Ottawa needs to improve cyber security -- Auditor General

[InfoSec News <alerts () infosecnews org>]

http://www.theglobeandmail.com/commentary/editorials/article4632711.ece

By The Globe and Mail
Oct. 23 2012

Even bankers no longer observe bankers’ hours. So it is disconcerting to 
learn from Canada’s Auditor General that employees at a centre in Ottawa 
responsible for monitoring cyber risks and alerting the government and 
private sector to threats to critical infrastructure adhere to an 8 a.m. 
to 4 p.m. weekdays-only routine. Were it only the case that cyber 
criminals, spies and hackers kept such a predictable schedule.

The Canadian Cyber Incident Response Centre (CCIRC) is so low profile 
that many businesses are unaware of its very existence. In fact, 
apparently some federal government departments are too. When hackers 
traced to China succeeded in penetrating Treasury Board and Finance 
Canada’s systems in January, 2011, the centre was not even notified by 
the affected departments until more than a week later, according to the 
report released Tuesday.

Despite a decade of plans and promises to do better, the report found 
that only “limited progress” has been made in improving security of 
crucial networks. Ottawa announced last week it would add $155-million 
over five years to strengthen the centre’s capacity – and this is 
welcome news. Last year, it made the Communications Security 
Establishment Canada officially responsible for reducing cyber threats 
against the government. Clearly more vigorous safeguards are needed, not 
least of them an evening shift at the CCIRC, but also better 
coordination among government agencies, and a higher level of rigour and 
surveillance around information technology security.

[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org