Slashdot Mirror

← Back to Stories (view on slashdot.org)

Government of Canada's Plan To Improve Cybersecurity? Be Less Attractive (eweek.com)

Posted by msmash on from the find-someone-better dept.

darthcamaro writes: Though Justin Trudeau is the envy of many world leaders for his likeability, the head of of the Canadian Centre for Cyber Security at the Canadian Security Establishment (CSE), which helps to protect federal government networks says that his agency is trying to make Canada less attractive -- to hackers.

Speaking at the SecTor conference in Toronto Scott Jones said:
"By doing the basics, you're making the adversaries that come after you deploy more advanced tools and techniques, and you just might not be worth the expense," Jones said. "My ultimate goal is to make Canada unattractive to cyber-criminals and data hackers, because our community is vigilant and engaged so much so that threat actors aren't enticed to even attack us."

36 of 112 comments (clear)

  1. Um, it won't work by WillAffleckUW · · Score: 1

    Trust me, I've been turning in Russian bot nets for years, and they are actually more prevalent on Canadian social media than on American social media.

    Best practice is convert to renewables faster, and crush them by destroying their export markets.

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:Um, it won't work by alvinrod · · Score: 4, Insightful

      That would probably have the opposite effect. No one in Russia would be part of troll farm companies that are designed to influence opinions if they had better alternatives for earning an income. Part of the reason that's an issue is because even though Russia cast off the Soviet-era central planning, the oligarchy that replaced it has no interest in embracing free market ideals when it might challenge their control, but another issue is that the rest of the world has sanctioned Russia to the extent that it makes it difficult for legitimate commerce to occur. Naturally, this means an expanse in shady (or outright illegal) enterprise.

      If you think that trying to punish them economically will crush them, remember that Russians managed the longest run of any Communist country and the self-inflicted economic misery it brings. They're too proud to capitulate to western demands and they've been through worse economically and within recent memory for many of their citizens. Open up markets to them and create better economic opportunity and many of them are likely to act on that. It won't eliminate the troll farms, but it will make them more expensive, or subject them to outsourcing.

    2. Re:Um, it won't work by WillAffleckUW · · Score: 1

      Interesting arguments.

      I don't know, I did my time under Reagan, and we were all about the economic crushing of Russia. It worked pretty darned well, too. We still have them running around in circles thinking we have death rays in the sky, the suckers.

      --
      -- Tigger warning: This post may contain tiggers! --
    3. Re: Um, it won't work by dunkelfalke · · Score: 1, Informative

      Nationalist uprisings have killed the USSR, not Reagan. He just took the credit.

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
    4. Re: Um, it won't work by postbigbang · · Score: 2

      Until petro-exports started to make money, the USSR was trading potatoes. Reagan, for all of his crap, outspent the USSR and sucked up its resources in military spending.

      The uprisings were the result of not being able to feed people, crappy bureaucracy, and horrific infrastructure. There was no money, the common denominator towards the equivalent of a $2.50/hr wage. Great masses of people were just fed up with it.

      Party members were elevated to a pseudo-status of wealth. They weren't really rich, but they fared much better than the masses.

      This said, I think the Canadians are fooling themselves. Hackers like a challenge. They may be making a big mistake, thinking themselves clever and thumping their chests. It almost sounds like an invitation, to some of the people I know.

      --
      ---- Teach Peace. It's Cheaper Than War.
    5. Re:Um, it won't work by rtb61 · · Score: 1

      Kind of makes no sense as most attacks still come out of the US, so how will they help any one else. If they wanted security, they would establish treaties so as to source the attack to the actual perpetrator, rather than just another link on the route but one they can not see beyond.

      Reality is most attacks are now automated, unless there is a particular interest in a particular location. Banks have been pretty secure for decades, they spend the money, governments have not been secure, they go for the lowest tender and the lowest tender is more interested in profit than security.

      Governments can talk big on securing their network but they have to spend the money and create real network and computer security. How can Canada claim security, if they are not making the bits and piece of their network, have no control over them and do not actively audit components and suppliers. Speech in reality, waffle, waffle, blib blob, my political party is the greatest.

      If you are importing the hardware and or software, than you are by nature insecure and exposed to the source countries government espionage services which inherently are criminal. If you commit your security to the lowest for profit tender, than you are guaranteed to be insecure, even if you attempt to apply penalties, you just end up bankrupting single contract subsidiaries.

      So empty PR to justify the spend https://www.fifthdomain.com/in..., keep in mind the gap to US spending and they have problems with security.

      Now what would be fun, is for https://cse-cst.gc.ca/en/homep... to set up a page, detailing every single failure when they occur, every leak, every hole, to see how well they are really doing ;D.

