According to Ronald Reagan, the nine most terrifying words in the English language are: “I’m from the government and I’m here to help.”
Thanks to Edward Snowden, those concerned with security and privacy would probably agree. I’m here to tell you that there is a different side to this story and it’s one that is worth writing about.
Last week, I had the privilege of being invited to a workshop hosted by the Canadian Cyber Incident Response Centre (CCIRC).
The stated mandate of CCIRC is as follows:
In support of Public Safety Canada's mission to build a safe and resilient Canada, CCIRC contributes to the security and resilience of the vital cyber systems that underpin Canada's national security, public safety and economic prosperity.
As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber events. It does this by providing authoritative advice and support, and coordinating information sharing and event response.
Much like many such organizations around the world, CCIRC wants to ensure that Canadian citizens enjoy a free*, secure and safe online experience.
The workshop included individuals from both the public and private sectors and from diverse countries.
The goal of the week was to seek a better understanding of the types and magnitude of online threats faced by Canadians, what tools we might use to combat cyber threats and how the public and private sectors can better co-operate to achieve a safer cyber Canada.
We separated into teams that were tasked with looking at the problems we face in cyberspace from different perspectives. As a security vendor, my team was asked to supplement the available information with data from SophosLabs. If we could somehow enrich the data being gathered by CCIRC to provide additional context and attribution then CCIRC would be in a better position to act on the data.
One such example would be to help CCIRC identify known malicious actors within Canadian cyberspace. Once identified, CCIRC can work with its partners in law enforcement to pursue appropriate action if necessary.
This is how we can clean up cyberspace. We need to work together to identify cybercriminals and provide solid evidence so the justice system can fairly prosecute the offenders.
It starts with cleaning up your own back yard. Sure it’s always nice to look after your own people but by cleaning up Canadian cyberspace we can also make it safer for people around the world to confidently access Canadian systems.
All of this isn’t as easy as one might think. There are a lot of moving parts. It takes a great amount of coordination and care to make it all work smoothly.
This is where all the really talented individuals I met come into the picture. These are people that are passionate about cybersecurity and care deeply about providing a better online experience for all.
So what was accomplished? Existing tools were updated and new tools created. Processes were streamlined and new alliances formed. Cyberdefence got a little stronger in our part of the world and while it’s too early to tell, maybe a few bad guys will get a dose of justice.
Despite the negative press government agencies involved with all things cyber have been getting lately (some richly deserved), this event was anything but negative. The CCIRC and its equivalents around the world are what we imagine governments can and should be.
I, for one, am glad they’re here to help.
*Democratically speaking. You still have to pay your ISP, even in Canada.