IT security professionals in Canada often form groups to share information with members, but rarely outside the group. Now they’re coming together in a national network to broaden information sharing and best practices across industries. The Canadian Cybersecurity Alliance was quietly launched earlier this month with a goal of marshalling more resources to stand up to online attackers. So far 50 groups have agreed to participate in the alliance (see below for a partial list). The alliance is led by a 12-person national council co-ordinated by Gilles Racine, past president of the Ottawa chapter of the High Technology Crime Investigation Association. According to council member and communications lead Terry Cutler, vice-president of cyber at Sirco, a Montreal private investigation firm, the alliance was born out of a need for many of these groups to be more organized in cybersecurity. “We all complement each other, but nobody’s talking to each other,” he said in an interview. With the alliance “you’ll have some of the brightest minds across Canada collaborating together.” “We want to create interconnects between the groups so nobody remains siloed.” He said the alliance is akin to a roundtable.
Creation of the alliance comes as the industry is also working on building the Canadian Cyber Threat Exchange (CCTX), a commercial platform for the cross-industry sharing of threat information between organizations. The exchange isn’t expected to be running until later this year. But Cutler emphasized that the alliance — whose members are associations — is not trying to duplicate the work of the CCTX, but is trying to improve professionalization of the cyber domain here.
One problem, he said, is that organizations are often given the same recommendations for IT security: Develop a mature patching process; train users not to click on links; and invest in better anti-virus and intrusion prevention technologies.. “But those methods aren’t working any more … If you look at industry stats the number one way people are being advised of a breach is somebody else is telling them about it. So today’s technology is hardly working at all.”
“Even if we recommend these changes 90 per cent aren’t implemented correctly because a lot of times these companies don’t have the necessary staff to put this into play. A lot of time their staff is just overworked and underpaid IT administrators not specialized in IT security.”
The alliance will allow associations to better share threat knowledge, create and share best practices and contribute to the creation of improved rules for standards such as federal and provincial privacy regulations, Cutler said.
Initially members will communicate with each other through email, but eventually the alliance will create a secure communications portal.
Council members include Gary Perkins the CISO of British Columbia; Bobby Singh, CISO of the TMX Group; Eric Kedrosky, director of global cyber security & IT infrastructure at RigNet; Michel Lambert – CISA at Ministère de l’agriculture, des pêcheries et de l’alimentation (Québec); Najo Ifield, business development manager at Cimation; Karen Kabel, operational support and security technology solutions manager at Great-West Life Assurance Company; Alain Rocan, president of Rocan Cyber Risk Management and Jamie Rees, senior cyber security strategist at NB Power.
Alliance members include the Canadian branch of the High Technology Crime Investigation Association, the Canadian Centre for Cyber Risk Management, Gaming Security Professionals of Canada, the Canadian branch of the International Information System Security Certification Consortium (ISC2), the Association de la sécurité de l’information du Québec (ASIQ), the Ottawa Area Security Klatch (OASK), The Privacy and Access Council of Canada, the Canadian Association of Petroleum Producers, The Canadian Gas Association, the Canadian Advanced Technology Association (CATA), the Cloud Security Alliance (Canada), the Canadian Information Processing Society (CIPS) , National Cyber-Forensics and Training Alliance Canada and others.