MapleSEC: How the Canadian government’s Cyber Centre helps infosec pros

What does the Canadian Centre for Cyber Security do for infosec pros?

Quite a lot, according to Melanie Anderson, the federal agency’s director-general for secure solutions and services.

In a keynote speech during IT World Canada‘s MapleSec series of cybersecurity presentations this week, Anderson outlined the free services the federal department offers to help protect IT networks (Many need a feed reader):

— Cyber Flashes – actionable information describing an immediate issue targeting the federal government or systems of importance;

Alerts – to raise awareness of a recent cyber threat with mitigation advice. On request the Centre can provide more detail for subscribers;

— Weekly Technical Reports – summaries of events as well as indicators of compromise (IoCs);

— Aventail – an automated threat intelligence service that runs at machine speed for critical infrastructure providers that includes IoCs such as domain URLs and IP addresses that can be fed into your system. In 2022 Avantail sent out over 46,900 IoCs;

— NCTNS Notifications – short for the National Cyber Threat Notification Service, which are warnings sent to an organization if the Centre sees a sign of compromise in its IP space;

— Scorecards – a monthly report for NCTNS subscribers;

Malware.cyber.gc.ca – a website where infosec pros can submit suspicious files for analysis. It uses Assemblyline, a Centre-created analysis tool;

Assemblyline – yes, it can be downloaded for use in your own environment;

— a Learning Hub – training for employees of all levels of government and critical infrastructure providers;

— and some incident response advice.

All this is in addition to free advisory documents such as baseline controls for small and medium businesses.

The Cyber Centre is the government’s authority on cybersecurity for government departments and businesses. The Centre is part of the Communications Security Establishment (CSE), responsible for defending federal IT networks, creating secure communications for government departments and breaking foreign codes. In turn the CSE is part of the Department of National Defence.

One of Anderson’s key messages is that cybersecurity is a team sport: If you have an incident or discover an indicator of compromise, report it to the Centre. If it’s a criminal offence, like ransomware, report it to the RCMP. If it’s phishing, report it to the Canadian Anti-Fraud Centre.

She also emphasized the importance of organizations observing cybersecurity basics. “Many times we have incidents that mostly occur because of human error, sometimes poor cyber hygiene — lack of multifactor authentication, poor passwords, clicking on an attachment and poor risk awareness.”

Finally, Anderson concluded with a call to action for infosec pros: Mentor at least one person, particularly people from diverse backgrounds.

“In my mind this is very crucial to help the next generation learn more about cybersecurity, leadership, and to pass on the tools and tips to enable a resilient workforce.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now