• The Heritage Network
    • Resize:
    • A
    • A
    • A
  • Donate
  • U.S. Can Learn from Canadian Cybersecurity Shortcomings

    In its recently released fall 2012 report, the Office of the Auditor General of Canada (AG) outlined several shortcomings in the country’s efforts to protect critical infrastructure from cyber threats.

    The report provides specific recommendations for information-sharing policies that the U.S .government should use as it tries to develop U.S. cybersecurity policies.

    The Canadian government has correctly emphasized the important role that information sharing plays in maintaining cybersecurity. Cybersecurity threats to important infrastructure—such as the electrical grid, the financial sector, and water reservoirs—are constantly changing. As a result, it is essential that those charged with protecting against cyber threats have up-to-date information about the latest risks. Even though Canada recognizes the value of such an approach, its execution has left something to be desired.

    For example, in 2005, Public Safety Canada established the Canadian Cyber Incident Response Centre (CCIRC). The CCIRC is essentially an information clearinghouse for the Canadian government and the private sector. According to the AG report, CCIRC’s effort in “monitoring the cyber threat environment has not been complete or timely.”

    Specifically, CCIRC does not operate around the clock. Also, many businesses and government departments did not notify CCIRC about new cyber threats. In some cases, private-sector actors were not even aware of CCIRC’s existence.

    The AG report also highlighted the incomplete development of partnerships between the government and private sector. Canada has established 10 working-sector networks so that the government and private sector can coordinate efforts to identity and protect against cyber threats. According to the report, six of these networks do not include representatives from the private sector.

    As the U.S.attempts to pass and implement its own cybersecurity policies, U.S. officials can learn from Canada’s experience. Any effective information-sharing system should have cooperation between the government and the private sector. All parties involved should understand the process by which information will be shared. Additionally, any information-sharing system should consistently facilitate the flow of information between the private and public sectors in a timely fashion.

    Most importantly, the U.S. can also greatly improve information sharing by removing legal barriers, offering liability protection to those who share information, and protecting shared information from Freedom of Information Act requests. Providing such protections would improve the quality and quantity of information sharing by lowering the potential costs to the private sector. Eliminating legal ambiguities in private-to-private sharing would also allow stakeholders to share in a trusted, bilateral way and coordinate efforts in identifying threats.

    These lessons learned from the Canadian AG report should be carefully considered by President Obama as he moves forward with a harmful cybersecurity executive order, and they should be at the forefront of any cybersecurity legislation that Congress takes up when it returns.

    Steven Ballew is currently a member of the Young Leaders Program at The Heritage Foundation. For more information on interning at Heritage, please visit: http://www.heritage.org/about/departments/ylp.cfm.

    Posted in Security [slideshow_deploy]

    One Response to U.S. Can Learn from Canadian Cybersecurity Shortcomings

    1. KJinAZ says:

      The world needs to figure out that the only way to protect a computer in NOT to hook it up to the internet. There is NO SUCH THING AS CYBER SECURITY. Every computer on the net is vulnerable no matter how much supposed security software they have.

    Comments are subject to approval and moderation. We remind everyone that The Heritage Foundation promotes a civil society where ideas and debate flourish. Please be respectful of each other and the subjects of any criticism. While we may not always agree on policy, we should all agree that being appropriately informed is everyone's intention visiting this site. Profanity, lewdness, personal attacks, and other forms of incivility will not be tolerated. Please keep your thoughts brief and avoid ALL CAPS. While we respect your first amendment rights, we are obligated to our readers to maintain these standards. Thanks for joining the conversation.

    Big Government Is NOT the Answer

    Your tax dollars are being spent on programs that we really don't need.

    I Agree I Disagree ×

    Get Heritage In Your Inbox — FREE!

    Heritage Foundation e-mails keep you updated on the ongoing policy battles in Washington and around the country.