Communicating the Threat: Examining and Improving Canadian Public Sector, Private Sector and Industry
Cyber-Security Strategic Capabilities
In partnership with CATA Alliance - www.cata.ca
Lead researcher: Valarie Findlay, HumanLed Inc. vfindlay@HumanLed.com
Cyber-attacks. From the public perspective, where its a frequent headline, we're nearly immune to the term but to CISOs and security operation centre resources its a constant tactical headache - a monumental challenge in managing and mitigating these surreptitious, constantly evolving threats with shrinking budgets and skills shortages. Having to harden assets to meet all threats, with the most aggressive of attacks setting the baseline for countermeasures, it is a costly and intellectually draining endeavour even for the largest organizations with the most flexible budgets.
Globally, governments and the private sector attempt to maintain adequate security and privacy measures while the complexities of converging technologies increase and the security industry struggles to keep up with it. It is clear that the existing security frameworks, capabilities and legislation require a an integrated, planned and comprehensive transition to meet future demands on federal mandates and global partnership alignment.
In May 2014, the preliminary study, “Cyber-Threats, Terrorism and the Counter-Terror Model, (V. Findlay, Humanled Inc.) was published and revealed key research findings and further study areas that are being analysed and addressed in the study, "Communicating the Threat" launched in January 2015. It was concluded in the preliminary study that the most effective protections are devised at the strategic level and include closing gaps with communication and collaboration, revisiting sanctioned threat-risk assessment approaches with the evolution of cyber-threats in mind and assessing cyber-threats with the same diligence as physical threats and within the counter-terror model.
Additionally, it reiterated factors we are all very well aware of but in a priority framework based on the security cornerstones of prevention, detection, response and recovery. These factors included the widening of cyber-attack target categories, the asymmetrical, constantly evolving nature of cyber- threats and increasing complexity of their attack vectors. Post-exploit conditions were also a key concern where intelligence can be limited; shielded and “silo-ed” by organizations, sources not known until after exploitation (if at all), and dynamic information, tool and technique sharing between sectors is poor. The two take-aways of priority were that analysis in hardening assets and cross-sector communication and collaboration are crucial in devising coordinated technological preventative measures and corresponding legislation - recognizing that public and private sector networks are not isolated assets and their securitization of no consequence to our national security.
Therefore, the founding vision of Communicating the Threat is to elevate Canadian government, public sector and industry jointly as strategic leaders in cyber-security in order to combat threats through collaborative partnerships, information sharing, comprehensive analysis and agile, up-to-date approaches. To attain this, the study focuses on three areas of interest to federal and public security and policy:
1) Examining cyber-security within the counter terror model and the need to treat cyber-threats with the same focused inter-dependencies and capabilities as physical threats by malicious actors,
2) Examining the current state of cross-sector communication and collaboration and the development of a proposed collaborative partnership framework with government, private-sector and security industry, and
3) Examining threat/risk assessment approaches, including guiding industry standards, their effectiveness and areas for improvement.
By conceptualizing cyber-threats in the federal counter-terror model, cyber-threats are recognized as having a degree of harm, as well a financial implication, and that emerging cyber-threats can have an impact on public safety and security. Securitizing data and assets with the complexities of converging technologies at the forefront, enables progress initiatives such as communication and collaboration, thereby benefiting the security and privacy of federal and public data and assets and aligning Canada with global partners and allies.
The value of establishing a framework of communication and collaboration between trusted partners in government, public sector and the security industry, timely and relevant information sharing and intelligence analysis allows immediate hardening of assets of partners, increased agility in response and remediation and its dissemination directly impacts the viability of the malicious threat's command and control. Communication and collaboration can prove to be the most effective and directly defensive action that can shorten the lifespan of a malicious threat, protect peripheral assets and partners and reduce overall security expenditures related to exploit and loss.
Analysing long-standing, widely used threat/risk assessment approaches, standards and guidelines that are used to mitigate the risks of current cyber-threat behaviours and projected evolution, can reveal gaps and propose a whole solution instead of piece-meal improvements. This recognizes that threat/risk assessment approaches and tools are the cornerstone of establishing prescriptive countermeasures and safeguards and if there are deficiencies in the analysis or the analysis is not sufficiently performed, prescriptive countermeasures and safeguards will be ineffective or limited in their shelf-life.
As a whole, these three areas aim to improve the security and privacy of federal and public data and assets, reduce or ensure effectiveness of security expenditures and institute lateral partnerships thereby replacing "silos". The result is better alignment with global partner mandates and the entrenchment of cyber-security into public policy and federal mandates that sets the foundation for legislative change where needed.
Valarie Findlay has over decade of senior expertise in Canadian federal government and is President of HumanLed, Inc. (www.HumanLed.com). She has managed and participated in the transformation of mission critical systems, developed cyber-security strategies and frameworks and risk assessment approaches for policing, military and government departments. Currently, she is completing her dissertation on the effects of terrorism on law enforcement in Western Nations in the Terrorism Studies Program at the University of St. Andrew’s.
Articles and Studies: Cyber-Terrorism and Canadaﾒs Cyber-Security Strategy: Determining the True Cost and Value of Information, Canada's Cyber-Threat and CIP Strategy, Validating Militarization of Law Enforcement, Cyber-Threats, Terrorism and the Counter-Terror