#CyberFLASH: Ottawa to spend $100M to battle cyber attacks

99783415-620x250The government will be spending as much a $100 million to protect its computer systems against cyber attacks.

There is also “a request from inside the government” for extra money in the upcoming 2015 federal budget to back this cyber security strategy, according to a report from the Globe and Mail.

The daily said it got its information from a senior officials who asked not to be identified. The sources said the amount needed for the initiative could go over $100 million spread over several years. The project will involve upgrading the government security system.

The decision to move beyond patching security holes comes after Chinese state-backed hackers broke into the National Research Council’s network in July last year. The national body responsible for business-led technology research the “cyber-intrusion” on its IT infrastructure was detected by the country’s electronic spy agency, the Communications Security Establishment Canada (CSEC). The NRC said the cyber attack was carried out by a “highly sophisticated Chinese state-sponsored actor.”

The NRC had to shut down the system to thwart cyber espionage activities. However, sources told the Globe and Mail that officials knew of the intrusion before they system was shut down. They did this in order to find out what the attackers were doing and how they were going about it.

Read more here

#CyberFLASH: Leaks, breaches and cyberattacks: the biggest hacks of 2014


Loopholes were exploited and security barriers toppled as hackers reigned in 2014. Multinational corporations, celebrities, and government websites all fell victim to cyberattacks.

Let’s face it, nowadays it takes more than run-of-the-mill password protection to stay secure — especially when the most common password is “123456” — to keep private data safe.

Here are the cyberattacks of significance this year.

Heartbleed infects the CRA

With a name like Heartbleed, it is hard to picture anything but the all-too-common Hollywood trope of a “nerd” typing frantically at a Matrix-esque black and green screen.

Last April, the computer bug that exploits a flaw in widely-used encryption software was responsible for allowing a hacker to access taxpayer data from the Canada Revenue Agency.

Read more here


#CyberFLASH: 2 Canadian companies approached by China after NRC cyberattack

online-surveillance-20141030Two Canadian companies were approached by Chinese businesses shortly after the National Research Council’s computers were hacked this summer, leaving them wondering whether the approach and the attack were linked.

Documents released under the Access to Information Act and obtained by CBC News offer insight into the consequences for private sector interests when a government institution they work with is breached.

The two companies were among those notified by the NRC in the days after the cyberattack that their data had been hacked. Both were subsequently approached by Chinese companies about their businesses.

The federal government blamed the attack on a Chinese state-sponsored actor.

One Canadian businessman wrote an email to the NRC saying, “It’s somewhat ironic, that Canada’s premier R&D organization, the NRC, although cutting edge with many new technologies, doesn’t seem to have equivalent cutting-edge protection of its computer networks setup.”

Read more here

#CyberFLASH: NRC head says cyberattack hasn’t spooked partners


The head of the National Research Council said that an alleged hack of the agency’s servers by a Chinese “state-sponsored actor” is “unfortunate,” but reflects “the reality of the times.”

In his first public comments on the July cyberattack that shut down the agency’s servers, NRC President John McDougall said the agency’s private sector partners are largely satisfied with the steps taken to address the matter.

“We’ve been very open with our customers in terms of the fact that it happened,” McDougall told reporters in Whitehorse Thursday. “With very, very few exceptions they have been quite pleased with the responses that we’ve been taking to try and make sure we’re safeguarding their information.”

The agency has been tight-lipped about what the hackers were after, or how much information they were able to access, if any. Since the attack was confirmed by the government on July 29, an NRC spokesman has repeatedly refused interviews on the issue, citing security concerns.

Read more here

#CyberFLASH: NRC hacks a security wake-up call

Quebec hacker

It could take a year or more for the Canadian government to recover after its chief information officer confirmed Chinese statesponsored hackers were found to be breaking into the networks of the National Research Council.

This “cyber intrusion’ into the NRC’s computer network was detected and confirmed by Communications Security Establishment Canada, which is now working with IT experts and security partners to create a new secure IT infrastructure for the NRC and the broader federal government.

It could take at least a year, officials say, simply to mitigate the risk of future cyber threats of this nature.

Meanwhile, data security companies working in the private sector are coming forward with suggestions for the NRC specifically, and Canadians in general, on how to better protect themselves online.

CloudMask, for example, is an information technology and security company based in Ottawa. It has received certification for its security technology by Shared Service Canada (SSC) for integration with its security infrastructure.

Read more here

#CyberFLASH: China slams Canada for ‘irresponsible’ hacking accusations


BEIJING – China’s foreign ministry accused Canada on Thursday of making irresponsible accusations lacking any credible evidence after Canada singled out Chinese hackers for attacking a key computer network and lodged a protest with Beijing.

Officials said “a highly sophisticated Chinese state-sponsored actor” had recently broken into the National Research Council. The council, Canada’s leading research body, works with major companies such as aircraft and train maker Bombardier Inc..

Canada has reported hacking incidents before, but this was the first time it had singled out China.

Read more here

#CyberFLASH: Act now to protect government departments from cyberattacks


Federal bureaucrats are once again warning that Canada’s government departments and agencies are vulnerable to cyberattacks.

Internal documents obtained by the Star’s Alex Boutilier this past week reveal a number of issues that put Canada at risk.

They include an IT “incident management plan” that is too complex and unclear on who is responsible for what. A lack of co-ordination between that plan and Ottawa’s overall Federal Emergency Response Plan. And a number of departments and agencies failing to use the government’s secure network.

That last point is particularly troubling after Canada accused China last week of carrying out a cyberattack on the National Research Council of Canada. The NRC had reportedly resisted joining the government’s secure Shared Services network, preferring its own.

Read more here

#CyberFLASH: NRC cyber-security breach sign of bigger problem


The attack on computer systems within the National Research Council that was revealed this week is another example of a concerning trend regarding the federal government’s efforts when it comes to protecting this country’s computer networks.

The attack has left the lead scientific organization in Canada crippled; officials say it could be more than a year before operations at the agency resume in a normal fashion.

While the government seems to be giving itself kudos for discovering the intrusion, the real question that needs to be asked is whether it could have been prevented in the first place.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.