Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Using analytics to identify cyber threats
SECURITY

Using analytics to identify cyber threats 

 “I don’t see Canada spending enough on cyber defence…it’s still a hodge-podge, duct tape approach. There’s a definite need for a cyber-strategy review,” said Ray Boisvert, who built a 30-year career in both operational and executive roles with CSIS before retiring as its assistant director if intelligence in 2012. Since then, Boisvert has become the president and CEO of security firm I-Sec Integrated Strategies and more recently senior associate at Hill and Knowlton Strategies Canada.

“The country’s cyber defence budget is very, very small compared to that of conventional warfare,” he laments.

Boisvert also says there’s a glaring lack of strategy and clarity of who is responsible for what when it comes to preventing and dealing with cyber-attacks leading to the impressions that Canada has been “a little complacent” and adopting a “stand by and watch other” posture on cyber.

Automation and analytics

There has never been a time in history as today, possession of information is so critical to the defence and survival of a nation and yet Canada’s ability to gather and analyze data which could help identify the potential cyber threats remain in the “rudimentary stages” at best, warns Boisvert. “Right now, one gap is that many agencies still rely on fairly traditional resources (for gathering data).”

This is where automation and advance data analytics can help boost cyber security capabilities, according to Sheldon Shaw, a public safety and defence specialist with software company SAS Canada, who previously held an executive position at the Communications Security Establishment of Canada and was also formerly an assistant director of intelligence at CSIS where he specialized in computer and weapons of mass destructions issues.

“Analytics has been around for so long, but has not yet been extensively applied to security,” he says. “Now we have the data analytics tools that can help defence agencies crunch through the tons of data coming from various sources.”

RELATED CONTENT

The government is giving Canadian cyber security a makeover

Less than half of Canadians believe they are winning the cyber security war

For example, predictive modeling uses analyses of behavior patterns to develop predictive assessments that are critical for proactive defense. Social network analysis allows agencies to uncover hidden relationships and link known entities through a network that can then be analyzed and exposed.

Rules-based algorithms alert officials if employees attempt to access files above their clearance levels, while anomaly detection systems flag peculiar employee actions such as downloading unusually large amounts of data, working abnormal hours, and accessing areas of the building that are irrelevant for their jobs.

“I think there is a technological gap and lack of awareness, not necessarily lack of understanding,” Shaw said.

Re-think and re-tool

Beyond “keeping the lights on,” the defence establishment needs a strategic re-think and a realization of what are the tools it needs to address cyber threats it will face for 2020 and beyond, he adds.

In his recent essay on cybersecurity for the Canadian Global Affairs Institute, Major-General John Adams (Ret’d) traced Canada’s cybersecurity gaps to the fact that “cyberattacks were not on the table” when the existing cyber strategy was being mapped out.

“The government of Canada has responded to cyber exploitations with its Cyber Security Strategy.11 Published in 2010, the strategy is noteworthy for the fact that it limits itself to strengthening the government’s capability to detect, deter and defend against cyberattacks while deploying cyber technology to advance Canada’s economic and national security interests.” He wrote. “It did not militarize cyber security, it was limited to specifying that the Canadian Armed Forces were to strengthen their capacity to defend their own networks, work with other government departments to identify threats to their networks and possible responses, and continue to exchange information about cyber best practices with allied militaries.”

Adams also noted that a more aggressive approach “would have been ill-advised in 2010” because the concept of cyber war had not yet sufficiently matured:

However, he says, a lot has changed since 2010 and cyberspace has “become the centre of gravity for the globalize world” embracing economic, financial, diplomatic and military operations.

Today, he said, cyber war means disrupting or destroying information and communications systems in order to threaten a state’s sovereignty as well as gathering as much information about an adversary while keeping that adversary oblivious to the data gathering.

Should Canada go on the offensive?

This appears to have been the case with recent controversy over the hacking by threat actors believed to be based in Russia of the Democratic National Convention computer systems in the U.S., according to Boisvert.

“They (hackers) were in the network for years and the investigators couldn’t find a trace of the APT (advanced persistent threat), he said. The latest trends in cyber security indicate that traditional cyber security tools such as firewalls are no longer enough.

Should Canada adopt a defensive or offensive cybersecurity posture?

Shaw says cybersecurity encompasses, protecting, defending and attacking. “We should start adding attack to our language.”

Where can Canada turn to for effective models to follow?

Boisvert said Canada should look to Estonia, one of the first nations to experience a cyberattack. In 2007, web site of Estonian organization, including the Estonian parliament, banks, ministries and media were swamped by distributed denial of services (DDS) attacks following the breakout of the country’s disagreement with Russia.

“Since then, Estonia has worked hard to strengthen its cyber defences,” he explained. “They have one of the most effective security certificates, digital ID systems and one of the most resilient networks around.”

Related posts