Security
December 21, 2012

A path for securing critical infrastructure

Protecting critical infrastructure from cyber threats is the shared responsibility of the federal government, the provinces and territories and the private sector. Yet information sharing between these groups is weak and established processes for working together are few.

Canada’s critical infrastructure elements include societal basics such as water, transportation, energy and telecommunications services. Most are owned by the private sector or by municipal, provincial or territorial governments, and much is connected to other critical infrastructure systems.
 
The recent 2012 Fall Report of the Auditor General of Canada states that cyber threats and electronic attacks through the Internet have been increasing in frequency and severity. The federal government is concerned that the cyber threat environment is evolving more quickly than its current ability to keep pace.

The federal government is making progress in its efforts to lead and coordinate the protection of Canada’s critical infrastructure from cyber threats. In 2010 it announced the Cyber Security Strategy and the National Strategy and Action Plan for Critical Infrastructure; however, the Auditor General reports that the government’s ability to detect emerging threats and share related information among all stakeholders could be improved.

Similarly, Symantec’s 2011 Global Critical Infrastructure Protection (CIP) Survey indicated that critical infrastructure providers around the world are less engaged with their government’s CIP programs, less worried about the threats, and less ready to withstand attacks than previous years.
 
The Symantec data showed that just 35 percent of Canadian respondents rated themselves as “completely aware” of their government’s CIP programs, with only 30 percent saying that they were actively engaged in one of these programs. When asked to voice their opinion about government-sponsored CIP programs, 50 percent of Canadians chose “neutral” or “no opinion.” Further, just 55 percent of Canadian respondents said they were willing to cooperate with government CIP programs.

Dangerous complacency
A perceived decrease in attacks may have created a false sense of security for Canada’s critical infrastructure providers. The 2011 survey also revealed that organizations were experiencing fewer threats than they did the year prior. Overall, just 37 percent reported being attacked in at least one manner, versus more than 50 percent the year prior.  

Symantec has monitored a global decrease in the frequency of “spray and pray” style SPAM and phishing tactics; however, the company has also noticed a marked increase in both frequency and sophistication of targeted attacks.

What is most disturbing is the rise of targeted attacks against small- and mid-sized businesses, presumably the weak link in the supply chain leading to a more desirable critical infrastructure partner.

What now?

Canadian companies and organizations of all sizes, especially those that are a critical infrastructure provider or are within the supply chain to a critical infrastructure provider, could stand to adopt a more proactive approach to protecting themselves against cyber attacks.

This can be accomplished in a number of different ways, including the following:

  • Develop and enforce IT policies and automate compliance processes;
  • Protect information proactively by taking an information-centric approach to protect both information and interactions;
  • Manage systems by implementing secure operating environments;
  • Protect the infrastructure by securing endpoints, messaging and web environments;
  • Ensure 24×7 availability;
  • Develop an information management strategy that includes an information retention plan and policies;
  • Develop and implement patch remediation policies and procedures; and
  • Develop and implement policies and procedures related to mobile devices and BYOD.

Canada’s governments should ensure their own infrastructures are as impenetrable as possible. In addition, they can engage participants in critical infrastructure protection programs as follows:

  • Continue to put forth the necessary resources to support critical infrastructure programs;
  • Partner with industry associations and private enterprise groups to share information and raise awareness of CIP organizations and plans; and
  • Emphasize that security is not enough. Governments should educate critical infrastructure providers and enterprises that their information must be stored, backed up, organized, prioritized, and that proper identity and access control processes are in place.

By establishing more robust policies and procedures to protect against critical infrastructure cyber attacks, and ensuring regular engagement between industry and the government, threats can more readily be identified and eliminated.


Sean Forkan is country manager for Symantec Canada, where he helps to secure and manage an information-driven world (Sean_Forkan@symantec.com).

About this author

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

Security
 
For a few years now, there’s been a throwaway metaphor bounced...
 
According to a 2018 study led by Dr. Michael McGuire, Senior...
 
Cloud technology is a game changer! Successful implementation in both the...
 
For over two days at the end of January this year,...
 
Earlier this month I had the privilege of testifying as an...
 
Canadian Government Executive Media, (CGE) publisher of Canadian Government Executive magazine...
 
In the last few years, we’ve seen various federal governments warning...
 
Canadian Government Executive is excited to announce the agenda for TechGov...
 
