The Canadian government’s cyber authority has started using a U.S. company’s security ratings platform to rank cyber threats to the country’s critical infrastructure.
The Canadian Centre for Cyber Security said Thursday it has contracted to use SecurityScorecard’s security ratings platform. Under an arrangement with the company, the scoring will help the Cyber Centre educate critical infrastructure owner-operators on the risks facing their organizations, assisting them in remediating and measuring cybersecurity risks.
It gives the Cyber Centre a simple way to instantly measure and quantify the cyber risk of any critical infrastructure entity with an “A” through “F” rating system, SecurityScorecard said in a news release, using continuously monitored threat intelligence data. This scoring is only for critical infrastructure operators and won’t be made public.
Nayeli Sosa, a Cyber Centre spokesperson, said though it can already pinpoint vulnerabilities and help protect critical infrastructure systems before the threats happen — for example through advisories, alerts, cyber flashes, and pre-ransomware notification — “this kind of tool bolsters our existing services and our toolset.”
Terms of the arrangement weren’t announced.
“We have comprehensive data on government systems, but our visibility into emerging threats to critical infrastructure has been limited historically – and that’s precisely where the greatest risks lie,” Cyber Centre head Sami Khoury said in a statement.
“According to the World Economic Forum, critical infrastructure remains the prime target for threat actors. Our partnership with SecurityScorecard provides us with authoritative and trusted data on critical infrastructure and insight to manage such risks at scale. We are committed to increasing the confidence of Canadians in the critical systems they rely on daily, offering support to critical infrastructure networks and other systems of importance to Canada. This will help the Cyber Centre ensure we can provide tailored support to critical infrastructure owner-operators vital to the security of Canada.”
The partnership “serves as a model for other governments to collaborate with the private sector to achieve real-time visibility into the cyber threats facing critical infrastructure,” said Sachin Bansal, SecurityScorecard’s chief business officer.
The Cyber Centre is the government’s authority for advising federal departments as well as critical infrastructure providers on cybersecurity issues.
Based in New York, Security Scorecard has modules that can check public datasets for evidence of high-risk or insecure ports in an organization’s IT network, analyze how quickly an organization installs security updates, and more.