You are currently viewing New boss of CSE’s cybersecurity center says his job has been a ‘stunning’ experience responding to several major cyber incidents

New boss of CSE’s cybersecurity center says his job has been a ‘stunning’ experience responding to several major cyber incidents

The new head of Canada’s cybersecurity center says his first few months on the job have been a ‘dizzying’ experience responding to one major incident after another, including a hostile state cyberattack on a federal government department in course of the last few months.

“The last eight months have been a somewhat dizzying experience of a number of cyber incidents and the management of all of those cyber incidents,” said Sami Khoury, who was appointed to head the Canadian Center for Cyber ​​Security at the Center for Telecommunications Security (CST) last August. audience at the Cyber ​​UK conference on Wednesday.

“On the first day of labor, the federal election is called,” he began to enumerate, noting that the government was suddenly tasked with defending the entire country at a particularly interesting time for foreign states seeking to interfere. in Canadian affairs.

Then, just after the election, Newfoundland suffered a major cyberattack that crippled the province’s health care system for weeks and resulted in the theft of 200,000 records. This required CSE to deploy a team to help the province essentially rebuild its IT systems, Khoury told conference attendees.

Soon after, the CSE rushed to help cyber defenders fix a major vulnerability, known as Log4j, in an almost ubiquitous software library that hackers quickly tried to abuse. At the time, it was considered one of the most critical vulnerabilities of the past decade.

At the same time, Khoury said CSE was trying to deal with “a number” of ransomware incidents, which he often called one of the biggest cyber threats facing Canada today.

In 2021, 304 ransomware attacks were reported to CSE, a 151% increase from the previous year, but still likely down in the bucket from the actual number as the problem remains “well, well under -declared,” he said.

Khoury said that at the start of 2022, “we thought we were celebrating a quiet new year,” he told conference attendees.

But that hope was dashed by a previously undisclosed “nation-state incident against one of our federal departments.” He did not specify which hostile state was behind the attack, or which department he was targeting.

The only known incident at this time is a significant cyberattack against Global Affairs Canada (GAC) which was first detected on January 19. The incident forced the ministry to shut down a host of internal programs for days and sometimes weeks to prevent further damage. .

In an interview after his panel (but before it was made public online), Khoury declined to say who was behind the GAC attack, but noted it was a “sophisticated incident”. .

He also confirmed that no private or sensitive government information was compromised or stolen during the GAC incident.

“We haven’t publicly released anything that points to who is behind this,” he told the National Post.

Then Russia launched its invasion of Ukraine, raising significant concerns about increased attacks from that country which is repeatedly listed as a key hostile cyber threat to Canada. Khoury also referred to “another incident that we had to deal with”, but did not provide further details.

The last eight months taught me that it’s gonna be busy years

But despite fears of an impending cyberwar with Russia since its invasion of Ukraine, the head of Canada’s Cyber ​​Center says Canadian organizations have been targeted by Russian cybercriminals…yet he said clarified in the interview.

“We haven’t seen anything in Canada that allows us to find a fingerprint that ‘it’s Russia looking to Canada’ at this point,” he said, noting that most cyberattacks across the country focused on Ukrainian targets.

But “we want Canadian businesses to be ready when it happens,” he added, because the problem is serious and the threat is real. “Russia is throwing everything and the kitchen sink into the Ukrainian conflict.”

But just because Canada isn’t directly targeted by Russia yet doesn’t mean CSE isn’t watching what it’s doing to Ukraine and using that as a warning of what might happen here.

“At the beginning of the Russian campaign, we saw that we saw them go after Ukrainian banks. We have therefore issued an advisory on the attempt to protect your web servers,” Khoury detailed.

“Then we saw them flood the airwaves with misinformation and misinformation. And we put out another bulletin with that information,” he continued.

“Then we saw them deploying very nasty and destructive malware in Ukraine,” he said. “It’s a bit of a game of cat and mouse… Every time we observed something in Ukraine, we turned around and updated the Canadian guidelines or made them a little more personalized.

Khoury says the past few months have been so intense for cyber advocates across the country that he now fears they are slowly burning out.

“I’m concerned about the energy level…and our pace. There are humans handling these cyber incidents and it’s important to make sure our teams have some time to breathe, to catch their breath,” he said.

“The last eight months have taught me that these are going to be busy years. We are not unemployed. It will keep us busy,” he added.

Copyright Postmedia Network Inc., 2022

Leave a Reply