Public and private sector organizations have banded together to build a knowledge base through research and commercialization of solutions to help government combat online security issues threatening Canada’s cyber infrastructure.
for Information Security Innovation in Canada (FISIC) will officially launch Thursday at the Mathematics of Information Technology and Complex Systems’ (MITACS) annual conference. Prior to the forum, MITACS, one of five founding partners, has been working with agencies and corporate partners to identify ways to tackle security issues, said MITACS scientific director Arzind Gupta.
“(The terrorist attacks of) 9/11 woke a lot of people to the fact that we have a lot of vulnerabilities in our society,” said Gupta. “One can imagine that any rogue action that takes down our telecommunication system would leave us quite vulnerable if we couldn’t communicate with each other.”
Using Canada’s national security policy as a benchmark, FISIC will pool academic and industry resources to identify the top 10 security pain points for Canadian businesses and citizens, said Ronald Ross, strategist, security innovations, Bell Security Solutions Inc. (BSSI), which launched in February. Bell Canada, also a founding partner, created BSSI to provide network and information security for communications networks to Canadian businesses and government. The telecommunications giant is providing use of Bell University Labs (BUL) to researchers as well as a portion of $4 million that goes into BUL annually, said Ross.
“We wanted to identify the top ten issues affecting Canadian businesses and citizens,” said Ross, adding issues include online abuse such as phishing, compliance and identity theft. “We’re going to use a standard that has been written, endorsed by government and seems to be getting some traction within industry and academia right now as a standard to work toward.”
Ross, however, added that when writing the policy the government didn’t have ample opportunity to get input from other sectors. BSSI sees the establishment of FISIC as “an opportunity to take (Canada’s national security policy), provide further vetting of the document and ultimately get buy-in from academia and industry that this is a document that we do indeed want to use,” said Ross.
While Canada has the legislative framework in place, Canadian Advanced Technology Alliance (CATA) president John Reid says more needs to be done in the way of commercializing solutions.
“It’s very important we show to our trading partners that we’re engaged in the advanced security industry,” said Reid. “(FISIC) is a nice linkage because we’re reaching out to a network of intellectuals and academics that can advance the frontier in areas where we need to think of innovative ways to fix problems.”
According to a CATA market study from several years ago, the advanced technology sector was estimated at close to $2 billion in revenue with a total of 700 organizations involved, said Reid, adding that number could grow by another 300 companies with the creation of this forum.
Likewise, Ross is also pleased to see that good ideas stemming from academia now have the potential to become commercially available. “There are so many good things that are being incubated inside academia but lack the ability to get to the commercial market,” said Ross. “Let’s provide a vehicle to get them out to market.”
Phishing will be focus of the forum’s first research project in which graduate students at Carleton University — another founding partner — will work with BUL, BSSI and MITACS to examine security challenges faced by Bell Canada customers and other Internet security providers. Bell and MITACS understand the importance of security problems, said Carleton computer science professor Evangelos Kranakis, also MITACS Communication, Networks, Security (CNS) team member.
“Every time I open the newspaper there is an article on security,” said Kranakis. “There is a need for a forum that will promote research and bring together factors that play a significant role in this area.”
Effective immediately, supervisors will give security students problems to research, find solutions and write software for as part of the program, Kranakis added. Students’ findings will likely be published in academic journals with permission of businesses studied.
MITACS, a Centre of Excellence located at Simon Fraser University in Burnaby, B.C., will use mathematical theories to model the system in the event of an attack, said Gupta.
“You don’t really want to design attacks on your computer system,” said Gupta. “You want to model the system in some way and try the attacks on the model system so that you can look at the vulnerabilities.”
Similar to car design, which is done mathematically through measures like aerodynamics and crash test performances before anyone makes a physical model of a car, researchers will use mathematical theories to model a system, explained Gupta.
Using graph theory, for example, a researcher could make 100 points on a graph and put lines between those points to represent the same amount of servers connected on a network. If someone like a rogue agent came in and took over five of the servers, the researcher could use probability theory to determine the user’s ability to communicate and the amount of bandwidth remaining on the network.
FISIC is also planning an inaugural research and industry conference for February 2006.
Communications and Information Technology Ontario (CITO), one of five centres within the Ontario Centres of Excellence, is also a founding partner of the forum.