#CyberFLASH: Ex-CSIS official backs Canada’s attempt to get cyber promise from China

feature-china-hack-keyboard-thinkstock-620x250For several years Western governments have blamed official Chinese or Chinese-government backed groups for hacking into databases of public and private organizations. But a year ago the U.S. president Barack Obama and Chinese president president Xi Jinping signed an agreement not to direct or support cyberattacks that steal corporate data for economic benefit.

Now Canada wants to do the same.

A spokesman for Public Safety minister Ralph Goodale told the Globe and Mail that this country will try to get a similar agreement, which has also been negotiated between China and the United Kingdom.

The idea has the support of Ray Boisvert, a former assistant director for intelligence at the Canadian Security Intelligence Service (CSIS) who now has his own security consulting company.

“I do support this type of approach,” he said in an email to ITWorldCanada.com. “As we collectively mature in this new networked, cyber-enabled world, be it governments, the private sector or citizens, we will have to apply all types of risk reduction strategies. And of course diplomacy should always be a first among strategic plays. It is no guarantee of success, especially without verification, but two previous agreements involving the U.S. and U.K. (and China) have recorded measurable reductions in cyber thefts of intellectual property and by extension breaches of individual privacy.

Read more here

#CyberFLASH: Public Safety Canada launches public consultation on cybersecurity landscape

image-2Public Safety Canada (PSC) has launched a public consultation on the “evolving cybersecurity landscape.”

On Tuesday, the federal government launched the Consultation on Cyber Security to help identify gaps and opportunities, bring forward new ideas to shape Canada’s renewed approach to cybersecurity and capitalize on the advantages of new technology and the digital economy, PSC said in a statement.

From now until Oct. 15, PSC will be leading the consultation by engaging stakeholders and Canadians on the trends and challenges of cybersecurity, as well as on new initiatives under consideration which will strive to build Canada’s resilience, capability and innovation in cybersecurity, the department said. Topics of the consultation include: the evolution of the cyber threat; the increasing economic significance of cybersecurity; the expanding frontiers of cybersecurity; and Canada’s way forward on cybersecurity.

The statement said that approximately 70% of Canadian businesses have been victim of cyberattacks, with an average cost of $15,000 per incident. In addition, the current global market for cybersecurity products and services is expected to grow to over $170 billion by 2020, and the job market for “cyber pros” is expected to rise by six million in the next four years, PSC reported.

Canada also has more computers per capita than any other country (129 devices per 100 people) and Canadians are the heaviest Internet users in the world, spending more than 40 hours online per person per month.

Read more here

#CyberFLASH: Trudeau government to take on cybersecurity threats

keyboardOTTAWA — With Internet-based child sex-ploitation crimes skyrocketing, the Justin Trudeau government intends to launch a “credible and comprehensive” review this spring of cybersecurity threats in Canada.

Officials with Public Safety Canada said Thursday that while the details of that review are still being hammered out by Public Safety Minister Ralph Goodale, a review will determine how Canada can best deal with everything from online predators to digital jihadists.

Kathy Thompson, the assistant deputy minister in charge of the Community Safety and Countering Crime Branch at Public Safety Canada, said while the crime rate continues to decline across the country, “there are some exceptions. One of those exceptions is child sexual exploitation over the Internet — that is going up exponentially, year over year.”

Thompson made her remarks at the House of Commons Public Safety and National Security Committee, where MPs are looking for topics their group can zero in on during the current parliamentary session.

A cybersecurity review that looks at legal gaps and shortcomings in police resources could form a plan for the way the Trudeau government approaches law-and-order issues.

“It is our intent to conduct a review that is going to be credible and comprehensive and reaches out to all stakeholders across Canada. And also to our international partners,” said Monik Beauregard, the senior assistant deputy minister at Public Safety’s national and cyber-security branch.

Liberal MP Marco Mendocino, a former Crown prosecutor who played a key role in putting some of the Toronto 18 terrorists in jail, told the committee he is particularly concerned about financial crime — the use of computers and telecom networks by organized criminals, including terrorists, to move and hide money — as well as the use of social media as a breeding ground for online hatred and incitement.

“The fact that we are now so invested in cyberspace can make us vulnerable,” said Mendocino.

Read more here

#CyberFLASH: Public Safety mandate includes parliamentary oversight of intelligence agencies

a-woman-uses-her-computer-keyboard-to-type-while-surfing-the-internet-in-north-vAfter nearly a decade of tough-on-crime, security-state expanding governing by Stephen Harper, Prime Minister Justin Trudeau has mandated new Public Safety Minister Ralph Goodale to roll back some of the previous government’s trademark policies, including on intelligence oversight and gun control.

Goodale’s mandate letter, among the 30 Trudeau sent to his new cabinet that were released today, outlines 12 key priorities in the department, chief among them the creation of a parliamentary intelligence oversight committee with special access to classified national security information. The creation of such a committee is long overdue according to the experts, who have repeatedly condemned Canada as the only country among its allies that does not trust its’ parliamentarians with sensitive security information.

