Canada under attack by Chinese: Beefing Up CyberSecurity
Canada plans to beef up defenses against cyber hackers as many Canadian companies have reported being hacked by the Chinese. The Canadian government will spend an additional $155m CAD over five years to strengthen its response center for deailing with cyber threats in the private sector and to improve the security of government communications, said the Public Safety Minister Vic Toews.
This announcement came on the heels of Minister Toews department announcing that a recent cyber attack occurred against both a Canadian energy company and a manufacturer of the software used by energy firms to manage their SCADA environments.
While the U.S. is extremely concerned with Chinese cyber espionage, the Canadian government is more concerned about the risk of a power outage.
The announcement came less than a month after Toews’ department acknowledged a pair of cyber attacks on a Canadian energy company and on a manufacturer of software used by energy firms. The government declined to comment on reports that suggested a Chinese connection.
“Keeping our cyber networks and infrastructure secure and resilient is one of the most challenging issues facing our government, our citizens and our allies,” Toews told a news conference at a technical college in Ottawa.
The Canadian government is cautious about naming China as the source and most interestingly, the Chinese state-owned CNOOC Ltd. has placed a $15.1B bid to buy the Canadian oil producer Nexen Inc, which requires Canadian government approval.
Toews said strengthening the provisions of Investment Canada Act, which governs foreign takeovers of Canada companies, may be a possibility.
“This is a constant struggle because of the nature of technology and how quickly technology is evolving, so we are certainly looking at all possibilities when we look to further buttress our secure mechanisms,” he said.
This new source of funding adds to the previously allocated $90m CAD, so you are looking at a budget of $245m CAD and we at CDM expect this to continue to grow over the next five years, as attacks continue to outpace defenses.
SOURCES: CDM, RUETERS, PM.GC.CA
Cyber Crime Costs in South Africa on the Rise
It is estimated that R25 billion of government’s annual procurement budget is lost to corruption and other factors. Cyber crime is fast becoming a serious and costly threat in South Africa where there are 6.8 million Internet users and 341 organised crime groups.
Craig Rosewarne, managing director of Wolfpack, a local company focused on information risk research, training and awareness solutions, told delegates at an information security seminar organised and hosted by enterprise software specialist NetIQ that the Internet is being used not only for good, but also for evil.
An EMEA director of the SANS Institute, which is a global leader in information security and forensics training, Rosewarne said a comprehensive study of cyber crime has been conducted in South Africa, which helps to shed light on some of the challenges facing the country.
The most vulnerable victims of cyber crime are the elderly, children and people living on the poverty line, who, if scammed, have little chance of recovering the loss. Rosewarne also warned of the dangers of sharing too much personal information on social networking sites, as it was easy for criminally minded persons to track down and take advantage of people and their families.
“Not much progress has been made to stifle cyber crime in South Africa. The Department of Communications recently published a cyber security policy framework, which was signed off in parliament at the beginning of 2012, but many challenges still lie ahead,” said Rosewarne.
Through research funding received from the British government, a comprehensive cyber crime report was completed at a national level for South Africa, following models used within the US, the UK, Brazil, Russia, China and 10 other African countries.
“Recommendations have since been made to a spread of key people in government, banks, telecommunications and mobile service providers. Universities and industry bodies were approached for input and the final report truly represents the state of cyber security in South Africa. Over 400 gigabytes of data were analysed to generate the final report, which is freely available for download off the Wolfpack site.”
For organisations, a “security thermometer” based on pertinent questions regarding cyber threats was created and key elements of cyber crime in major countries were summarised, resulting in the identification of the top five cyber threats for government and business, as well as initiatives to deal with these threats.
Rosewarne said the key issues are to prevent, detect, investigate and prosecute. Others include threat management, skills and technical training for the police and prosecutors, and general awareness because there were weak detection mechanisms in most sectors generally with the exception of the banking industry, which has established good security systems to counter fraud.
South Africa has no national computer security incident response team (CSIRT) and Rosewarne stressed that cross-industry collaboration and improved, streamlined processes are required to fight cyber crime.
“Smaller cases are neglected and there is a lack of cyber crime statistics. Legislation also needs revision and updating as cyber crime cases are diluted with common law so that only five to 10 percent of cases reported ever get to court.”
Initiatives that have been proposed include cyber threat research and the establishment of a national cyber crime framework and academy to overcome the shortage of deep specialist skills. Rosewarne said there is insufficient regulation on creating the required skills; an elite team of experts is needed and there is an initiative under way to encourage universities to create courses focused on combating cyber crime and boosting baseline skill levels.
“Currently, we are in reactive mode and the weakest link in most companies is security awareness, planning and implementation. Critical security controls are essential for effective cyber security and we should be considering a co-ordinated centre to assist companies that are attacked by cyber crime.”
SOURCES: NETIQ (NOVELL)
UK Cyber Crime Costs Growing – Establishing Cyber Crime Center
A Ministry of Defence-initiated report has put the cost of cybercrime to the UK at over £11bn per year. The report is available here: http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf
UK Foreign Secretary William Hague has said the UK government will spend £2 million on the establishment of a cyber crime center. The BBC reports that this new center will tackle the issue of cyber crime, utilizing a network of eight universities already involved in the research of cyber crime.
Hague made the revelation while speaking to delegates at the Budapest Conference on Cyberspace. TechWeekEurope writes the Centre for Global Cyber-Security Capacity Building will rely on governments, researchers, think tanks and the private sector and will aid the UK in its effort to become a central aspect of international cyber crime coordination.
Hague emphasized the importance of nations working together to combat cyber crime. Indeed, the UK’s cyber crime center will also be in a position to offer other countries assistance in dealing with issues relating to cyber crime. EU Foreign Affairs Chief, Baroness Ashton, was also present at the conference and said that the EU will release its own cyber security strategy in the coming months.
SOURCES: BBC and GOV.UK
