Cyber-attacks. From the public perspective, where its a frequent headline, we’re nearly immune to the term. But to corporate and government security operation centres, it’s a constant tactical headache – a monumental challenge to manage and mitigate surreptitious, constantly evolving threats with shrinking budgets and skills shortages.
Having to harden assets to meet all threats, with the most aggressive of attacks setting the baseline for countermeasures, it is a costly and intellectually draining endeavour even for the largest organizations with the most flexible budgets.
Globally, governments and the private sector attempt to maintain adequate security and privacy measures while the complexities of converging technologies increase and the security industry struggles to keep up. It is clear that the existing security frameworks, capabilities and legislation require an integrated, planned and comprehensive transition to meet future demands on federal mandates and global partnership alignment.
In May 2014, a preliminary study, “Cyber-Threats, Terrorism and the Counter-Terror Model,” revealed key research findings and further study areas that are being analysed and addressed in a study project, “Communicating the Threat,” launched in January 2015. It was concluded in the preliminary study that the most effective protections are devised at the strategic level and include closing gaps with communication and collaboration, revisiting sanctioned threat-risk assessment approaches with the evolution of cyber-threats in mind, and assessing cyber-threats with the same diligence as physical threats and within the counter-terror model.
Additionally, it reiterated factors we are all very well aware of but in a priority framework based on the security cornerstones of prevention, detection, response and recovery. These factors included the widening of cyber-attack target categories; the asymmetrical, constantly evolving nature of cyber- threats; and the increasing complexity of their attack vectors.
Post-exploit conditions were also a key concern where intelligence can be limited, shielded and “silo-ed” by organizations; sources not known until after exploitation, if at all; and dynamic information, tool and technique sharing between sectors is poor.
The two takeaways of priority were that analysis in hardening assets and cross-sector communication and collaboration are crucial in devising coordinated technological preventative measures and corresponding legislation – recognizing that public and private sector networks are not isolated assets and their securitization of no consequence to our national security.
Therefore, the founding vision of Communicating the Threat is to elevate Canadian government, public sector and industry jointly as strategic leaders in cyber-security in order to combat threats through collaborative partnerships, information sharing, comprehensive analysis and agile, up-to-date approaches.
To attain this, the study focuses on three areas of interest to federal and public security and policy:
1) Examining cyber-security within the counter-terror model and the need to treat cyber-threats with the same focused inter-dependencies and capabilities as physical threats by malicious actors;
2) Examining the current state of cross-sector communication and collaboration and the development of a proposed collaborative partnership framework with government, the private-sector and security industry; and
3) Examining threat/risk assessment approaches, including guiding industry standards, their effectiveness and areas for improvement.
By conceptualizing cyber-threats in the federal counter-terror model, cyber-threats are recognized as having a degree of harm, as well a financial implication, and that emerging cyber-threats can have an impact on public safety and security. Securitizing data and assets with the complexities of converging technologies at the forefront, enables progress initiatives such as communication and collaboration, thereby benefiting the security and privacy of federal and public data and assets and aligning Canada with global partners and allies.
The value of establishing a framework for communication and collaboration between trusted partners in government, the public sector and the security industry, and for timely and relevant information sharing and intelligence analysis allows immediate hardening of assets of partners, increased agility in response and remediation – dissemination can directly impact the viability of the malicious threat’s command and control.
Communication and collaboration can prove to be the most effective and directly defensive action that can shorten the lifespan of a malicious threat, protect peripheral assets and partners, and reduce overall security expenditures related to exploit and loss.
Analyzing long-standing, widely used threat/risk assessment approaches, standards and guidelines that are used to mitigate the risks of current cyber-threat behaviours and projected evolution, can reveal gaps and propose a whole solution instead of piece-meal improvements. This recognizes that threat/risk assessment approaches and tools are the cornerstone of establishing prescriptive countermeasures and safeguards and if there are deficiencies in the analysis or the analysis is not sufficiently performed, prescriptive countermeasures and safeguards will be ineffective or limited in their shelf-life.
As a whole, these three areas aim to improve the security and privacy of federal and public data and assets, reduce or ensure effectiveness of security expenditures and institute lateral partnerships thereby replacing “silos.” The result is better alignment with global partner mandates and the entrenchment of cyber-security into public policy and federal mandates that sets the foundation for legislative change where needed.