Abstract: This Masters of Global Affairs project has been constructed for the use as a piece contributing to policy recommendations for the Canadian Federal government on their response to handling state-sponsored cyber attacks on critical national infrastructure (CNI) in Canada. Throughout this project an exploration is undertaken to understand the means of attacks that Canada has faced since the millennium, as well as to see what defense and security measures were of use, and what security measures were under-utilized. By exploring these attacks to Canada's CNI, clarification on improvements for the federal government on its future state of cyber defense become available. This project will also look to shape policy recommendations that can be considered in further national security agenda creation as well as governmental policies affecting domestic, and global governance on cyber attacks.
IT-SEC protects the information. SEC-OT protects physical, industrial operations from information, more specifically from attacks embedded in information. When the consequences of compromise are unacceptable - unscheduled downtime, impaired product quality and damaged equipment - software-based IT-SEC defences are not enough. Secure Operations Technology (SEC-OT) is a perspective, a methodology, and a set of best practices used at secure industrial sites. SEC-OT demands cyber-physical protections - because all software can be compromised. SEC-OT strictly controls the flow of information - because all information can encode attacks. SEC-OT uses a wide range of attack capabilities to determine the strength of security postures - because nothing is secure. This book documents the Secure Operations Technology approach, including physical offline and online protections against cyber attacks and a set of twenty standard cyber-attack patterns to use in risk assessments.
Exploring the negative social impact of cyber-attacks, this book takes a closer look at the challenges faced by both the public and private sectors of the financial industry. It is widely known amongst senior executives in both sectors that cybercrime poses a real threat, however effective collaboration between individual financial institutions and the public sector into detecting, monitoring and responding to cyber-attacks remains limited. Addressing this problem, the authors present the results from a series of interviews with cybersecurity professionals based in Canada in order to better understand the potential risks and threats that financial institutions are facing in the digital age. Offering policy recommendations for improving cybersecurity protection measures within financial institutions, and enhancing the sharing of information between the public and private sector, this book is a timely and invaluable read for those researching financial services, cybercrime and risk management, as well as finance professionals interested in cybersecurity.
We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. Modern military forces use weapons that are increasingly coordinated through computer-based networks. Cybersecurity is vital to protecting all of these functions. Cyberspace is vulnerable to a broad spectrum of hackers, criminals, terrorists, and state actors. Working in cyberspace, these malevolent actors can steal money, intellectual property, or classified information; impersonate law-abiding parties for their own purposes; damage important data; or deny the availability of normally accessible services. Cybersecurity issues arise because of three factors taken together - the presence of malevolent actors in cyberspace, societal reliance on IT for many important functions, and the presence of vulnerabilities in IT systems. What steps can policy makers take to protect our government, businesses, and the public from those would take advantage of system vulnerabilities? At the Nexus of Cybersecurity and Public Policy offers a wealth of information on practical measures, technical and nontechnical challenges, and potential policy responses. According to this report, cybersecurity is a never-ending battle; threats will evolve as adversaries adopt new tools and techniques to compromise security. Cybersecurity is therefore an ongoing process that needs to evolve as new threats are identified. At the Nexus of Cybersecurity and Public Policy is a call for action to make cybersecurity a public safety priority. For a number of years, the cybersecurity issue has received increasing public attention; however, most policy focus has been on the short-term costs of improving systems. In its explanation of the fundamentals of cybersecurity and the discussion of potential policy responses, this book will be a resource for policy makers, cybersecurity and IT professionals, and anyone who wants to understand threats to cyberspace.
This book offers a comprehensive overview of the international law applicable to cyber operations. It is grounded in international law, but is also of interest for non-legal researchers, notably in political science and computer science. Outside academia, it will appeal to legal advisors, policymakers, and military organisations.
The National Strategy for Critical Infrastructure and supporting Action Plan establish a collaborative federal, provincial, territorial and critical infrastructure sector approach that will be used to strengthen critical infrastructure resiliency. To keep pace with the rapidly evolving risk environment, a key element of the national approach is an Action Plan that builds on the central themes of the National Strategy : sustainable partnerships with federal, provincial and territorial governments and critical infrastructure sectors; improved information sharing and protection; and a commitment to all-hazards risk management. ... This Plan sets out action items in the areas of partnerships, risk management and information sharing. Given the range, complexity and linked nature of these action items, a critical path is also detailed.
WINNER OF THE FT & McKINSEY BUSINESS BOOK OF THE YEAR AWARD 2021 The instant New York Times bestseller A Financial Times and The Times Book of the Year 'A terrifying exposé' The Times 'Part John le Carré . . . Spellbinding' New Yorker We plug in anything we can to the internet. We can control our entire lives, economy and grid via a remote web control. But over the past decade, as this transformation took place, we never paused to think that we were also creating the world's largest attack surface. And that the same nation that maintains the greatest cyber advantage on earth could also be among its most vulnerable. Filled with spies, hackers, arms dealers and a few unsung heroes, This Is How They Tell Me the World Ends is an astonishing and gripping feat of journalism. Drawing on years of reporting and hundreds of interviews, Nicole Perlroth lifts the curtain on a market in shadow, revealing the urgent threat faced by us all if we cannot bring the global cyber arms race to heel.
Using the factor analysis of information risk (FAIR) methodology developed over ten years and adopted by corporations worldwide, Measuring and Managing Information Risk provides a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity. Intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and fresh perspective on how to do a basic quantitative risk analysis. Covering such key areas as risk theory, risk calculation, scenario modeling, and communicating risk within the organization, Measuring and Managing Information Risk helps managers make better business decisions by understanding their organizational risk. - Uses factor analysis of information risk (FAIR) as a methodology for measuring and managing risk in any organization. - Carefully balances theory with practical applicability and relevant stories of successful implementation. - Includes examples from a wide variety of businesses and situations presented in an accessible writing style.