Thursday, November 25, 2010

Report exposes 'economic damage' caused by hackers

Almost 90% of major Canadian companies have been hit by cyber-attacks


A secret government report on cyber-attacks says that 86 per cent of large Canadian corporations have been "hit" and that espionage hacking on the private sector has doubled in two years.

"Cyber-espionage attacks are causing considerable economic damage," says the 2010 "threat paper," released to Postmedia News through access-to-information laws.
The heavily redacted report was prepared by the Public Safety Department with input from the CSIS, the Defence Department, the RCMP and the Privy Council Office.

Cyber-security expert Rafai Rohozinski said that the vast jump in businesses infiltrated by cyber-hackers is "not surprising at all and, in fact, it's highly worrisome."

He estimated that more than half of corporate espionage originates in China and involves tapping into intellectual property secrets.

The report details the cyber-threat facing Canada and asserts that it is not only an economic issue, but also a national security problem, in that government is also a key target of foreign espionage and when "some terrorist groups are developing an interest in mounting cyber-attacks against state enemies and, most likely, the capabilities to do so."

An accompanying memo to Public Safety Minister Vic Toews says the paper was distributed to deputy ministers involved in crafting a cyber-security strategy to "inform them of the cyber-threats facing government systems and to provide them with potential mitigation measures."
The released sections of the report do not detail Canada's economic losses, nor do they zero in on potential terrorist threats or other potential attacks against government. For instance, passages are blacked out on "key cyber-threat actors," espionage, and much of the paper's conclusions. Foreign intelligence services, however, are cited as a threat against governments.

The Harper government, after years of promising a cyber-strategy, announced last month that it would spend $90 million over five years to protect government systems from hackers, work with the provinces and businesses to ensure private information is properly encrypted, and to help educate Canadians about cyber-safety.

Toews, in announcing his plan in early October, said he worries about the security of 130 government programs offered on the Internet.

The government threat paper focused on deliberate attacks. While most electronic hacking inflicts relatively minor damage, a growing number of attackers are able to cause damage of national significance, such as sabotaging national security operations and causing critical infrastructure to malfunction, such as energy, utilities, communications, and transportation, said the report.

It also touched on the well-documented use of blogs, chat groups and websites to hatch terrorist plots and the explosion in online theft in the recent years, in which billions of dollars annually are lost through high-tech methods to commit credit-card fraud, identity theft, and other commercial crime.

Rohozinski, chief executive officer of SecDev, an Ottawa-based cyber-security firm, said Canada's cyber-strategy spending "is really a drop in the bucket" compared to money being spent in Britain and the U.S.

"The U.S. is set to spend anywhere from $40 (billion) to $60 billion in terms of looking not just at developing cyber-security, but looking at cyberspace as a domain in which they need to have freedom of navigation in ways that states previously sought freedom of navigation in the sea."

Canada is also "heavily leveraged" online and is therefore vulnerable to a "catastrophic" attack, said Rohozinski, who co-authored a report last spring that warned of an "arms race" in cyberspace that prevents governments from joining forces to combat international threats.

* This article was written by 
  JANICE TIBBETTS, POSTMEDIA NEWS 
  NOVEMBER 24, 2010
  To view the original Ottawa Citizen article, click here.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.