News

Students in grades seven to twelve from Canada?s top teams competed in the sixth CyberTitan competition at the University of Waterloo (UW) on Monday.

Clients? names, social insurance numbers and personal addresses were part of a data breach at one of Canada?s largest investment firms.

One of Canada's intelligence watchdogs has scolded the country's cyber security agency over its approach to international law.

De : Centre canadien pour la cybersécurité Le 19 avril 2023 Le Centre canadien pour la cybersécurité  (Centre pour la cybersécurité) du CST s’est joint aux partenaires en cybersécurité suivants pour diffuser une publication conjointe visant à rappeler aux communautés et aux praticiennes et praticiens des TI les pratiques exemplaires assurant la cybersécurité des infrastructures des villes intelligentes : Australian Cyber Security Centre; Cybersecurity and Infrastructure Security Agency; Federal Bureau of Investigation; National Security Agency; National Cyber Security Centre de la Nouvelle-Zélande; National Cyber Security Centre du Royaume-Uni. Tous les partenaires reconnaissent que les villes intelligentes présentent de nombreux avantages dans les communautés. Cependant, les villes intelligentes sont des cibles de choix pour les auteures et auteurs de cybermenace  qui exploitent les systèmes vulnérables dans le but de voler des données liées aux infrastructures essentielles ainsi que des renseignements exclusifs, de mener des activités de rançongiciel  ou de lancer des cyberattaques destructrices. La réussite d’une cyberattaque  peut occasionner : l’interruption des services d’infrastructure; des pertes financières considérables; l’exposition de données privées de citoyennes et citoyens; l’érosion de la confiance des citoyennes et citoyens à l’égard des systèmes intelligents; des répercussions physiques sur les infrastructures susceptibles de causer des dommages physiques ou des pertes de vie. Les communautés qui déploient des technologies de villes intelligentes devraient tenir compte de ces risques dans leur approche globale de gestion des risques. La publication conjointe contient des pratiques exemplaires que les organisations devraient mettre en place afin d’assurer la protection de leurs données ainsi que l’exploitation sûre et sécurisée des infrastructures des villes intelligentes. Lisez la publication conjointe sur les pratiques exemplaires en matière de cybersécurité pour les villes intelligentes (disponible en anglais seulement). https://www.cyber.gc.ca/fr/nouvelles-evenements/publication-conjointe-pratiques-exemplaires-matiere-cybersecurite-villes-intelligentes

École de technologie supérieure develops courses, programs to fast-track IT engineers The Internet of Things (IoT) has become such an integral part of our world that it’s easy to focus on the cyberworld’s benefits while neglecting the cyberthreats. The number of businesses that use IoT technologies has increased from 13 per cent in 2014 to about 25 per cent today. The worldwide number of IoT-connected devices is projected to increase to 43 billion by 2023, nearly a threefold increase from 2018.

CSE’s Canadian Centre for Cyber Security  (Cyber Centre) joined the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the following international partners to provide recommendations for Information Technology (IT) manufacturers to use secure by design and secure by default principles in the development of their products: Australian Cyber Security Centre (ACSC) New Zealand: Computer Emergency Response Team New Zealand (CERT NZ) New Zealand National Cyber Security Centre (NZ NCSC) United Kingdom’s National Cyber Security Centre (NCSC-UK) Germany’s Federal Office for Information Security (BSI) Netherlands National Cyber The new guide emphasizes the need to shift the burden of cyber security risk away from the customer and instead encourage technology manufacturers to design safe products that are secure by design and by default. Technology is integrated into many facets of daily life; internet-facing systems are connected to critical systems that directly impact livelihood ranging from personal identity management to medical care. Insecure technology and vulnerabilities in critical systems may result in cyber incidents, leading to serious potential safety risks. Cyber breaches have real life consequences for many people. The burden of cyber security, and ultimately customer safety, is currently placed on end users: IT customers and organizations. These end users are required to spend significant resources to keep up to date on emerging threats, as well as to adopt security processes and practices to counter those threats. For too long, the technology industry and the security community have pushed responsibility for protecting systems and information to end users and customers. The changes proposed in this guide are necessary to ensure a better cyber security future for all. To have a future where technology is safe for everyone, technology manufacturers and suppliers must create and ship safe products. This means products that are secure by design (security is built in from the development, not as an afterthought) and secure by default (products that are safe to use out of the box with little to no configuration changes necessary and are available without additional cost). Secure-by-Design products make the security of the customers a core business requirement, not just a technical feature. We need to ensure the end-users, everyday Canadians, are not responsible for preventing cyber breaches caused by product design flaws. We encourage manufacturers to build their products in a way that prevents customers from having to constantly perform monitoring, routine updates, and damage control on their systems to mitigate cyber intrusions. We need to move towards placing the burden of cyber security on IT manufacturers rather than on IT consumers – whether they are individuals or organizations. This is a key part in creating a future where technology is safer for everyone. More information and to read the complete guide. https://www.cyber.gc.ca/en/news-events/communications-security-establishment-cse-and-partners-issue-joint-guide-shifting-balance-cybersecurity-risk-technology-product-safety

