2024: The FAR, Federal Acquisition Regulations - Part 25
Cyber Security: Threat and Prevention
1. “Expand Your Horizons” Webinar Series
Cyber Security: Threat and Prevention
February 24, 2015 1:00 – 1:45pm
The Webinar will begin shortly. You can ask
a question in the box on the right hand
side. We will answer them during our Q&A
at the end of the webinar.
3. CSE Mandate: National Defence Act
3
Provide advice, guidance
and services to help
ensure the protection of
information and
information systems of
importance to the GC
PART B
PART A
Provide foreign
intelligence in
accordance with
government priorities
PART C
Provide technical
assistance to law
enforcement and
national security
4. What is the GC Protecting ?
4
Banking & Finance
Border Services & Immigration
Government Administration
Health
Industry & Business Development
International Affairs, Trade & Development
Legal
Natural Resources,
Energy & Environment
Security, Intelligence &
Defence
Social & Cultural
Development
Transportation
GC Cyber Activity in 2014 by Sector
Canadian Personal Information
Trade Secrets
New Technologies
Negotiating Strategies
Natural resources information
Access to everything
What are Threat Actors after?
5. What are the Threats?
5
State-sponsored threat actors
Foreign intelligence services tasked to collect
intelligence and/or disrupt Canadian services.
Cybercriminals
Criminals that use malware and other programs to
either steal information or coerce others to pay
them for illegitimate reasons (ransomware).
Hacktivists
Political and/or social activists that use computers
or computer networks to channel their message or
prove a point.
Script kiddies
Individuals or groups that target GC and other
organizations for the fun of it, or compete to see
who can cause the most damage.
6. What are the risks
6
Reputational/Trust
Business Continuity
Financial Impact
Information Loss/Damage
7. No quick fix for cyber security.
There are a number of mitigation measures you can undertake to significantly hinder
threat actors.
• Patching:
• Operating system;
• Applications;
• Till you can patch no more!
Patching Challenges:
• Timeliness/Costs
• Various versions : operating systems & Internet browsers.
Current malicious activity that could be prevented with
patching:
• 2010 & 2012 Common Vulnerabilities and Exposures (CVEs)
• Every compromise in 2013!
Preventing a Compromise - Patching
7
8. Cyber security does not stop with patching.
Proactively prepare.
Cyber threat actors will gain access.
Harden your networks:
• design your network and system efficiently;
• know where certain applications are in use;
• apply network segmentation in security zones to protect
sensitive information;
• consolidate Internet access points; and,
• other best practices.
Anticipating a Compromise
8
9. Shared Services Canada
A Team Sport
9
IT security teams across
the Government of Canada
Public Safety
Canadian
private sector
Canadian industry
IT vendors
Working together is key!
10. Understand your network and information is
constantly targeted;
Be aware of cyber threat actors and their
methods;
Top 10 Mitigation Measures
IN CONCLUSION:
Cyber threat activity is here to stay;
Compromises and vulnerabilities will increasingly be publicized –
Don’t make the headlines for the wrong reasons; and,
Anticipating compromises is just as important as preventing them.
Where from Here?
10
26. Questions and Answers
Be sure to tune in to our next webinar!
• “A Conversation with the New Auditor General of Nova Scotia”
• Presenter: Michael Pickup – Auditor General of Nova Scotia
• Thursday, March 12 from 12:00 – 1:00pm EDT
• Register at www.fmi.ca/events/webinars
26