By one rough count there were 61 publicly reported data breaches or exposed personal records in Canada last year, led by the 45 million-record hack of car and technology forum siteVerticalScope Inc. That doesn’t include unreported breaches
Among the groups trying to figure out a proper response to never-ending rise of such attacks is the Canadian Association of Chiefs of Police (CACP), whose departments get called for help from victim organizations and citizens.
Now the chiefs have formed partnership with the Canadian Advanced Technology Alliance (CATA), creating an eCrime Cyber Council to advise the chiefs’ cyber crime committee on technology and government policies to fight cyber crime.
The goal, according to both parties, is to create approaches “that will make Canada a world leader in addressing the threat and harm of cyber crime.”
“It’s a struggle that all chiefs of police across Canada – if not other in parts of the world — are dealing with: The severe high volume of digital crime, and what’s the best approach for governments in how to prevent it and address victim support,” Deputy Chief Scott Tod of the North Bay, Ont., Police Service, a co-chair of the council, said in an interview.
“We can advise and support CACP with advice and possibly some expertise that would in developing a national, provincial and regional responses to cyber crime.” Cyber crime prevention and deterrence are among the priorities already identified. Using gamification through a mobile app for public awareness is another. Running a series of regional cybercrime workshops for local police to begin understanding: public cybercrime awareness is a third.
The joint council may also look into better ways police can get computer data for forensics from victims other than seizing their devices, Tod said.
“Most police services that provide digital forensics are swamped,” he said. “They don’t have any more shelf space for devices, they don’t have any more capabilities to examine more devices per hour … We need to have better ways to manage this problem.”
Cyber security vendors selling analytic solutions– many of whom are CATA members — can help, he said.
The joint council follows the formation just over a year ago of a police advisory council within CATA. That council now is the advisory committee to the chiefs of police.
Tod understand the significance of cyber crime. Before joining the North Bay force was a deputy commissioner of the Ontario Provincial Police and helped upgrade its electronic crime unit.
So far council, which will include police and private sector experts as well as academic and government observers, has 17 members, Tod said. He hopes it will rise to 30. He also believes it will be another 12 months before the joint council issues its first report.
One of the big problems, he admitted is defining how big a problem cyber crime is in Canada because there is no consistent reporting across municipalities. While Statistics Canada requires police forces to report incidents by classification under its Uniform Crime Reporting Survey, educating officers on how to do that is “a challenge,” Tod said.
The last full report on cyber crime produced by StatsCan was in 2012.
When the RCMP released its cyber crime strategy in December, 2015 the force noted that in 2013 it received over 4,400 incidents of cyber crime, up 40 per cent over 2011.
The worst e-crime incident Todd in North Bay was a small business victimized by ransomware about a year ago. The company didn’t initially report it to police, he adds. “Ones that are reported to us generally involve a phishing attempt, some type of account take over. Ransomware, they don’t get reported if the small business is willing to pay the ransom … And that’s one of the things we have to look at as a cyber council: The best way to approach those types of incidents, especially ransomware where police may seize their data and equipment and render a small business unable to work.”
Meanwhile Tod said the chiefs are waiting for the federal government’s new national cyber security strategy, which may be announced this year after Ottawa conducted a public consultation last fall.
He would like to see Canada follow the U.K. lead and create a national cyber security centre, a unified source of advice and support to the public and private sector on cyber security, including the management of cyber security incident