      --
      Chaos - everything, everywhere, everywhen
    6. Re: Um, it won't work by ClickOnThis · · Score: 1

      Until petro-exports started to make money, the USSR was trading potatoes. Reagan, for all of his crap, outspent the USSR and sucked up its resources in military spending.

      The uprisings were the result of not being able to feed people, crappy bureaucracy, and horrific infrastructure. There was no money, the common denominator towards the equivalent of a $2.50/hr wage. Great masses of people were just fed up with it.

      This. The USSR fell because it was broke. Of course, so was the USA, but it had better credit standing.

      Reagan may not deserve the credit, but one must give a nod to him and Gorbachev for shaking hands and ending the Cold War. I think that helped.

      I think the Canadians are fooling themselves. Hackers like a challenge.

      White-hat hackers perhaps. But black-hat hackers (aka crackers) are thieves, and generally thieves are lazy.

      --
      If it weren't for deadlines, nothing would be late.
    7. Re:Um, it won't work by Tom · · Score: 1

      If you think that trying to punish them economically will crush them, remember that Russians managed the longest run of any Communist country and the self-inflicted economic misery it brings. They're too proud to capitulate to western demands and they've been through worse economically and within recent memory for many of their citizens. Open up markets to them and create better economic opportunity and many of them are likely to act on that. It won't eliminate the troll farms, but it will make them more expensive, or subject them to outsourcing.

      Also remember that the West does not utterly dominate world trade anymore.

      When European products disappeared from the shelves in Russia, there were empty shelves for a few weeks. Then they filled back up with asian products. A new trade deal was made with China. The rubel which had fallen to almost 1:100 to the Euro recovered back to 1:60 (the best course I remember is 1:45, so 1:60 is almost pre-sanction levels).

      The sanctions harm Europe more than Russia. A lot of Greece farmers saw their exports disappear, a lot of German tech companies the same.

      --
      Assorted stuff I do sometimes: Lemuria.org
    8. Re: Um, it won't work by dunkelfalke · · Score: 1

      Until petro-exports started to make money, the USSR was trading potatoes.

      Nope. More like wheat, steel, lumber and tanks. It was not a very export oriented country, most of its production was for internal consumption only.

      Reagan, for all of his crap, outspent the USSR and sucked up its resources in military spending.

      Again, nope. What sucked up its resources in the late 1980s was Chernobyl, a devastating earthquake in Armenia and what amounted to two civil wars. One of them, in fact, still sort of goes on in the present day despite the ceasefire.

      The uprisings were the result of not being able to feed people, crappy bureaucracy, and horrific infrastructure.

      The uprisings were purely racist in nature, like Azeris telling the Armenians to GTFO out of their state. Before Gorbachev this kind of crap used to be violently suppressed. The crappy bureaucracy, and horrific infrastructure still exist in the most successor states of the USSR, matter of fact both is often far worse now than it used to be, yet people manage. And as for the inability to feed people, for fuck's sake, we are talking about the 1980s here, not 1950s. Where do you get your history lessons from? Comand & Conquer Red Alert?

      Party members were elevated to a pseudo-status of wealth. They weren't really rich, but they fared much better than the masses.

      No shit Sherlock. Now name me one single country on earth where higher ranked members of the ruling party don't fare better than the average citizen. If you had said that without party membership certain career advancements weren't possible, your argument would have more standing, but it is also quite common elsewhere - often, career advancements are more about the people one knows and less about one's skills.

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
  2. I have the best Security of all by Oswald+McWeany · · Score: 3, Funny

    If being unattractive is the key to better cybersecurity no one has better cyber security than me.

    --
    "That's the way to do it" - Punch
    1. Re:I have the best Security of all by im_thatoneguy · · Score: 1

      "You don't have to outrun the bear, just the other guy."

  3. Better title: by Sebby · · Score: 2

    "Government of Canada's Plan To Improve Cybersecurity? Be More Proactive"

    There, FTFY

    --

    AC comments get piped to /dev/null
  4. Re:Here's another idea: by fluffernutter · · Score: 2, Informative

    MJ is legal nation-wide in 15 days.

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  5. One man's poison... by zarmanto · · Score: 1

    I'll ignore the feasibility discussion for the moment, as I have another commentary in mind:

    The idiom I'm referencing in the Subject is actually, "One man's meat is another man's poison," but I would like to suggest that perhaps sometimes it goes the other way around. If the government of Canada were to actually succeed in making their online infrastructure more difficult to attack, then there are people of a certain type of personality who will take that as a personal challenge, and as such, they will put that much more effort into cracking those defenses. (By way of example, I refer you to Apple's similar longstanding claims that Mac OS is less vulnerable to hacks than Windows.)

