Toronto (November 30, 2017): As Toronto’s own Cyber Security conference SecTor came to a close after a 3-day journey on November 13-15, 2017, where lots of important and relevant topics were discussed and very well attended by the security professionals from all walks of life.
Some of the key messages by various keynote speakers were about the Canadian federal cybersecurity strategy, need for regulation of the Internet of Things (IoT) and it’s cybersecurity concerns, understand the security basics and do really well in those areas, wireless vulnerabilities and intrusions, best practice approaches in security and building a cybersecurity trust with Blockchain.
A senior Canadian government official was highlighting the coming updated federal cyber security strategy without divulging many details, including whether law enforcement agencies will get more money and how government will encourage SME businesses to take information security more seriously. It has to be noted that majority of Canadian businesses fall into this category.
Flexibility to meet changing security threat landscape, evolving cyber threats and collaborating with the provinces and the private sector were constant themes in the keynote speech Colleen Merchant, Director General of National Cyber Security at Public Safety Canada.
“The fundamental goal of our plan for cyber security is to maximize the benefits of digital life for Canadian citizens and businesses, without compromising on the security and privacy concerns and how those would be protected” she said.
“The maturity curve thorough which today’s cyber security eco system has been going through, it’s slowly becoming evident that the growth and sustenance plan has to allow flexibility and endurance to factor all other parameters”.
The new approach – expected to be released in the next three months – will be guided by five principles and these principles will guide Canada’s response to an array of trends, challenges and opportunities in cyber security – she added.
–Protect the safety and security of Canadians online and Canada’s critical infrastructure;
–Promote and protect rights and freedoms online;
–Recognize and encourage the importance of cyber security for business, economic growth and prosperity;
–Adapt and respond to emerging technologies and changing conditions and the impact of cybersecurity on those areas;
–Collaborate and co-ordinate across jurisdictions and sectors to collectively increase Canada’s cyber security.
She finished her session by remarking that it was indeed a very exciting time in defining a new approach to cyber security for our country. The federal government would be committed to doing all they can to ensure a cyber secure future, and they would be continuing to proactively evolve collaborative work with various partners present in the ecosystem in doing so.
CTO IBM Resilient and Special Advisor to IBM Security
Some other notable messages from the keynote session by privacy specialist and author Bruce Schneier included whether Government safety regulation of the Internet of Things (IoT) was indeed coming. IoT devices which could be toasters, refrigerators, ovens coffee-makers and sensors in cars that prevent crashes and may even control driver-less cars of the future! He remarked that today’s generation is definitely creating a world which has computing power and comprises of computers, be it a space shuttle or a toaster which many of us daily use. Yet these increasingly interconnected devices can harm people if they are hacked – disabled sensors in cars that make the brakes useless and could lead into a crash or collision.
The other issue lies with the companies who make IoT devices which are not secure and can’t be patched. This could lead into several cybersecurity problems as many of these devices like webcams, cheap smart televisions with a video camera can be remotely controlled to invade privacy and could be enrolled into botnets.
In his opinion, there was no need of fearing government regulation of security in IoT devices. It should definitely be welcomed. The real problem in IoT segment is that the makers of many of these IoT devices don’t build a security at the design stage itself. To add to the woe, the buyers are least bit cared about the security of the IoT devices what they buy.
The traditional security approach fails in the IoT space as it is a new world and it is a combination of different technologies and computing powers are drastically different than in a traditional computing world. The processors, architecture, memory and all.
“I’m not convinced there’s an alternative,” to regulation. “To me, governments are going to get involved regardless because the risks are too great and the stakes are too high.”
Canada, the European Union, Japan and Korea – countries where governments play a big role – will likely be ahead of the U.S. on this, he said, admitting that when he raises the idea in his country he gets a negative reaction.
Report by:Sangameswaran Manikkayam Iyer Venkiteswaran (Cyber Guru)
