|
|
| Government cyber protection unit meets SMBs halfway |
May 2, 2005 |
By Danny Bradbury
When national enemies are countries and war zones are physical, the engagements are straightforward. But when enemies are individuals fighting in a virtual battleground, new measures must be taken. To combat cyber terrorism and cyber crime, Canada has established the Canadian Cyber Incident Response Centre (CCIRC), designed to help monitor threats to Canadian computer systems and networks, and to manage recovery if a threat should occur.
The new agency, established in February, operates under the Government Operations Centre, part of Public Safety and Emergency Preparedness Canada, a government department set up in 2003. It fulfills part of the government’s National Security Policy, published last year.
The CCIRC straddles the private and public sectors, said its director, Julie Spallin. In addition to having responsibility for federal government systems and networks, it will primarily focus on private-sector companies that are part of the critical national infrastructure, including telecommunications, banking and finance, utilities and transportation. “We will provide monitoring and analysis, coordinated responses, warnings and technical advice,” Spallin said, adding that the centre will also advise provincial governments. The CCIRC would have been helpful during the eastern seaboard power outage of August 2003, for example, which also affected other parts of Canada, as bringing systems back online in that type of situation is a challenge.
What does this mean for smaller businesses which don’t directly contribute to the national infrastructure? “We’re making the best effort we can by taking warning data and putting it publicly on the Web site, pushing it out to people who can do something about it. Then businesses can pull the information off,” she said. The CCIRC Web site provides news of some of the latest vulnerabilities and data on how to resolve them.
SMB RESPONSE
But will they visit the site? Many small businesses, especially those that view IT as simply a means to an end, are unlikely to check in with the CCIRC every week. Meanwhile, they are still susceptible to some of the biggest cyber threats facing individuals and small companies, including Internet scams such as phishing and Trojan horse programs designed to tie a PC to a botnet — a network of PCs controlled by hackers used for spam and launching attacks on other computers.
Spallin said the CCIRC will provide assistance to the RCMP as required to help advise on these issues, unless “there’s somebody already out there providing that service. That’s our preferred approach,” she said. “The ISPs have started to take a more proactive role in terms of sending out warnings to their users.”
Vince Robert, an associate partner at consultancy firm Accenture, who focuses on the Canadian government and security, said while the CCIRC can be useful in disseminating information, businesses must meet the authorities halfway when it comes to protecting their computer systems. “Increasingly, to participate in the economy, [it’s critical to understand] the appropriate measures,” he said. “My recommendation is that they take heed of the available notices.”
Businesses may wonder why they shouldn’t simply turn to a private-sector vendor such as Symantec, which has a network of security operation centres around the world monitoring the Internet minute by minute. “Symantec is on a contract basis with a number of companies and they’re doing raw data monitoring of what’s going on. That’s helpful at the business end. We’re up a level from that,” Spallin said. Instead of mining those vast volumes of raw data, the CCIRC will work with other national agencies in Australia, the U.S. and the U.K., to identify vulnerabilities around the world.
The CCIRC has also signed up to Microsoft’s Security Cooperation Program (SCP), an initiative recently developed to help governments protect their systems by providing 24/7 access to Microsoft technical experts. However, John Weigelt, chief security advisor for Microsoft Canada, said Microsoft will only volunteer information on vulnerabilities for which it has produced solutions. One of the big issues facing Microsoft is disclosure. If an independent security expert privately points out a system flaw, the company will not publish information about the flaw until it has fixed it. This helps prevent nefarious types from knowing about an open Internet hole. On the other hand, some cyber criminals are more experienced in discovering and sharing information about such flaws themselves.
They find a back way into the system without the CCIRC knowing about it.
In the meantime, private sector companies are producing solutions that attempt to block suspicious activity by analyzing behaviour, rather than trying to plug specific security holes using software patches.
It is still early days for the program and the Canadian government is the first signatory for the fledgling Microsoft SCP initiative. Small businesses can use the CCIRC site together with information about the latest threats, but antivirus software, proper system settings and plain common sense are always the best defences. The true measure of the CCIRC’s capabilities won’t happen until the next big systems-related disaster hits Canada.
Web security
CCIRC http://www.ocipep.gc.ca/ccirc/index_e.asp
|
|
|
| Top 300 Issue |
 
|
| Gadget of the Week (Canadian) |
|
Boost your cell
ARC Wireless Freedom Blade
Mobile data and voice are great, as long as the signal is strong. And while mobile networks are pretty good these days, road warriors quickly discover that dead zones still exist.
more>>
|
| Gadget of the Week (Japanese) |
Sounds of Japan
Why record just the visual when you can capture the sounds as well.
more>> |
| Backblog RSS feed |
Click to subscribe  |
|
sponsored by 
