IT News Archives | Site Search | Advertise on IT Direction | Contact | Home

IT security must work with government and law enforcement

Jun. 5, 2007

Add to del.icio.us     Digg this

RCMP corporal Timothy Cooke said at the CIPS conference last week "in the past few years, we've discovered that critical IT infrastructure is pretty vulnerable, especially considering our reliance on it."

Overall, the information technology sector has a role to play alongside government and law enforcement agencies to protect the country's critical infrastructure against cyber threats, added Cooke.

This critical infrastructure is identified as telecommunications, transportation, financial services and public health. The corporal's keynote to an audience of IT professionals in Halifax was more of an awareness campaign around how and why the IT sector should contribute to preventing and combating cyber threats.

He also spotlighted the London, Ont.-based ITCU (Integrated Technological Crime Unit) that investigates computer-related crimes, not unlike the TV show CSI "except it takes longer than 45 minutes to solve the crime."

Cooke said while government needs to modernize and update IT security and privacy legislation, the IT sector needs to be more forthcoming with information they have on any security activity or problems concerning their business.

Generally speaking, businesses generally don't like to spotlight security issues for fear of appearing vulnerable or incapable of providing secure services to customers, according to Cooke.

"Greatly improved collaboration between the IT sector and law enforcement will facilitate RCMP investigations into computer-related crime," said Chris Kendrick, senior systems analyst with Halifax-based X-Vave, a security consultant firm.

Kendrick added "if you're looking to detect a crime in a standard investigation, you have to know what the trends are to predict where it's going."

Like Cooke, he agrees that a roadblock to collaboration is that companies don't want to hurt their corporate brand by publicly reporting any security issues. However, members of the IT industry have an ethical responsibility to assist, he added.

"IT should definitely be that important force in ensuring infrastructure security on a preventative basis and in the event of crisis. However, there first needs to be a legal foundation to ensure people's rights are protected in the process," said Daryle Niedermayer, IT instructor at Newfoundland-based College of The North Atlantic.

Cooke said there is one Halifax-based organization which divulges security log reports daily to the ITCU, in an effort to help law enforcement understand and anticipate cyber threats.

Cooke said "even though it hasn't specifically been a criminal offense where information has been stolen or mischief or damage has been caused, that kind of information is very important for us to be able to track what is happening out there."

He spoke of a national strategy developed by the government that will assess security risk and create business continuity plans within four sectors: energy and utilities, communications and IT, health and transportation. He said "given these particular sectors are technology-based, they require added security attention."

Without divulging too much, Cooke said part of the strategy will also be to maintain up-to-date security systems, and bolster the employee hiring process by introducing additional screening steps.

"We're hoping that strategy will influence others in the private sector to realize one of the vital areas of your workplace is your employees," said Cooke.

Overall, he hopes spotlighting critical infrastructure security risks will be an "eye opener" for the IT sector, and reinforce in members of the industry that everyone is responsible for the safety and security of data.

According to Niedermayer, the Canadian government has taken the right approach to first focus on those sectors that have the most at stake, and in some cases, on issues more easily identified and addressed.

Kendrick said "the focus on securing critical infrastructure across four sectors is bang on. Since these areas are generally interrelated, benefit will eventually be reaped by all."

Add to del.icio.us     Digg this

Source: IT World Canada