Cyber-attacks threaten Canadian individuals and companies every minute of every hour. They grow more frequent, more complex and can cause a lot of damage. For businesses with web dependencies and for Canada’s critical infrastructure (the systems, facilities, technologies, networks, assets and services that are essential to the health, safety, security or economic well-being of Canadians and Canada), the threat is exponentially greater. It is estimated that cybercrime cost businesses around the world over $400 billion last year.
The Government of Canada, like many countries, is taking these threats very seriously and has created the Public Safety Canada’s Canadian Cyber Incident Response Centre (CCIRC) to help secure the country in this digital age. With its 24/7 vigil, CCIRC is part of Canada’s first line of defence. It is also a hub of expertise for cyber security. It works in partnership with critical infrastructure organizations to protect vital cyber systems by identifying cyber risks and addressing threats quickly and efficiently, minimizing their impact.
CCIRC was originally created in 2005 to monitor federal government systems, provide advice on mitigating cyber threats to critical infrastructure and to coordinate the national response to cyber security incidents. Prior to 2010, CCIRC had fewer than ten employees to respond to incidents and publish technical reports. In 2011, CCIRC’s mandate was refocused to provide national-level cyber security coordination for systems outside of the federal government, especially Canadian critical infrastructure organizations.
In fact, CCIRC no longer monitors federal systems. This task was transferred to the Communication Security Establishment’s Cyber Threat Evaluation Centre (CTEC), a cyber defence analysis unit responsible for the detection, analysis, and assessment of cyber threat activity on nationally important networks. The CTEC uses leading edge capabilities and expertise to examine constantly growing and evolving cyber threats targeting federal government networks. Its analysis and reporting on cyber threats enables government agencies to better defend their networks. CTEC works in close collaboration with other Canadian cyber coordination centres, including the Shared Services Canada Security Operations Centre and CCIRC. In 2013, CCIRC was formally established as the national point of contact between non-federal entities and the federal government.
Today, CCIRC is staffed by a multidisciplinary team that includes cyber analysts, engineers, data specialists and engagement officers. It provides expertise to various organizations from the financial, health, energy, and utilities sectors as well as information and communications technology industries. In 2015, CCIRC provided 13.66 million notifications to victims of cyber incidents, and directly handled 1,762 incidents with critical infrastructure organizations (that is one every five hours, on average).
CCIRC closely monitors a range of information feeds, news and reports on national and global cyber security trends, as well as over 300,000 malware samples per day, looking for trends and data that will enrich its databases. To keep up, CCIRC should see its staff double in size this fiscal year, reaching near 80 FTEs.
CCIRC is a data driven organization. It capitalizes on what it collects to develop and deliver various products (reports, alerts, advisories, etc.) that are shared with partners. These products also provide technical advice to help organizations respond to and recover from targeted attacks. The information is also used to develop applications and systems to help CCIRC in the analysis of millions of cyber threats—leveraging emerging technologies to improve its own productivity. All of these products and tools then serve as reference tools and guides when addressing new cyber threats — starting the cycle again.
CCIRC gets its data from various sources, including its partners, international cyber response centers, as well as federal and international intelligence partners. Other Government of Canada organizations also work closely with CCIRC. For example, the Communications Security Establishment and Shared Services Canada provide insight on cyber events targeting Government of Canada systems; the Royal Canadian Mounted Police provides expertise on cybercrimes; and the Canadian Security Intelligence Service shares expertise on cyber espionage.
CCIRC’s success depends on its alliance with private sector and intergovernmental and international partnerships. Over the past years, CCIRC’s network of partners has grown exponentially. It has established trusting partnerships in Canada and abroad, and seeks new ones. Generally speaking, CCIRC’s work involves multiple processes that feed into each other in an ongoing operational cycle. As more data get analyzed, shared and fed back to CCIRC’s partners, they in turn provide CCIRC with more information. In addition to this, CCIRC monitors its own productivity and practices for accuracy and efficiency, using this information to continually improve its processes.
CCRIC’s mission is critical. The expertise of its highly trained and experienced staff makes it essential for Canadian organizations looking to mitigate or resolve cyber security issues. Indeed, CCIRC offers an additional safeguard for its partners: it notifies them of potential, imminent or actual cyber threats, vulnerabilities or incidents that could impact their organization. It also can provide them with advice and support to respond to and recover from targeted attacks. The relationship, of course, is mutual. CCIRC also relies on its partners to do their part in sharing cyber threat information in a timely manner.
CCIRC builds on its existing partnerships. It hosts an annual Geek Week event, an IT security workshop with peers from the cyber technical community which focuses on solving current cyber security problems faced by Canadian critical infrastructure owners and operators. During the week-long event, participants (IT professionals from the public and private sectors, and international counterparts) work together to develop innovative tools to address complex cyber issues and to advance cyber security. Some of the tools created during the last events are actually being used today by IT security specialists to process threat information. It is a unique opportunity where security experts share expertise, learn new skills and, more importantly, build trusting relationships.
“Geek Week is one of the most meaningful Canadian events that is currently held,” said Natasha Hellberg from Trend Micro, one of the IT companies that participated in the event. “It brings together individuals from a range of industries and partners to collaborate on specific and practical issues facing IT security shops today,” she observed. “Innovation can only happen through collaboration, and I’m deeply grateful to CCIRC for their efforts to build a strong community to make Canadians better protected and applaud their hard work in putting such a great event together.”
The third edition of the event and it will take place in Ottawa at the end of October. It will be the biggest event to date with some of the most reputable IT professionals working in leading technology driven organization, including many private and international CCIRC partners. It will also be the first time that this event will be organized in partnership with a University. The Technology Innovation Management program, an innovative master’s program at Carleton University in Ottawa will be this year’s partner; allowing for the participation of a select group of students and professors. This new level of partnership is strengthening the Government’s relationship with academia and helping to build Canada’s next generation of IT experts.
“Our best defence against cyber threats is our ability to work together,” said CCIRC’s former director Gwen Beauchemin. “Today’s malware is 50% different than yesterday’s, and there are not enough cyber experts to fill Canadian vacancies. By sharing information on cyber security threats and defensive techniques, experts can identify, prevent and mitigate cyber risks more effectively. CCIRC has the means to gather, analyze and share the Canadian cyber threat picture as well as partner with International counterparts to see the Global threat landscape. We are always looking to build new trusted partnerships with owners and operators of vital cyber systems to help us better protect Canada and Canadians against cyber incidents.”
As new technologies emerge, they bring many advantages for businesses, but also vulnerabilities that could undermine national security and Canada’s economy. There is a need for Canada and businesses to not only adapt to new cyber realities, but to anticipate them and be more innovative. Public Safety Canada is leading the Government’s review of Canada’s cyber security measures to fortify Canada’s approach to cyber security by being even more proactive, innovative and capable of adapting to the incessant evolution of cyberspace.
As part of this review, a public consultation on cyber security is currently underway to hear and learn from businesses, academics, experts, stakeholders, as well as Canadian citizens, students and business leaders interested in this topic. This is a broad engagement consisting primarily of online consultation, as well as some in-person engagement with existing Government cyber security networks and tables, including stakeholders and partners. The Government is looking for views and ideas on various trends and challenges of cyber security in different areas such as its evolution, economic significance and growth.
The consultation is also an opportunity to get a sneak peek and provide feedback on the Government’s way forward and some new initiatives under consideration. The information gathered will help identify gaps to be addressed and opportunities to increase Canada’s cyber security capability, resilience and innovation. It will also help to identify opportunities to carve out Canada’s competitive advantage in this field and to maximize the benefits of digital life for Canadian citizens and businesses.