SecTor 2013: Canadian CERT team about to officially launch

A group of Canadian IT security professionals hopes to officially set up a national computer emergency response team (CERT) network next month that will run round the clock.

A number of countries have CERTs, which act as warning system to spread news to the private sector and governments about cyber attacks.

A few Canadian industries them, and the federal government has the Canadian Cyber Intelligence Response Centre for its departments and critical infrastructure industries like energy and telecommunications — but it only runs 15 hours a day.

That leaves a lot of organizations without a warning network.

Ben Sapiro, the head of security and contingency at The Dominion of Canada General Insurance Co. and one of the organizers of the effort, said legal work for incorporating the not-for-profit OpenCERT Canada service should be done shortly and a call for volunteers will hopefully go out next month.

“The CERT’s function is to act as an information clearing house during breaches to get information from victims to people who can do something about it — maybe shut down parts of the network or take a server offline,” Sapiro said in an interview Tuesday at the SecTor security conference in Toronto.

It will also be used to educate organizations and consumers about good security practices.

A call for DevOps for more secure software code
Canadians naïve to believe hackers won’t target them

Dave Lewis, another project organizer who also works in the information security practice at Akamai Technologies, said that ideally Ottawa’s response centre would be doing national co-ordination but it has decided to limit its mandate. “As a result there’s a vacuum we’ve stepped into.”

OpenCERT Canada will have someone on duty 21 hours a day (from 6 a.m. Eastern to 3 a.m.). Reported incidents are confidential.

It has been quietly operating for a few months and has already helped an Israeli company, Lewis said. It discovered malware on its network was calling server in Canada. Staffers here contacted the Internet service provider “and asked them to do something about it.”

Once the legal work has been done — which includes agreements with the volunteer responders — OpenCERT Canada will be in a position to form links with similar agencies here and abroad, Sapiro said. One of them is FIRST, an association of international CERT teams.

OpenCERT Canada’s reputation will be made among IT professionals, Sapiro said, who in many cases will be fielding the calls from the agency or making them to it.

“I think this is an excellent initiative,” Kevvie Fowler, a risk consultant at KPMG Canada who is speaking at the conference. “There really need s to be a community approach to assist the government in their initiatives. I also think there is a great opportunity for OpenCERT to learn from what the government has done in this space, their future direction and vice versa. This can strengthen both CERT initiatives and ultimately the organizations of Canada.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now