Cyber Security/Protection

The National Security and Intelligence Review Agency says the Communications Security Establishment has been falling short on dealing with privacy breaches. It says that while some incidents are unavoidable, the way the CSE handles breaches has been “inconsistent and did not always meet the transparency and accountability objectives set out in CSE internal policy.” [node:read-more:link]

Power utilities’ increasing reliance on monitoring and control technologies has meant that the U.S. electricity distribution network has become more vulnerable to cyber attacks, according to the Government Accountability Office. It says that although the Department of Energy is working on a cybersecurity strategy, it has focused more on generation and transmission systems. [node:read-more:link]

The city of Saint John, N.B. faced a ransom demand of nearly $17 million worth of bitcoin last November in return for cyberattackers not releasing encrypted information. City Manager John Collin, recently confirming the attack, says it shut down all IT services and refused to pay the ransom. [node:read-more:link]

A 100-day initiative designed to protect electrical infrastructure against cyberattacks is being rolled out by the U.S. government. It includes “aggressive but achievable milestones” to help the mostly private-sector industry to modernize its security and enhance detection, mitigation and forensic capabilities. [node:read-more:link]

President Joe Biden’s first discretionary funding request to Congress sets a $1.5 trillion spending roadmap that includes cash funding for the Cybersecurity and Infrastructure Security Agency and a reserve for “information technology enhancements.” Other key elements include funding for two new research agencies focused on health and climate. [node:read-more:link]

The incoming administration of U.S. President-elect Joe Biden will ask Congress to approve a $1.9 trillion economic recovery package which would include more than $10 billion for a spate of IT and cybersecurity initiatives. “This an urgent national security issue that cannot wait,” Biden’s transition team says. [node:read-more:link]

A massive hack that may have revealed government and industry secrets to Russia evidently has U.S. officials scrambling to reinforce cyber defences after acknowledging that the Cybersecurity and Infrastructure Agency needs more resources to counter sophisticated attacks. “It's really highlighted the investments we need to make in cybersecurity to have the visibility to block these attacks,” says Anne Neuberger, newly-appointed Deputy National Security Advisor for Cyber and Emergency Technology. [node:read-more:link]

Microsoft President Brad Smith says the U.S. must prepare a “robust menu” of responses to cyber attacks. He was commenting on the massive Solarwinds hack, which exposed the vulnerability of civilian government networks and the limitations of efforts to detect threats. “We need to strengthen the nation’s digital infrastructure and digital defenses, and that touches every part of the public sector, and every part of the private sector as well.” [node:read-more:link]

More than 2,000 staff at the Communications Security Establishment, without a contract for two years, have voted to strike after what the Public Service Alliance of Canada says is management’s insistence on “a deal-breaking concession” and refusal to send the dispute for binding arbitration. The union says the proposed concession would mean lower pay than elsewhere in the government. [node:read-more:link]

Amid ongoing complaints about Russian meddling in other countries’ affairs, President Vladimir Putin has directed his Federal Security Service to step up its response to what he says are western attempts to destabilize his country. He says the “so-called policy of containment of Russia” includes efforts to “derail our development, slow it down, create problems alongside our borders, provoke internal instability and undermine the values that unite the Russian society.” [node:read-more:link]

Five Chinese companies—Huawei, ZTE, Hytera, Hangzhou and Zhejiang Dahua—have been confirmed by the Federal Communications Commission as threats to U.S. national security. “That will ensure that as next-generation networks are built across the country, they do not repeat the mistakes of the past or use equipment or services that will pose a threat,” Acting FCC Chair Jessica Rosenworcel said March 12. [node:read-more:link]

The U.S. and China are in a “superpower marathon” as the latter invests hugely in key technologies, according to the director of the Defence Department’s innovation unit. “It's the challenge of our time,” Michael Brown said March. “It's the national security challenge of our generation and it probably is going to last many, many years.” [node:read-more:link]

The Canadian Security Intelligence Services says last year saw the highest level of foreign espionage and interference directed at Canadian targets since the end of the Cold War. “The fluid and rapidly evolving environment caused by COVID-19 has created a situation ripe for exploitation,” CSIS Director David Vigneault says in his latest annual report. “Violent extremism, foreign interference, espionage and malicious cyber activity, accelerated, evolved and in many ways became much more serious.” [node:read-more:link]

NATO officials have vowed to boost the alliance’s cyber defences. During an April 15 virtual conference, they added the commitment to an overarching decision to prevent catastrophic disruptions of member states. Host Estonian Prime Minister Kaja Kallas said “malicious” activities had increased as the COVID-19 pandemic evolved and that the alliance needed to “recognize that cyberspace is at the forefront of increased global competition, and democratic nations must stand together against deviations from acceptable behaviour.” [node:read-more:link]