cybersecurityIn April 2013, the Canadian government announced its action plan for cybersecurity and highlighted the successes realized within the framework of its cybersecurity strategy to enhance cyberspace security for Canadians.

One such measure involves the Canadian Cyber Incident Response Center (CCIRC), which supports Public Safety Canada, acting as the national coordinating center for cybersecurity-related incident prevention, mitigation, response and recovery. To accomplish its mission, the CCIRC provides reasoned advice and, if an incident arises, coordinates the exchange of information with partners in the public and private sectors, including critical infrastructure operators, various government bodies, as well as information technology providers.

According to a media article, certain Canadian companies may be vulnerable to hacker attacks because of security flaws or ineffective cybersecurity measures. According to a public security document, software vulnerabilities are on the rise and security management costs are high, which may prevent some companies from adequately investing in information security.

Considering that a security incident can significantly impact critical infrastructures (e.g. electricity distribution network, banking systems, transport and telecommunications networks, etc.) and generate economic, political and social repercussions, it is important that these infrastructures be well protected against such attacks.

One of the most well-known cases affecting critical systems was the Stuxnet computer worm in 2010. It was able to spy on and reprogram industrial systems in addition to camouflaging its alterations. It affected tens of thousands of computers, including a nuclear power plant in Iran.

In Canada, hackers have already perpetrated attacks against the Telvent Canada company, which supports the management of oil and gas pipelines.Although companies do not wish to divulge their security incidents for fear of tarnishing their reputation, denouncing this type of attack can help identify sources of piracy and minimize the risk that individuals or malware will attack other companies.

For more information, please read the following article:

By Patrick Paradis, Information Security Advisor