The information technology (IT) sector has a role to play alongside government and law enforcement agencies to protect the country’s critical infrastructure against cyber threats, said RCMP corporal Timothy Cooke at the CIPS Informatics conference this week.
“In the past few years, we’ve discovered that critical infrastructure is pretty vulnerable especially considering our reliance on it,” said Cooke.
That critical infrastructure includes telecommunications, transportation, financial services, and public health.
The corporal’s keynote to an audience of IT professionals in Halifax, Nova Scotia, was more of an awareness campaign around how and why the IT sector should contribute to preventing and combating cyber threats.
He also spotlighted the London, Ont.-based Integrated Technological Crime Unit (ITCU) that investigates computer-related crimes – not unlike the television show CSI “except it takes longer than 45 minutes to solve the crime.”
He said while government needs to modernize and keep up-to-date security and privacy legislation, the IT sector needs to be more forthcoming with information they have on any security activity or problems concerning their business.
According to Cooke, companies generally don’t like to spotlight security issues for fear of appearing vulnerable or incapable of providing secure services to customers.
Chris Kendrick, senior systems analyst with Halifax, Nova Scotia-based xwave, agrees that improved collaboration between the IT sector and law enforcement will facilitate RCMP investigations into computer-related crime.
“If you’re looking to detect a crime in a standard investigation, you have to know what the trends are to predict where it’s going,” said Kendrick.
He, too, thinks a roadblock to collaboration is that companies don’t want to hurt their corporate brand by publicly reporting security issues.
But members of the IT industry, he added, have an ethical responsibility to assist.
Daryle Niedermayer, IT instructor at Newfoundland-based College of The North Atlantic, thinks that IT should definitely be that “important force” in ensuring infrastructure security on a preventative basis and in the event of crisis. However, he said, there first needs to be a legal foundation to ensure people’s rights are protected in the process.
There is one Halifax-based organization, said Cooke, which divulges security log reports daily to the ITCU, in an effort to help law enforcement understand and anticipate cyber threats.
“Even though it hasn’t specifically been a criminal offense where information has been stolen or mischief or damage has been caused, that kind of information is important for us to be able to track what is happening out there.”
Cooke spoke of a national strategy developed by the government that will assess security risk and create business continuity plans within four sectors: energy and utilities, communications and IT, health, and transportation.
Given these particular sectors are technology based, he said, they require added security attention.
Without divulging too much, Cooke said part of the strategy will also be to maintain up-to-date security systems, and bolster the employee hiring process by introducing additional screening steps.
“We’re hoping that strategy will influence others in the private sector to realize one of the vital areas of your workplace is your employees.”
Cooke hopes spotlighting critical infrastructure security risks will be an “eye opener” for the IT sector, and reinforce in members of the industry that everyone is responsible for the safety and security of information.
The government has taken the right approach, according to Niedermayer, to first focus on those sectors that have the most at stake, and in some cases, on issues more easily identified and addressed.
Kendrick said the focus on securing critical infrastructure across four sectors is “bang on.” Since these areas are generally interrelated, benefit will eventually be reaped by all.