Oh Canada! Canadian Cyber Incident Response Centre (CCIRC) Keeps "Banker's Hours"

[Wetcoaster]

Actually most banks are now open on more days and for longer hours.

Oh Canada indeed.

As we all know cyber terrorists are a polite lot and will only attack Monday to Friday between the hours of 8 am and 4 pm (Ottawa time), eh.

According to the federal Minister of Everything Scary and Adulterous, Vic Toews (who also stands against the child pornographers but does favour babysitters), cyber security threats are huge potential problem so why are they not being monitored 24/7 as was promised when millions upon millions of dollars were allocated to set up and operate the Cyber Incident Response Centre (CCIRC) in Ottawa?

Well in off hours an on-call CCIRC employee is provided with a pager... yes a pager. We are talking high tech here. Seriously have they never heard of a cell phone?

And because two organizations working at cross-purposes are always better than one fumbling around (and because we Canadians do love our acronyms) a second organization was created - the Communications Security Establishment Canada (CSEC) took over responsibility for protecting government information systems from cyber threats from the response centre last year when CCIRC (the first guys) were completely unaware that hackers traced back to China targeted networks at the Treasury Board and Department of Finance in January 2011 as no one even told the response centre about the incident until a week after it happened. So rather than improve lines of communication, just create another unit.

And it seems that CSEC and CCIRC (love the acronyms) do not get along and do not share information. Sounds a lot like CSIS and the RCMP Security Service... and how did that work out for the Air India bombings over Lockerbie, Scotland and at Narita Airport??? Or the RCMP and VPD happily ignoring each other so that serial killer Robert Pickton could run amok for years killing women. Value for tax dollars, right.

The auditor general’s department found that nearly $1 billion had gone to departments in which cyber-security was an objective, but it was impossible to tell how much of that money had been used to protect infrastructure from cyber threats. Nor was there any way to judge what had been achieved.

Just before the AG report came out publicly VikiLeaksToews announced last week the Conservative government would commit $155 million over five years to boost the capacity of the response centre. The announcement came a week after U.S. Defence Secretary Leon Panetta warned American business, financial and transport computer systems may be vulnerable to devastating attacks and called on legislators to pass new laws to strengthen cyber-protections below the border. Panetta warned of the possibility of a “cyber Pearl Harbor” on the horizon. It is worth remembering that the last event that was compared to Pearl Harbor in the U.S. was 9/11. Is that comparison an exaggeration when it comes to the risk of cyber-security threats? No. A co-ordinated cyber attack could shut down infrastructure, “cause physical destruction and a loss of life,” in Panetta’s words, “and create a new sense of vulnerability.” Our dependence on computer networks makes almost every aspect of our modern lives vulnerable.

The timing was coincidental, right??? Maybe some of that money can be used to get cell phones for the CSEC personnel???

Mind you it seems that the federal government has not bothered to make businesses and vulnerable sectors aware of the role (or even the existence of CSEC - the "nerve centre" designed to identify and preempt cyber attacks.

OTTAWA—Ottawa’s cyber-attack response centre meant to monitor threats to online security around the clock has been operating only during daytime hours, says a new report from the federal spending watchdog.

And the response centre, meant to serve as the “nerve centre” for the federal government’s cyber security strategy, has routinely been kept in the dark about hacking attacks, according to a new

report

from the auditor general.

Opposition MPs jumped on the revelation, which comes just days after Public Safety Minister Vic Toews highlighted the need for increased cyber-security.

“Cybercriminals do not keep bankers’ hours. I wonder why the Government of Canada should be keeping those hours when cybercriminals are working 24 hours a day,” Liberal interim leader Bob Rae said in the Commons.

The federal public safety department created the Canadian Cyber Incident Reponse Centre (CCIRC) in 2005 to help reduce the risk to critical infrastructure by monitoring and analyzing cyber threats to non-government systems 24 hours a day, seven days a week and providing the latest and best advice for protecting against attacks.

Not so much, says the report, which also concluded that despite several incarnations of cyber security strategies and an estimated $780 million in funding since 2001, the federal government has been slow to meet its own goals.

The response centre was staffed to operate only from 8 a.m. to 4 p.m. five days a week, the audit found, although the federal government operations centre can page someone on call if a cyber attack or threat is reported after hours.

But the audit report says the centre should be working around-the-clock to ensure “timely detection and notification” of cyber threats as well as communicating with foreign allies working in different time zones.

“It’s important to have one place that can then take all of that information and figure out whether the threat is greater than the sum of the incidents,” Auditor General Michael Ferguson told reporters.

“We think it’s important that there be an organization that will collect and organize and connect all the dots.”

Toews reacted quickly to the revelation, announcing that starting Nov. 5, the centre would be operating 15 hours a day, seven days a week, with “experts on call around the clock when needed.”

He defended the government’s cyber-security record, saying it had made “exceptional progress” in the face of emerging technological threats.

“The dynamic nature of the cyber threat is one thing governments have had to learn to respond to,” he said

He says computer networks owned by government and private companies are “attacked by ordinary hackers and organized crime and indeed state actors on a constant basis.”

Some business owners and operators are confused about who in the federal government, if anyone, should be told about cyber security incidents, and say others don’t even know the response centre exists.

This prevents the response centre from fully analyzing the cyber security landscape and hampers its ability to give advice to on how to protect against the latest cyber threats, says the report. “A lack of timely and relevant information and analyses affects the ability of critical infrastructure owners and operators to react to cyber attacks that may cause disruptions,” says the report.

The report notes that even when hackers traced back to China targeted networks at the Treasury Board and Department of Finance in January 2011, no one even told the response centre about the incident until a week after it happened.

Communications Security Establishment Canada (CSEC) took over responsibility for protecting government information systems from cyber threats from the response centre last year, but the audit found that despite the fact that the two agencies are supposed to be working together, CSEC does not routinely share things with CCIRC.

“CSEC told us it was concerned about sharing information because of the sensitive nature of the information it collects, such as classification levels or the sensitivities of client departments,” says the audit.

The audit says they were supposed to have worked things out by August 2011, but have now agreed to resolve things by Nov. 30 and a CCIRC employee has been working at CSEC to make collaboration easier.

Public Safety Minister

Vic Toews

announced last week the Conservative government would commit $155 million over five years to boost the capacity of the response centre.

The announcement came a week after U.S. Defence Secretary Leon Panetta warned American business, financial and transport computer systems may be vulnerable to devastating attacks and called on legislators to pass new laws to strengthen cyber-protections below the border.

Those comments came after the U.S. House of Representatives Intelligence Committee warned against doing business with Huawei Technologies Co Ltd. and ZTE Corp. — two Chinese telecommunications giants — because they could potentially be used for Chinese spying operations.

Huawei has sold equipment to major Canadian telecommunication companies.

The allegations are being referred to the U.S. Justice Department and Department of Homeland Security.

The 2010-11 annual report of the Canadian Security Intelligence Service said both the federal government and the private sector are frequent targets of cyber attacks.

“The Government of Canada is now witnessing serious attempts to penetrate its networks on a daily basis,” said that report.

http://www.thestar.c...round-the-clock

[nucklehead]

Oh yeah.

[Offensive Threat]

"Mind you it seems that the federal government has not bothered to make businesses and vulnerable sectors aware of the role (or even the existence of CSEC - the "nerve centre" designed to identify and preempt cyber attacks."

They cant tell them about CSEC. The business community expects results when it comes to security and CSEC obviously cant offer any. It would result in mass criticism and be a black eye for the Feds so best to keep all knowledge of it under wraps.