In the wake of the WannaCry outbreak, corporate executives, IT professionals,...
 
Facebook Pages can be an essential tool for businesses and charities,...
 
Cybersecurity professionals have sounded the alarm for years, and they are...
 
CBC deserves full credit for exposing the presence of IMSI catchers...
 
Security professionals have an obligation to communicate risks and recommendations to...
 
Over the decades, technology has been grafted into governments around the...
 
In this episode, J. Richard Jones talks about being candid about...
 
Criminals have reportedly threatened to take over 250 million Apple accounts...
 
In this episode, hear more about how Canada is a prime...
 
While the incoming administration of President-elect Donald Trump is being buffeted...
 
In the world that we are living in today, free and...
 
The RCMP adopted a new media strategy earlier this month by...
 
What would tomorrow’s cybersecurity look like? That’s an intriguing question to...
 
Terrorism operates with deadly regularity. In June 2016, a gunman who...
 
Just as the federal government has begun consultations on cyber security,...
 
Efforts by the government to counter the radicalization of young Canadians...
 
Canadian healthcare organizations and businesses in the financial industry are the...
 
Global market trends are accelerating to increase the pressure on commercial...
 
A recent report suggests several strategies how governments and the private...
 
The latest information from IBM Cloud covers: Consolidating Complex Environments Consolidating...
 
IBM Cloud is the first cloud provider to use Intel TXT...
 
Signaling a realignment of Canada’s involvement with NATO, Prime Minister Justin...
 
United States President Barack Obama, speaking before Parliament last night, urged...
 
Yes, according to the former head of the Canadian Security Intelligence...
 
Early this morning, Philippine police confirmed that the severed head found...
 
The challenge is clear: a fast-paced industry pressures organizations to simultaneously...
 
As populations grow and age, the demand for services increases. As...
 
The agency responsible for safeguarding the Pentagon and several other buildings...
 
By Michael Murphy Not all assets can and should be equally...
 
Government agencies, international businesses, as well as, European organizations that comply...
 
The Royal Canadian Mounted Police (RCMP) is poised to launch an...
 
One of Canada’s largest integrated oil companies said it is not...
 
Associates of Russian President Vladimir Putin, the king of Saudi Arabia,...
 
Now more than ever, organizations in both the public and private...
 
The Federal Bureau of Investigation announced that it has managed to...
 
IT organizations, especially those in healthcare facilities and government institutions that...
 
Last year, the Canada Revenue Agency rolled out a pilot program...
 
Strong cryptography is clearly required to protect sensitive government, business, and...
 
As the battle between the FBI and Apple continues to escalate,...
 
“I don’t think that backdoors into encryption is going to increase...
 
Hackers are zeroing in on users of SSL/TLS encryption and no...
 
Meet Bob Heart.  He is an outstanding employee who works hard...
 
The CEO of Google Sundar Pichai has come out in support...
 
A new study released yesterday, Securing the C-Suite, Cybersecurity Perspectives from...
 
Application, operating system, and device logs contain essential security information, but...
 
Yesterday, Ontario Supreme Court Justice John Sproat ruled that the Peel...
 
I wrote about accountability more than a year ago. Recently, a...
 
Intelligence agencies have had widespread and long-running programs to gather, analyze...
 
What concerns me is whether or not we’ve got the balance...
 
One of the consequences of the Information Age in which we...
 
In March of 2011, the east coast of Japan was rocked...
 
BYOD is hot! But is it for you? If yes, which...
 
Protecting critical infrastructure from cyber threats is the shared responsibility of...
 
In numerous interviews with senior military commanders over the past several...
 
In early February, James R. Clapper, the U.S. director of national...
 
The widespread adoption of mobile devices as enterprise-level tools is occurring...
 
CGE Vol.13 No.2 February 2007 Public security, once a task relegated...
 
CGE Vol. 14 No.4 April 2008 In recent years, policy makers...
 
L’univers de la sécurité des TI évolue rapidement. À mesure que...
 
The world of IT security is rapidly evolving. As quickly as...
 
Cyber attacks don’t have to look highly sophisticated. Hackers are purposely...
 
The announcement regarding the establishment of Shared Services Canada (SSC) was...
 
There was probably a day in spring of AD 72 that...
 
The changing face of public and personal privacy in the face...
 
What role should governments and public servants play in safeguarding personal...
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
For a few years now, there’s been a throwaway metaphor bounced...