Learning from the Canadian government’s network security

February 23, 20184 Minute Read

You thought the cold war was over, right? Think again.

There’s another war happening right now, but it doesn’t involve secret agents, dead drops, or microdots. Instead, it’s happening quietly on the internet, and Canadian government’s network security is to blame. State-sponsored cyber attacks on the Canadian government are common, but they’re even more common than you might think: There’s a secret cyberwar being waged between nations—and everything from personal information to commercially sensitive intellectual property is at stake.

The Communications Security Establishment (CSE) is Canada’s version of the NSA and GCHQ. It employs secret cyberpros who monitor the internet for digital intelligence, but these days, the CES reports that the Canadian government’s computer networks are under constant attack. They’re frequently targeted by attackers working for other governments around 50 times each week and at least one of them proves successful.

The report, issued in October 2017, said that Canadian networks experienced over 2,500 state-sponsored “cyber activities” each year between 2013 and 2015. That’s a lot of digital door-rattling. In October 2016, CSE also told parliament that it detected 4,571 successful cyber attacks on federal systems in 2016.

Answer the who, what, where, why, and how

Who are these attackers, what are they doing, and how can governments protect against them? It’s difficult to attribute an attack on network security to a specific government, because smart hackers can make their attacks look like they came from somewhere else. Nevertheless, in 2014, Canadian government officials singled out China as the source of a cyber attack on the National Research Council of Canada (NRC).

Intellectual property is often a target in state-sponsored attacks, and though Federal officials didn’t release details of the attack, they admitted that “any information” could have been compromised during the intrusion. Private briefings from the CSE analyzed the NRC’s network for weak spots and found several howlers—including the operation of cross-country networks outside the federal government’s secure network perimeter. Employees were also able to access information on an ad hoc basis in different ways.

In total, the total costs to mitigate this breach landed at CAD$100 million, and the head of IT security at CSE called it “catch-up money” in a 2017 interview about the NRC’s network security.

Improve your network security

What can the Canadian government do to improve their cybersecurity efforts? One approach to ward off attacks is to make cyber foreign policy agreements. In 2017, the Canadian government struck a cybersecurity deal with China under which neither would go after the other’s intellectual property in cyberspace.

That’s a nice idea in theory, but state-sponsored hacks depend on plausible deniability. Governments try to make it look like they weren’t behind an attack—that makes these agreements difficult to police. In any case, the agreement only covered the private sector, not government networks.

The best protective measures—for both the Canadian government and your business—are preventative and technical, and target network security policy. For instance, protecting endpoint devices that are often overlooked in networks will tighten your overall IT security. These endpoints include not just PCs but also printers. The NRC realized this and effectively ripped up its IT infrastructure, replacing 4,000 laptops and 180 printers as part of its remediation effort.

The CSE outlined other network security policy measures, including simply using the government’s Shared Services Canada (SSC) internet gateways. In its report, it called out the NRC for not following this basic advice. Other measures it recommends include investing in classified infrastructure to support secure communication between departments.

Measures like these can prevent attacks on government networks, but preventing all attacks is unrealistic. Instead, governments and businesses alike should invest in detecting these attacks and then mitigating their impact by properly responding to and recovering from them.

Don’t be afraid to share your experience

The Canadian government is getting better at preventing cyber attacks, the CSE claims, adding that successful attacks have decreased recently. It points to communication and information sharing as key practices. Experts in other government departments criticized the NRC for keeping information about the state-sponsored hack secret—not sharing information about cyberthreats and successful attacks leaves other departments unprepared when hackers come knocking.

The Canadian government needs to be more collaborative, calling for clear policies around exchanging information, not just between government departments but between the private and public sectors, too. In other words, officials need to talk to each other, and your IT team should also share any advice and experiences with collaborators to foster a safer business IT environment across the board.

If the left hand knows what the right hand is doing, they can work together and deliver nefarious state actors a quick one-two punch. Learn from the mistakes of the Canadian government, and take a page out of their book when it comes to building better IT security. The world is a dangerous place, and we need to band together in this cyberwar against hackers.

Jasmine W. Gordon August 10, 2018 4 Minute Read

SMS phishing: The lazy hacker’s weapon of choice

Follow these mobile security strategies to prevent you and your employees from falling prey to the lazy hacker's game: SMS phishing.

Danny Bradbury August 9, 2018 3 Minute Read

Don’t fall prey to black-market printer supplies

Printer supplies like ink cartridges are more lucrative than you think—so much so that there's a black market for them. Here's what you need to know.

Rose de Fremery August 8, 2018 4 Minute Read

Outfox cybercriminals with these hacker prevention tips

Hacker prevention gets trickier every day, so protect your business by getting up to speed on the new malware infiltration methods hackers have devised.