National and Cyber Security Branch Presentation for Gridseccon Quebec City, October 18-21 1
Public Safety Canada Departmental Structure 2
National and Cyber Security Branch National and Cyber Security Branch National Security Policy National Cyber Security National Security Operations Critical Infrastructure and Strategic Coordination National Security Policy CCIRC National Security Assessment and Analysis Critical Infrastructure Policy Intelligence Policy Policy and Issues Management National Security Operations Strategic Coordination and Partnerships 3
National Cyber Security Directorate National Cyber Security Directorate Policy and Issues Management Canadian Cyber Incident Response Centre (CCIRC) Value of NCSD Policy for CI Owners Operators & the Private Sector Cyber issues communicated to CCIRC inform consideration of policies & programs Cyber issues socialized amongst other Government Departments & Agencies (i.e. Innovation, Science, Economic Development, Royal Canadian Mounted Police) Engagement with other levels of government (provincial, territorial, municipal) Liaise with international governments (UN Group of Government Experts on Cyber Security, Five Eyes, Interpol) 4
National Cyber Security Directorate Four (4) Themes of Consultation for Cyber Review: Evolution of the Cyber Threat Increasing Economic Significance of Cyber Security Expanding Frontiers of Cyber Security Canada s Way Forward on Cyber Security 5
National Cyber Security Directorate Cyber Security Cooperation Program Five-year $1.5 million initiative Support projects that will help improve cyber security of Canada's vital cyber systems Available to CI owners and operators, industrial and trade associations, academics and research organizations 6
National and Cyber Security Branch Senior Assistant Deputy Minister National Security Policy National Cyber Security National Security Operations Critical Infrastructure and Strategic Coordination National Security Policy CCIRC National Security Assessment and Analysis Critical Infrastructure Policy Intelligence Policy Policy and Issues Management National Security Operations Strategic Coordination and Partnerships 7
Canadian Cyber Incident Response Centre Canada s computer security incident response team Mandate to coordinate the national response to significant cyber incidents. Point of contact for owners and operators of critical infrastructure to report cyber incidents 8
Critical Infrastructure and Strategic Coordination Directorate Provide strategic advice to the Minister on CI related issues Develop, coordinate and implement CI policies Build partnerships Implement an all-hazards risk management approach 9
CCIRC and Federal Cyber Partners CSIS collects info, assesses threats, produces intelligence & advises government on activities that may constitute a threat to the security of Canada. CRTC administrative tribunal regulating telecoms. SSC provides and protects GC IT infrastructure. PS leads the Government s efforts to protect Canada s CI from hazards, including physical & cyber dimensions; responsible for cyber emergency management. RCMP primary federal organization with the mandate to investigate criminal offences related to cybercrime CSE provides foreign signals intelligence; advice & services to protect Government info & infrastructure; technical/operational assistance to law enforcement & security agencies. DND/CAF conducts operations within DND/CAF networks to detect, defeat and/or mitigate offensive & exploitive actions; collects intelligence on cyber threats to DND/CAF. 10
Mitigation vs. Investigation in Cyber Security Mitigative Role Investigative Role CCIRC Advice and support to prevent, mitigate, prepare for, respond to, and recover from cyber events RCMP Crimeware, violations of Criminal Code CSE-CTEC Similar role as above, different resources CSIS Cyber espionage, attribution RRAP Advice and support for critical infrastructure operators to increase cyber security resilience CRTC Code removal requests with uncooperative hosting providers, investigations to enforce compliance 11
Pillar 1 Pillar 2 UNCLASSIFIED Pillar 3 Canada s Cyber Security Strategy Since the release of Canada s Cyber Security Strategy in 2010, Public Safety Canada has been working to implement the three pillars: Secure Government systems Improved cyber incident response capabilities Partner to secure systems outside the Government of Canada Strengthening Information Sharing Working with international partnersimproving services offered Training and outreach Help Canadians to be secure online Improved public awareness 12
CCIRC s Operational Cycle What kind of data does CCIRC use? Where/who does it come from? Input What tools and resources do we use to process the information? What is the value of this process? How do the results influence the input? Impact Output Analysis How do we disseminate the results? Which products or services do we provide? 13
Information Sharing Need for increased information sharing Complex environment Sophisticated methodologies Economic Impact Security Impact - Internet of Things - Ransomware - Advanced Persistent Threat - Major data breaches - Threats to ICS/SCADA - Increased publicity for cyber threats 14
CCIRC s Information Sharing Strategy Victims CCIRC s Incident Handling Team Malicious Code Removal Requests Other national CSIRTs Automated Analysis Tools Victim notifications Open Source and Industry National Cyber Threat Notification System 15
