. The Education ministry has acknowledged that 5,000 unencrypted email addresses of people who had left contact information on a site were recently exposed.

The ministry realized on March 5 there had been a loss of email addresses left by people who went to a site for information on workshops, Nilani Logeswaran, press secretary to Education minister Liz Sandal, confirmed in an interview this morning that. No other personal information was accessed.

The stolen email addresses were then publicly exposed on another Web site, which has since been taken down.

The Ontario Provincial Police and the provincial privacy commissioner are investigating.

As a result of discovering the breach the Education ministry Web site was immediately taken down. As a precaution the Ministry of Training, Colleges and Universities’ Web site was also taken offline. Both are now back online, Logeswaran said.

Read more here

#CyberFLASH: Privacy issues could not be ignored in 2014

hackers.jpg.size.xxlarge.letterboxIt’s been a year like no other for those who follow the privacy, telecommunications and online security debate in Canada.

It started with a bombshell revelation that Canada’s electronic spying agency CSEC had monitored Canadians at airports and elsewhere within the country, apparently in contravention of the law. That was followed by a series of data breaches, court rulings, new legislation and a robust public debate about when and how citizens’ personal data can and should be accessed.

To help put 2014 in perspective, we spoke with telecom and cybersecurity expert Christopher Parsons, post-doctoral fellow at the University of Toronto’s Citizen Lab and managing director of the Telecom Transparency Project, to review how the discussions around privacy shifted in 2014 and what to expect in the new year.

Postmedia: Looking back on a year of new privacy legislation, Supreme Court rulings and yet more Snowden revelations about how much governments are spying on us, what were the biggest takeaways for you as a researcher who studies these things?

Read more here

#CyberFLASH: ‘Sensitive’ surveillance figures worried feds

blackburnnews_national-620x356OTTAWA – A move by telecommunications firms to be more forthcoming with the public about their role in police and spy surveillance could divulge “sensitive operational details,” a senior Public Safety official warned in a classified memo.

Company efforts to reveal more about police and intelligence requests — even the disclosure of broad numbers — would require “extensive consultations with all relevant stakeholders,” wrote Lynda Clairmont, senior assistant deputy minister for national and cybersecurity.

Clairmont’s note, released under the Access to Information Act, provided advice to deputy minister Francois Guimont on the eve of his one-hour April 17 meeting with representatives of Telus Corp. to discuss specifically what information the company was allowed to tell the public about electronic surveillance activities.

Telus released a so-called “transparency report” five months later, revealing it had received more than 103,000 official requests for information about subscribers in 2013.

Rogers Communications published a similar report in June — three months before Telus — becoming the first of the major Canadian telecom firms to issue one. Bell Canada, the other major company, has yet to release a report.

Read more here

#CyberFLASH: Cybersecurity Experts Gather in Ottawa to Discuss Quantum-Safe Standards


WATERLOO – Experts from around the world will gather in Ottawa this week to discuss cybersecurity in a quantum world.

The University of Waterloo’s Institute for Quantum Computing (IQC), in partnership with the European Telecommunications Standards Institute (ETSI), will host the 2nd Quantum-Safe Cryptography Workshop in our nation’s capital. The workshop brings together leading experts in cybersecurity, quantum computing and quantum technologies, along with government and industry leaders to develop a roadmap to ensure tomorrow’s cybersecurity protocols are secure in a world with quantum computers.

“We must start thinking about the future today,” says Michele Mosca, deputy director of IQC and co-organizer of the workshop. “It takes years to establish the right standards and protocols for cybersecurity. We don’t have a large-scale quantum computer yet, but we are quickly getting closer and there is a serious risk of having such quantum computers before the right quantum-safe protocols are in place.”

Read more here

#CyberFLASH: Spy agency consulted regularly with energy firms


The chief of Communications Security Establishment Canada, the agency behind alleged industrial espionage against Brazil, insists all of its activities are legal, as details emerged Wednesday that CSEC had participated in private meetings between Canadian security agencies and energy companies.

Canadian Energy corporations acknowledged Wednesday they do, indeed, meet with security officials from CSEC and other departments, but said these are only to identify security threats and find ways to develop counter-measures to protect their operations.

Citing documents obtained under access to information laws, The Guardian newspaper in London reports federal government ministries, spy agencies – including CSEC – the RCMP and representatives from several energy companies, who were granted high-level security clearance, have met twice a year since 2005.

The federal meetings with energy industry officials were to discuss “threats” to energy infrastructure and “challenges to energy projects from environmental groups,” as well as “cybersecurity initiatives” and “economic and corporate espionage.”

Read more here

#CyberFLASH: Canadian retailers need to shake their computer security complacency


The term “buyer beware” used to mean that you might regret the purchase you were about to make. Now it basically serves as a warning that no matter where you shop, your personal data may be at serious risk.

This week, following the recent high-profile computer security attacks at Target, Nordstrom and other major U.S. merchants, the Retail Industry Leaders Alliance based in Arlington, Va. announced the formation of a council that will focus on cybersecurity issues and a push for better laws to notify consumers when an attack occurs. In Canada, meanwhile, major Canadian retailers announced … nothing.

Part of the problem, according to Toronto-based security and privacy consultant Claudiu Popa, is that Canada has been ahead of the U.S. in some areas, like our adoption of chip and PIN technology on credit and debit cards. The U.S. is still largely a mag-stripe market (though the retail association hopes to change that soon).

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.