Since Russia’s unjustified and illegal invasion of Ukraine began over one year ago, and especially in recent weeks, we have seen a notable rise in cyber threat activity by Russian-aligned actors targeting Ukraine’s partners. Canada is no exception. These activities are a direct response to our steadfast support to the people and Government of Ukraine – and they will not deter Canada’s support for Ukraine. This malicious cyber activity is frequently directed at critical infrastructure networks, and technology used to run vital sectors. Threat actors have also used strategically-timed Distributed Denial of Service attacks (DDoS) against government and business web sites. To help organizations mitigate the impact of DDoS attacks, the Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (Cyber Centre) released a Cyber Flash to partners within the Government of Canada and critical Canadian sectors on April 12. This Cyber Flash was released to share known facts about this ongoing campaign. We continue to monitor, reassess and respond to this campaign, and may release further products at a later time if warranted. CSE works every day to defend government systems from threats. On any given day, CSE’s defensive systems can block anywhere from 3 to 5 billion malicious actions targeting government networks. These defensive actions are a result of CSE’s dynamic cyber defence capabilities which remain ready to defend government systems and protect against future attacks. In addition, Canadian organizations and critical infrastructure operators – who operate the systems on which we depend every day – must be prepared to protect against known cyber threats. Previously the Cyber Centre has warned Canadian organizations to be prepared for cyber threat actors to try to disrupt, deface, and exploit Canadian network assets. If you run the critical systems that power our communities, offer internet access to Canadians, provide health care, or generally operate any of the services Canadians can’t do without, you must protect your systems. Monitor your networks. Apply mitigations. I urge Canadian critical infrastructure organizations to review the Cyber Centre’s Cyber Threat Bulletin: Cyber Threats to Operational Technology and follow this advice: Isolate CI components and services from the internet when under imminent threat, such as a ransomware incident or denial of service attack Use secure administrative workstations to separate sensitive tasks and manage administrative privileges and accounts Implement network security zones to control and restrict both access and data communication flows to certain components and users Test manual controls to ensure critical functions can operate if your network is unavailable Identify, separate, and monitor your information technology (IT) and operational technology (OT) networks Test OT, including industrial control systems (ICS), as part of your incident response plan to ensure critical functions can operate during an outage or cyber incident Protect your organization against denial-of-service attacks The Cyber Centre shares valuable cyber threat information with Canadian critical infrastructure and government partners through protected channels. This vital information includes indicators of compromise (IoCs), threat mitigation advice, and confidential alerts about new forms of malware, and other tactics, techniques, and procedures used to target victims. It’s the kind of information you can use to protect your organization. In addition to the advice above for critical sectors, the Cyber Centre urges Canadian organizations to take note of the following cyber security guidance:   Joint cyber security advisory on Russian state-sponsored and criminal cyber threats to critical infrastructure The Cyber Centre’s Top 10 IT security actions to protect internet connected networks and information including to Consolidate, monitor, and defend Internet gateways; Isolate web-facing applications; segment and separate information; protect information at the enterprise level; and implement application allow lists The Cyber Centre’s Top 10 IT security actions Joint Cyber Security Advisory Technical approaches to uncovering and remediating malicious activity Review perimeter network systems to determine if any suspicious activity has occurred Review and implement preventative actions outlined within the Cyber Centre’s guidance on protecting your organization against denial of service attacks Report any cyber incidents to the Cyber Centre You are the first line of defence in keeping your organizations, and Canadians, safe from cyber threats. Together we will help keep Canada safe https://www.canada.ca/en/communications-security/news/2023/04/statement-from-the-minister-of-national-defence--cyber-threats-to-critical-infrastructure.html

Cybersecurity experts aren't surprised by the revelation contained within a package of leaked U.S. intelligence documents suggesting Russian-backed hackers successfully gained access to Canada's natural gas distribution network.

YOU WANT TO STRENGTHEN YOUR CYBER-RESILIENCE AND LEARN MORE ABOUT BEST PRACTICES FROM YOUR COLLEAGUES IN THE AEROSPACE INDUSTRY, COME AND PARTICIPATE IN OUR BEST PRACTICES SHARING CIRCLES. GOALS The aerospace industry attaches paramount importance to the sector's cyber resilience. Security and continuity issues are at the heart of concerns. Help companies obtain information on best practices in cybersecurity Promote the sharing of best practices between participants Discuss the challenges of the sector For more details and to register, please download the attached file