AGENDA NCSIP Mandate IT Security Threats Specific Action Items Additional Initiatives
NCSIP Mandate: Create and champion policies, standards, procedures and tools to ensure all jurisdictions in Canada maintain the highest standards of information infrastructure protection Exchange information, share best practices, and recommend programs and priorities on information protection for the governments of Canada
IT Security Threats Malicious code up 500 % in last 6 months Web application attacks increasing Average time between announcement of vulnerability and the exploit code last year was 5.8 days - now approaching ‘zero day’ Malicious code is morphing as it propagates Spyware and botnets are widespread 33% rise in phishing in 2004 over 2003
Spyware Keystroke Loggers (a.k.a., Keyloggers or Snoopware) –software that runs in background, recording all keystrokes of user, potentially stealing passwords and other confidential data Remote Access Trojans (RATS) –allows an attacker to remotely control user’s computer
Phishing Sites Increasing Source:
First comes the …
Then a redirection to a false site…
Spam is increasing
However: The threat picture is not unique to Canada Regular contact with NCSIP members re: –Emerging vulnerabilities, viruses, threats, incidents, best practices –Weekly collaboration through GovIRT sponsored by PSEPC, alerts/advisories, trends, incident management coordination, Qs & As etc –Operational cooperation with EMOs, other committees Industry is working aggressively to combat threats through iimproved products such as SPAM filtering, Spyware cleaning tools etc.
Specific Action Items
Common Self Assessment Tool PURPOSE: Assess current state of security Create a cross country, high level report on the state of IT Security Establish a base line for determining required improvements and measuring future progress Identify gaps and set priorities Assist in developing an improvement plan
Common Self Assessment Tool STATUS: High level tool developed as planned, based on the Quebec model Alberta, PEI and MISA will pilot the tool and report results Delayed due to copyright issues related to the Quebec model Concurrently, jurisdictions are building on the growing ISO tools being produced
Education and Awareness PURPOSE: Support Continuing Education and Awareness of IT Security issues at all levels across all jurisdictions
Education and Awareness STATUS: Quebec Videos have been re-taped and support material is being translated Exploration with CSE college re: training courses available/to be developed Increased collaboration with municipalities (MISA) Additional resources identified in some jurisdictions National Awareness Framework planned Ongoing work is required here as we are all dealing with the same citizen
Coordinate ITS Standards PURPOSE: Coordinate ITS standards, including adoption of national and international standards (e.g. NIST, ISO 17799)
NCSIP linkage with PSEPC National Security Policy –Government Operations Centre National Emergency Response System –Cyber Security Task Force National Cyber Security Strategy Canadian Cyber Incident Response Centre –Federal/National focal point and coordination centre Cyber Incident Response 7X24 Threat monitoring Enhanced readiness and response to cyber events nationally
National Emergency Response Structure Prime Minister Cabinet Ministerial Committee with DM participation as required for National Policy Direction Minister( s) Regional Interface Strategic Coordination National Policy Direction OGDs EOCs Including Agencies Regional federal offices Simple Incident Complex Incident Government Operations Centre (GOC) Department (s) DMs/ADMs ADM Public Safety Committee with DG participation as required for National Policy Direction
Emergency Response PURPOSE: Liaise and coordinate with emergency response organizations
Emergency Response STATUS: Call out exercise February 2004 Meeting with EMO officials April 2004 Effective CISO/EMO relationships developed Inter-jurisdictional cyber exercise group working expanded to include more EMO staff NCSIP exercise conducted October 2004 Briefing with EMOs November 2004 Joint exercise planned Fall 2005
Additional Initiatives Security clearance policies and practices Liaison with ITAC through GOC-TBS Spam, Spyware Wireless Security Mobile Devices