    In fact, what Trudeau has accomplished herein is to invoke the Streisand Effect, by crowing about his plans to harden their infrastructure; though it might seem somewhat incongruent on the surface, he has now cast out what amounts to an open invitation to those who might be inclined to accept that challenge, to perform the very attacks which he claims that he is seeking to discourage.

    To wit: I think maybe he just made a strategic oopsie.

    1. Re:One man's poison... by Dixie_Flatline · · Score: 1

      But they're not really talking about doing anything special or interesting. They're talking about doing the boring stuff, that everyone should do. At least as it's talked about in the summary and article, they're doing the security equivalent of brushing their teeth—it's not very flashy, but it prevents a lot of problems before they start. It's just a necessary, boring step to protect the network. Take sites off the internet that don't need to be on the internet is a boring-ass solution to a problem, but it certainly makes it harder to infiltrate. Don't let the network be scanned by anyone that just wanders by. Boring solution, but it makes reconnaissance harder.

      So I don't think they've really made any errors here. They're not making claims that Canada's infrastructure is impregnable, they're just saying they're trying to run a disciplined operation where unsecured, accessible servers aren't commonplace sitting ducks.

    2. Re:One man's poison... by zarmanto · · Score: 1

      Sadly, you're probably right. I say sadly, because what you describe should be the norm. It obviously isn't... but it should be.

  6. Re:Envy by WillAffleckUW · · Score: 2

    Was there a poll or something?

    Yeah, it was an election where we sent Harper off to live with the Saudis.

    --
    -- Tigger warning: This post may contain tiggers! --
  7. Less attractive? by Bert64 · · Score: 1

    because our community is vigilant and engaged so much so that threat actors aren't enticed to even attack us."

    Real hackers will see a vigilant and engaged target as more of a challenge...

    Criminals won't care so long as there's still some kind of payoff. If you want to be less attractive to criminals, turn canada into a poor third world country. Criminals won't bother to attack someone who hasn't got any money, bandwidth or processing power.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  8. Re:Envy? Misplaced priorities.... by WillAffleckUW · · Score: 4, Insightful

    While "world leaders" are focused on Trudeau's hair and nice sounding platitudes of diversity and at the same time apoplectic at whatever Trump's latest tweet is, he's running circles around us in advancing their interests. I'd trade Trudeau for Trump any day of the week, perhaps it's because I don't case so much for his personal views or the daily rage of mainstream media misinterpreting his comments.

    Um, dude, Trudeau tricked Trump into signing a NAFTA plus TPP deal with some TPIP thrown in.

    It's called "winning". Yes, I know, Orange Jesus has you believing Losing Badly is "winning", but in Canada, winning is "winning".

    --
    -- Tigger warning: This post may contain tiggers! --
  9. Re:Here's another idea: by Narcocide · · Score: 1

    I'm going to hold you to that promise.

  10. Empty words by commodore64_love · · Score: 2

    "be more vigilant" doesn't actually mean anything. What will you actually DO Mister Trudeau? - (insert sounds of giant Horse Flies biting your legs)

    --
    "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
  11. Re:Here's another idea: by b0s0z0ku · · Score: 4, Insightful

    He's talking about Canada, which is run by rationals, not the US, where irrational, anti-pleasure, religious drug warriors still hold power.

  12. Re: Envy by WillAffleckUW · · Score: 3, Funny

    ..... and replaced him with a fruitcake.

    No, that was America.

    --
    -- Tigger warning: This post may contain tiggers! --
  13. Re:Envy by WillAffleckUW · · Score: 1

    Who's "we?" You didn't vote in the Canadian election.

    How do you know? I am a dual citizen. And a graduate of both a Canadian high school and a Canadian university, as well as a former Canadian Army Sergeant.

    --
    -- Tigger warning: This post may contain tiggers! --
  14. I've been doing this for years by rsilvergun · · Score: 1

    I put naked pictures of myself in folders labeled "Bank Details". It's easy to track down the hackers because of the screams, white hair and babbling about "Shub Niggurath".

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  15. Re:Here's another idea: by b0s0z0ku · · Score: 2

    1. At least Canada has public healthcare for those without "fuck you money." Outcomes are better, life expectancies are longer than in the US. Who cares if you need to wait 6 months for cosmetic/orthopedic stuff if important surgery and procedures are nearly free?

    2. Free speech? I'm not planning to deny the Holocaust, so why do reasonable restrictions on promoting Fascism and ethnic hatred matter to me?

    3. Taxes - at least they pay for healthcare and infrastructure, not US military scumbaggery.

    4. Groceries are cheaper in major Canadian cities (Montreal) than in major US cities (NYC, DC, LA). US ag-commodity (wheat, corn, etc) markets are also regulated and propped up to appease the flyoverian farmer lobby.

