March 3, 2024 | Local, Defence and Security
Welcome to Cyber Security Today. From Toronto, this is the Week in Review for the week ending Friday March 1st, 2024 I'm Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S. In a few minutes Terry Cutler of Cyology Labs will join me to discuss some of the news from the
October 30, 2023
During a MapleSEC fireside chat, Jim Love, CIO of IT World Canada, welcomed Chad Skipper, global security technologist from VMware, for a conversation that delved into the complexities of modern cybersecurity and the solutions being developed to address them. Visibility in the virtual battlefield The discussion revolved around the concept of visibility within organizational networks,
April 13, 2023
CSE’s Canadian Centre for Cyber Security (Cyber Centre) joined the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the following international partners to provide recommendations for Information Technology (IT) manufacturers to use secure by design and secure by default principles in the development of their products: Australian Cyber Security Centre (ACSC) New Zealand: Computer Emergency Response Team New Zealand (CERT NZ) New Zealand National Cyber Security Centre (NZ NCSC) United Kingdom’s National Cyber Security Centre (NCSC-UK) Germany’s Federal Office for Information Security (BSI) Netherlands National Cyber The new guide emphasizes the need to shift the burden of cyber security risk away from the customer and instead encourage technology manufacturers to design safe products that are secure by design and by default. Technology is integrated into many facets of daily life; internet-facing systems are connected to critical systems that directly impact livelihood ranging from personal identity management to medical care. Insecure technology and vulnerabilities in critical systems may result in cyber incidents, leading to serious potential safety risks. Cyber breaches have real life consequences for many people. The burden of cyber security, and ultimately customer safety, is currently placed on end users: IT customers and organizations. These end users are required to spend significant resources to keep up to date on emerging threats, as well as to adopt security processes and practices to counter those threats. For too long, the technology industry and the security community have pushed responsibility for protecting systems and information to end users and customers. The changes proposed in this guide are necessary to ensure a better cyber security future for all. To have a future where technology is safe for everyone, technology manufacturers and suppliers must create and ship safe products. This means products that are secure by design (security is built in from the development, not as an afterthought) and secure by default (products that are safe to use out of the box with little to no configuration changes necessary and are available without additional cost). Secure-by-Design products make the security of the customers a core business requirement, not just a technical feature. We need to ensure the end-users, everyday Canadians, are not responsible for preventing cyber breaches caused by product design flaws. We encourage manufacturers to build their products in a way that prevents customers from having to constantly perform monitoring, routine updates, and damage control on their systems to mitigate cyber intrusions. We need to move towards placing the burden of cyber security on IT manufacturers rather than on IT consumers – whether they are individuals or organizations. This is a key part in creating a future where technology is safer for everyone. More information and to read the complete guide. https://www.cyber.gc.ca/en/news-events/communications-security-establishment-cse-and-partners-issue-joint-guide-shifting-balance-cybersecurity-risk-technology-product-safety
April 13, 2023
Since Russia’s unjustified and illegal invasion of Ukraine began over one year ago, and especially in recent weeks, we have seen a notable rise in cyber threat activity by Russian-aligned actors targeting Ukraine’s partners. Canada is no exception. These activities are a direct response to our steadfast support to the people and Government of Ukraine – and they will not deter Canada’s support for Ukraine. This malicious cyber activity is frequently directed at critical infrastructure networks, and technology used to run vital sectors. Threat actors have also used strategically-timed Distributed Denial of Service attacks (DDoS) against government and business web sites. To help organizations mitigate the impact of DDoS attacks, the Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (Cyber Centre) released a Cyber Flash to partners within the Government of Canada and critical Canadian sectors on April 12. This Cyber Flash was released to share known facts about this ongoing campaign. We continue to monitor, reassess and respond to this campaign, and may release further products at a later time if warranted. CSE works every day to defend government systems from threats. On any given day, CSE’s defensive systems can block anywhere from 3 to 5 billion malicious actions targeting government networks. These defensive actions are a result of CSE’s dynamic cyber defence capabilities which remain ready to defend government systems and protect against future attacks. In addition, Canadian organizations and critical infrastructure operators – who operate the systems on which we depend every day – must be prepared to protect against known cyber threats. Previously the Cyber Centre has warned Canadian organizations to be prepared for cyber threat actors to try to disrupt, deface, and exploit Canadian network assets. If you run the critical systems that power our communities, offer internet access to Canadians, provide health care, or generally operate any of the services Canadians can’t do without, you must protect your systems. Monitor your networks. Apply mitigations. I urge Canadian critical infrastructure organizations to review the Cyber Centre’s Cyber Threat Bulletin: Cyber Threats to Operational Technology and follow this advice: Isolate CI components and services from the internet when under imminent threat, such as a ransomware incident or denial of service attack Use secure administrative workstations to separate sensitive tasks and manage administrative privileges and accounts Implement network security zones to control and restrict both access and data communication flows to certain components and users Test manual controls to ensure critical functions can operate if your network is unavailable Identify, separate, and monitor your information technology (IT) and operational technology (OT) networks Test OT, including industrial control systems (ICS), as part of your incident response plan to ensure critical functions can operate during an outage or cyber incident Protect your organization against denial-of-service attacks The Cyber Centre shares valuable cyber threat information with Canadian critical infrastructure and government partners through protected channels. This vital information includes indicators of compromise (IoCs), threat mitigation advice, and confidential alerts about new forms of malware, and other tactics, techniques, and procedures used to target victims. It’s the kind of information you can use to protect your organization. In addition to the advice above for critical sectors, the Cyber Centre urges Canadian organizations to take note of the following cyber security guidance: Joint cyber security advisory on Russian state-sponsored and criminal cyber threats to critical infrastructure The Cyber Centre’s Top 10 IT security actions to protect internet connected networks and information including to Consolidate, monitor, and defend Internet gateways; Isolate web-facing applications; segment and separate information; protect information at the enterprise level; and implement application allow lists The Cyber Centre’s Top 10 IT security actions Joint Cyber Security Advisory Technical approaches to uncovering and remediating malicious activity Review perimeter network systems to determine if any suspicious activity has occurred Review and implement preventative actions outlined within the Cyber Centre’s guidance on protecting your organization against denial of service attacks Report any cyber incidents to the Cyber Centre You are the first line of defence in keeping your organizations, and Canadians, safe from cyber threats. Together we will help keep Canada safe https://www.canada.ca/en/communications-security/news/2023/04/statement-from-the-minister-of-national-defence--cyber-threats-to-critical-infrastructure.html