Suite of Technical and Executive Products 16
CCIRC Community Portal 17
2015: Geek Week CCIRC held its second annual Geek Week from November 16 to 20 Participation more than doubled from last year s inaugural event. CCIRC gained the equivalent of sixty-five weeks of new data from this event. 18
National Strategy and Action Plan for Critical Infrastructure To provide support to CI owners and operators, Canada established a National Strategy for Critical Infrastructure (2010) and an Action Plan 2014-2017 with three pillars: 1. Build trusted and sustainable partnerships 2. Advance the timely sharing and protection of information 3. Implement an all-hazards risk management approach 19
CI Gateway The CI Gateway is an encrypted, password protected platform for the sharing of unclassified information. The Global CI Gateway has provided a digital venue for international partners to connect virtually and share information across multiple working groups. Information products include: risk management documents, best practices, lessons learned, meeting material, standards, and events calendar. Among the array of CI related material contained on the Gateway, you can find cyber-related reports produced by internal and external partners such as CCIRC, the ICT Sector, the Integrated Terrorism Assessment Centre and Canadian Securities Establishment. 20
Files: Regional Resilience Assessment Program Regional Resilience Assessment Program (RRAP) is a site assessment program that evaluates critical infrastructure against the full range of risks and threats, including cyber and terrorist attacks - Examines vulnerabilities and readiness posture of facilities - Offers recommendations and guidance to enhance resilience and address vulnerabilities - Provides owners and operators with practical guidance to target limited resources for maximum benefits in terms of resilience - May Include tabletop exercises to assess progress and practice response and recovery measures 21
Critical Infrastructure Resilience Tool On-site, survey-based tool that measures the resilience and protective posture of a facility. Academically rigorous methodology gives overall and category-specific scores. Final Report contains: - the scores, including peer comparison; - a review of each significant asset and area (SAA) - facility commendables and vulnerabilities - options for consideration Interactive dashboard allows the owner/operator to build scenarios showing how potential investments could result in increased resilience. 22
Critical Infrastructure Multimedia Tool A multiplatform software tool that generates an interactive visual guide of a critical infrastructure facility for the owner/operator. Incorporates various forms of information, including: - 360 geospherical videos and pictures - floor plans (including identification of SAAs) - important corporate documents - CCTV (IP based) - links to the web Serves training, exercise, and tactical emergency response functions if shared with first responders. 23
Canadian Cyber Resiliency Review On-site, survey-based tool that measures the cyber security posture of an organization. Academically rigorous methodology gives overall and indicator-specific scores across 10 domains. Final Report contains: - the scores, including peer comparison; - key standards and other resources; - options for consideration CEO Summary Report provides high level review of findings and organizational response. 24
Critical Infrastructure Working Groups Sector networks have been established for each of the ten sectors to facilitate collaboration among governments and owners/operators National Cross Sector Forum brings together national leaders from each of the critical infrastructure sectors to provide updates on initiatives, discuss emerging issues of interest and set priorities to foster CI resilience Multi-Sector Network brings together working level sector representation to discuss initiatives, conduct exercises, etc 25
ICS Workshops Three day events: - Workshop: Two day training and community building opportunity Assisting Canada's critical infrastructure owners and operators to better secure their most critical Industrial Control Systems (ICS) and information technology assets. - Training: One day of hands-on development of basic incident handler skills for industrial control systems security professionals. Last Workshop: March 2016 in Ottawa, ON - 150 participants Next workshop: Nov. 22-24 2016 in Calgary, AB 26
Fundamentals of Cyber Security for Canada s CI Community - Overview Launched at Multi-Sector Network meeting 23 June 2016 Provides action-oriented and adaptable guidance and mitigation measures on five fundamental aspects of cyber security: Raising Security Awareness Defining Roles and Responsibilities Developing Policies and Standards Establishing a Cyber Security Plan Budgeting for Cyber Security Works towards achieving a minimum baseline level of cyber security within the chain of Cyber Security in the CI community A starting point for Cyber Security - Not a definitive guide on all aspects of cyber security 27
Virtual Risk Analysis Cell (VRAC) Fort McMurray 28
CCIRC Contacts & CISCD Contacts CCIRC Canadian Cyber Incident Response Center cyber-incident@canada.ca www.publicsafety.gc.ca/ccirc CISCD Critical Infrastructure and Strategic Coordination Division PS.CIEngagements-EngagementsIE.SP@canada.ca www.publicsafety.gc.ca/ci 29