Government urged to set cyber standards
OTTAWA — Gover nments should move to secure private networks in the name of national security — possibly even forcing standards upon the industry, two experts in cyber-security said Thursday.
The end of that road could require Canada and other governments to legislate cybersecurity standards, according to the former chief of Canada’s ultra-secretive cyberspy agency, because voluntary standards can be ignored.
The Harper government has rejected legislating basic standards for cyber-security, opting instead to share best practices with industry. A recently released research paper for Canada’s spy agency, CSIS, suggested funding cyber-security for critical infrastructure, such as water systems and electrical grids, in the name of national security. The Obama administration trod lightly on this in a recent executive order, announcing only voluntary security standards for companies that run critical infrastructure in the U.S.
Top U.S. politicians and defence officials have suggested the threat in cyberspace is so great that an attack on critical infrastructure could cripple countries, a scenario American officials have repeatedly dubbed a “cyber Pearl Harbor.”
The number of attacks on U.S. systems has grown as the number of users and devices connected to the Internet continues to grow. Online disruptions successfully targeted Estonian networks in 2007, and last year a malicious program rendered 30,000 computers at the Saudi Arabian state oil company unusable.
Much of the concern over government involvement in cyber-security, such as having Internet service providers tell federal security agencies about potential attacks or disruptions to systems, comes down to worries over the loss of civil liberties.
A report this week from IT security firm Mandiant alleged a specialized Chinese military unit was behind the hacking of 141 companies in the last six years, stealing corporate secrets from enterprises including Canadian company Televent, which creates the computer systems that operate pipelines. China has denied the accusations.
Worldwide, cyber-criminals are estimated to have stolen $4 trillion annually, Adams said, while companies spent about $15 trillion fighting such losses.
The White House announced Wednesday it would move to punish countries that don’t do enough to crack down on hackers stealing corporate secrets, naming China, India and Russia as possible culprits.
A spokesman for Public Safety Minister Vic Toews didn’t directly respond to the U.S. strategy Wednesday, saying only that through the government’s cyber-security strategy government agencies would “work with the private sector and our allies to guard against these threats.”
Gen. Keith Alexander, the head of U.S. Cyber Command, said no network will be completely safe from hackers and the best defences can always be compromised. He said governments should move to a secure cloud network to limit the number of vulnerabilities in a traditional network, an option the Harper government has been considering.