December 14, 2015 -
Over the past week, major initiatives have been launched in Canada, the United States and the United Kingdom focused on enhancing cybersecurity.
In Canada last week, the Canadian Council of Chief Executives and a group of leading Canadian companies recently announced plans for an independent, not-for-profit organization, the Canadian Cyber Threat Exchange (CCTX), to help Canadian businesses and consumers guard against cyber attacks.
Launching in 2016, the CCTX will work to share information about cyber threats and vulnerabilities among businesses, government and research institutions. It will provide its members and the general public with analysis of cybersecurity issues and act as a point of contact for cyber information-sharing organizations in other countries.
“Cybersecurity is top of mind for companies and institutions around the world,” said John Manley, President and CEO of the Canadian Council of Chief Executives. “CCTX will help member firms and organizations of all sizes by allowing them to gather, analyze and disseminate information about cyber attacks and mitigation options, and by building awareness of emerging cyber threats.”
The CCTX will create a consolidated view of cyber threats affecting Canada’s private sector by working closely with the Canadian government and law enforcement agencies. Founding members of the CCTX are Air Canada, Bell Canada, Canadian National Railway, Hydro One, Manulife, Royal Bank of Canada, TELUS, TD Bank Group, and TransCanada Corporation.
CCTX will enhance cybersecurity collaboration among private and public sector partners, strengthening their ability to protect critical infrastructure, sensitive or proprietary data, and customer information. By joining CCTX, smaller firms and institutions with more limited capabilities will gain access to timely threat information, toolkits and analytical capabilities that will improve their cyber defences. Canadian consumers will similarly gain access to free resources that will help them identify and guard against cyber threats, including identity theft and fraud.
In the United States, the National Institute of Standards and Technology (NIST) recently issued a request for information (RFI) concerning improving critical infrastructure cybersecurity. In this RFI, NIST is requesting information about the variety of ways in which the “Framework for Improving Critical Infrastructure Cybersecurity” is being used to improve cybersecurity risk management, best practices, and long-term governance. NIST is also requesting input that might be used to improve and update the framework itself.
This information is required in order to carry out NIST’s responsibilities under the Cybersecurity Enhancement Act of 2014 and an executive order which mandates that framework consist of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. The framework, which was released in February 2014, after a year-long open process involving private and public sector organizations, includes extensive industry input and public comments. NIST hopes to enhance the framework by continuing with an on-going comment processes. All comments received will be made public.
In the United Kingdom last week, cybercrime specialists from across Europe converged to take part in a ground-breaking exercise to test the international response to serious cyber crime.
Exercise Silver Shadow, a multi-national exercise run by the National Cyber Crime Unit (NCCU) of the U.K. National Crime Agency, funded by the Foreign and Commonwealth Office, and supported by the U.K. Home Office, saw officers from eight different countries come together to assess their collective response to a simulated cyber attack on a fictitious international petroleum company.
The countries involved were Bulgaria, Georgia, Lithuania, Moldova, Romania, Ukraine, the UK, and the United States. A representative from Europol’s Joint Cyber Action Taskforce (J-CAT) also took part.
Jamie Saunders, Director of the NCA’s National Cyber Crime Unit, said: “Cyber crime is by its very nature international, with many of the criminals and the technical infrastructure they rely upon based overseas, and yet its impact is felt by real people and real businesses in communities across the U.K.”
“This means that our response has to be capable of linking police colleagues dealing with victims at a local level with law enforcement colleagues in other countries investigating and prosecuting those who may be responsible.
“This is why the NCCU puts strong international partnerships at the heart of our efforts to combat the most serious cybercrime threats to the U.K. We have lots of learning to take away, but through this exercise we have demonstrated that, just as the criminals can work across national borders, so can law enforcement.”