    5. I see many more small business thriving in Quebec than in US states. Regulations are outweighed by cheaper rents and fewer levels of bureaucracy micromanaging things.

  16. Re: Here's another idea: by Anonymous Coward · · Score: 1

    That! I was totally against poutine as itâ(TM)s usually done with disgusting powdered âgravyâ(TM), bad fries and what they call âoecheeseâ curds.

    Go to a proper smokehouse or someone that actually cooks their own proper meals. Use real gravy made from real meat throw in proper fries and actual cheese curds and itâ(TM)s actually pretty effing delicious.

  17. How to secure your nation by AHuxley · · Score: 1

    1. Stop allowing 2009 consumer operating systems to store unencrypted data.
    2. Ensure any AV software approved is still working and gets needed updates in 2019.
    3. Use tested and trusted encryption on networks so any data accessed is useless.
    4. Hire staff on merit so they have the computer skills to look after the networks they are responsible for.

    --
    Domestic spying is now "Benign Information Gathering"
  18. Security through obscurity... by ewhenn · · Score: 1

    Security through obscurity... never a good plan.

  19. Re: Here's another idea: by Mark+of+the+North · · Score: 1

    We would then be executing a great many people that became addicted to opiates due to an injury and following the advice of their doctor. My buddy is a psychologist and 9 out of 10 of his clinic's clients are addicts, three-quarters of whom became addicted under the care of a doctor for treatment of an injury or chronic pain.

    I'm a Canadian that has never used recreational drugs (excepting alcohol) and has no plans to change. I'm pretty enthused about the upcoming change in legality for marijuana. It's not like it will make it any easier to obtain the stuff as it is already pervasive. Even in the small town where I live, one can have pretty much any recreational drug, and definitely marijuana, delivered to one's door quicker, and less expensively, than a couple of pizza.

    If legalization goes well for Canada, and I expect it will, the rest of the world will follow.

  20. Slashdot proves otherwise by raymorris · · Score: 1

    > No one in Russia would be part of troll farm companies that are designed to influence opinions they had better alternatives for earning an income.

    I note that Americans have better alternatives for earning and income, yet they are part of troll farms designed to influence opinions. See the trolling posted with every Slashdot story. :D

    On a more serious note, you're right they HAVE been through really tough economic times hastened by the United States, in relatively recent memory. It that economic isolation caused the country to fail, the Soviet Union to dissolve. One would hope that some Russian leaders would learn from that and not seek to repeat it.

    1. Re:Slashdot proves otherwise by rtb61 · · Score: 1

      The reason of course why influence trolls are so recognisable on slashdot is of course low IQ compared to the slashdot norm. So troll farms will exist where ever there are lazy low IQ trolls to employ on minimum wage. As for hacking out of Russia, it is the logical move in the west to rent a server in Russia to attack any western target because of the idiocy at the top, no treaty and as long as you are not hacking Russian companies, Russian security services wont give much of a fuck, so it makes sense to route attacks through Russia, as it is a dead end for western security organisations. Which is exactly why cybersecurity treaties are required but US politicians are playing blame the Russians for everything game, making logical sound decisions impossible.

      --
      Chaos - everything, everywhere, everywhen
  21. If you can get past the poorly worded headline... by MiniMike · · Score: 1

    Doing "the basics" should be among the first steps taken in any security plan. This will probably put their systems out of each of most casual hackers. Won't be sufficient for any directed attacks, hopefully they continue to do more than "basics". Proper security requires continuous action, not just one pass.

  22. The Trudeau Government by themusicgod1 · · Score: 1

    ...can start by not making e2e/crypto illegal.

    --
    GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
  23. Re:Envy? Misplaced priorities.... by fatwilbur · · Score: 1

    Tricked? Do you even know what you're talking about? Any trade agreement, but *especially* one with IP provisions (which the TPP and the new USMCA is heavy in) will massively favor the US. This isn't even slightly a surprise - while most manufacturing has moved from the US, they still own a majority of IP. It almost seems to be the sole driver and main focus of any trade deal they do nowadays. Tricked by Trudeau, LOL! Here's some more reading from Michael Geist in support: Canada capitulates on copyright in new USMCA deal. Just one of the many areas Canada was forced to give up ground in, and those far outnumber any slight areas Canada gained ground in.

  24. Re: Envy by cold+fjord · · Score: 1

    ..... and replaced him with a fruitcake.

    No, that was America.

    The selection of PM Zoolander is all on Canada. He's your "sweetmeat," and you're stuck with him, no regifting allowed.

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell