The Internet is growing rapidly, and interconnectivity is increasing. The number of Internet users should top 3 billion in 2015, and by 2018 will be in use by more than ½ of the world’s population [1]. In addition to allowing the world to communicate, the Internet drives economic growth: through e-commerce, about $8 trillion dollars change hands yearly, and the Net contributes significantly to global growth, surpassing the value of some traditional industries such as agriculture, mining and utilities [2]. In Canada, over 92% of the population uses the Internet [1], and the total value of e-commerce is over $136 billion [3].
At personal and corporate levels, we are also developing an “Internet of Things”, a network of devices that perform a variety of daily functions, as well as have the ability to inter-communicate. In 2008 the number of devices connected to the Internet exceeded the number of people on earth, and by 2020 the Internet is expected to consist of 50 billion “things” [4]. This relentless development includes communications with the Internet-exposed portion of our CI, and is called the “Smart Grid” [5]. The pervasive and evolving use of the Internet are not only putting new capabilities into the hands of business and society, but also providing hackers, terrorists and criminals with a vast new landscape to exploit and potentially damage our CI. The frequency of cyber security incidents is rising. According to a 2015 Price Waterhouse Cooper (PWC) world-wide survey, the total number of detected security incidents climbed to 42.8 million this year, an increase of 48% from 2013. PWC reports that the number of detected security incidents have increased 66% year over year since 2009, and that the annual costs of investigating and mitigating security incidents has almost doubled over 2013 [6]. No industry escapes cyber attack [7]. Our CI includes all processes, systems, facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being of Canadians [8], and some measures indicate that CI, especially the energy sector, receives a disproportionate share of attacks [9]. A cyber attack on CI could come from competitors, adversarial states, politically motivated terrorists/hacktivists, or disgruntled insiders. Attacks on CI may use techniques ranging from simple abuse of unprotected systems, to sophisticated exploits such as spear phishing emails (socially engineered tricks to fool users into downloading and or executing malware) as well as unpublished zero-day attacks on vulnerabilities in software [10]. Of particular concern are vulnerabilities in industrial control software (ICS) and supervisory control and data acquisition (SCADA) software, used to control critical equipment at power companies, manufacturing facilities, water treatment plants and …show more content…
Progress has been made on pillar one of the CCSS but it is clear that progress on cyber security of CI in Canada lags. Although Canada established a Canadian Cyber Incident Response Centre (CCIRC) with Public Safety, the Auditor General (AG) of Canada looked at the issue and reported in fall 2021 that the government has made limited progress in leading and coordinating activities with partners to secure Canada’s CI from cyber threats [17].
The recognition of the increasing cyber threat to CI and the lack of progress on pillar 2 of the CCSS have not gone unnoticed by media, independent policy groups and the general public, who are calling for the government to share expertise and information to assist CI to increase their cyber security [18, 19,
At personal and corporate levels, we are also developing an “Internet of Things”, a network of devices that perform a variety of daily functions, as well as have the ability to inter-communicate. In 2008 the number of devices connected to the Internet exceeded the number of people on earth, and by 2020 the Internet is expected to consist of 50 billion “things” [4]. This relentless development includes communications with the Internet-exposed portion of our CI, and is called the “Smart Grid” [5]. The pervasive and evolving use of the Internet are not only putting new capabilities into the hands of business and society, but also providing hackers, terrorists and criminals with a vast new landscape to exploit and potentially damage our CI. The frequency of cyber security incidents is rising. According to a 2015 Price Waterhouse Cooper (PWC) world-wide survey, the total number of detected security incidents climbed to 42.8 million this year, an increase of 48% from 2013. PWC reports that the number of detected security incidents have increased 66% year over year since 2009, and that the annual costs of investigating and mitigating security incidents has almost doubled over 2013 [6]. No industry escapes cyber attack [7]. Our CI includes all processes, systems, facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being of Canadians [8], and some measures indicate that CI, especially the energy sector, receives a disproportionate share of attacks [9]. A cyber attack on CI could come from competitors, adversarial states, politically motivated terrorists/hacktivists, or disgruntled insiders. Attacks on CI may use techniques ranging from simple abuse of unprotected systems, to sophisticated exploits such as spear phishing emails (socially engineered tricks to fool users into downloading and or executing malware) as well as unpublished zero-day attacks on vulnerabilities in software [10]. Of particular concern are vulnerabilities in industrial control software (ICS) and supervisory control and data acquisition (SCADA) software, used to control critical equipment at power companies, manufacturing facilities, water treatment plants and …show more content…
Progress has been made on pillar one of the CCSS but it is clear that progress on cyber security of CI in Canada lags. Although Canada established a Canadian Cyber Incident Response Centre (CCIRC) with Public Safety, the Auditor General (AG) of Canada looked at the issue and reported in fall 2021 that the government has made limited progress in leading and coordinating activities with partners to secure Canada’s CI from cyber threats [17].
The recognition of the increasing cyber threat to CI and the lack of progress on pillar 2 of the CCSS have not gone unnoticed by media, independent policy groups and the general public, who are calling for the government to share expertise and information to assist CI to increase their cyber security [18, 19,