Also high on the list is an issue that the Liberals will have to tread very carefully with: the partial repeal of and amendments to C-51, the contentious anti-terrorism legislation pushed through by the Harper government earlier this year that, to the surprise and anger of many supporters, the Liberals had supported in the House.

One promised change to C-51 in Goodale’s mandate letter is the creation of an Office of the Community Outreach and Counter-radicalization Coordinator.

Collaboration with other departments is heavily emphasized in several of the priorities, the largest being a broad review of the cyber capabilities of Canada’s critical infrastructure with the ministers of National Defence, Innovation, Science and Economic Development, Infrastructure and Communities, Public Services and Procurement, and the President of the Treasury Board.

Read more here

#CyberFLASH: Canadian CSOs need to share more threat information, say experts

71080359-620x250Few organizations like to share information unless it’s non-competitive with competitors for obvious reasons. But with the encouragement of Public Safety Canada, critical infrastructure firms have been setting up forums for the exchange of security information.

However, two experts say Canadian organizations need to do more confidential threat intelligence sharing if they are going to stay ahead of attackers.

Kevvie Fowler, a partner in KPGM Canada’s risk consulting services and Vivek Khindria, head of information security at Bell Canada [TSX: BCE], urged more co-operation during this week’s Canadian Telecom Summit, where they were on a panel on the importance of threat intelligence.

“Most sectors have learned that trying to hoard (security) information is not going to be a competitive advantage,” Khindria said during the session. “The bad guys are really good at sharing information, and we have to get better. And that may mean laws have to change, my mean more support at the federal level, but it also means that each of us as companies and organizations have to go about figuring out how to share that information.”

“The amount of information sharing (in the private sector) is improving,” Fowler said in an interview. “Is it enough, No, we still need more information sharing … As we get up to the executive level it would be great to see more.

“(Threat) information isn’t just to be shared by managers, (line of business) directors or VPs, it should also be done at the board level.” (During his panel presentation he said some boards are doing it).

Read more here

#CyberFLASH: TELUS and Public Safety Canada Help Canadians Protect Personal Information on Their Mobile Devices

Cyberfile+Mobile+Banking+20TORONTO – Instances of cybercrime among Canadian smartphone users have grown exponentially in recent years, doubling from 16 per cent in 2012 to 32 per cent in 2013(1). In a joint effort to thwart cybercrime and protect Canadians, TELUS and Public Safety Canada have launched the #BeAppSafe campaign to inform, educate and inspire action among Canadians to secure the personal information they store on their mobile devices.

“Public Safety Canada is dedicated to tackling cyber threats through our awareness initiative, Get Cyber Safe,” said the Honourable Steven Blaney, Canada’s Minister of Public Safety and Emergency Preparedness. “We’re pleased to collaborate with TELUS on the #BeAppSafe campaign to amplify our efforts and encourage Canadians to take steps to better protect themselves and their families.”

Canadians’ personal and professional lives are increasingly dependent on their smartphones. In fact, 54 per cent of Canadians say they value the information on their smartphone more than the device itself(2). Increasingly, people use their mobile phones for services and experiences like online banking, fitness tracking, social platforms and gaming, yet more than half of Canadians are unaware that apps like these can track information such as their physical location(3).

Read more here

#CyberFLASH: Privacy watchdog investigating RCMP data collection


OTTAWA–Canada’s privacy watchdog is investigating the RCMP’s warrantless collection of Canadians’ personal data.

The Office of the Privacy Commissioner confirmed last week it is formally reviewing the police force’s collection of Canadians’ personal data from telecommunications companies. The findings are expected to be made public in the near future.

The RCMP has never met with the privacy commissioner to ensure that its requests comply with privacy laws, according to a recent disclosure to Liberal MP Irwin Cotler.

The investigation was launched after the former privacy commissioner, Chantal Bernier, revealed to the Star and the Halifax Chronicle Herald that nine telecoms were asked to turn over user data 1.2 million times in 2011.

Authorities in Canada, including the RCMP, routinely sought “basic subscriber information” — names, telephone numbers, address and Internet protocol addresses — without having to obtain a warrant.

Public Safety revealed last week that it has met with the privacy office numerous times to attempt to draft a new system of accountability for Canada’s police and spy agencies.

Read more here


#CyberFLASH: Canada’s military squeezed out of cyber-defence, emails warn


OTTAWA — Military advisers working on the cyber-security file warned a year ago that the Canadian Forces were on the verge of being pushed entirely out of the realm of cyber-defence, according to internal emails from the military’s cyber task force.

In a March 5, 2013 email exchange, one Canadian Forces officer argued the military had not pushed hard enough to be the lead digital defence agency and warned that not pushing harder would “drive DND/CF entirely out of the cyber ops business.”

What role the Canadian Forces should play in protecting the country in cyberspace has been debated for years, and the emails give a glimpse into how the military continues to grapple with its place in Canada’s cyber security strategy.

In Canada, Public Safety Canada is the central hub for cyber-security policy and works with provinces, territories, municipalities and the private sector to help them protect their networks. The Communications Security Establishment Canada (CSEC), which has among the most powerful computer resources in the country, is in charge of defending federal government systems and gathering foreign intelligence on potential cyber threats.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.