The Canadian Advanced Technology Alliance is aiming to encourage the sharing of cybersecurity best practices through the creation of an online resource centre.
The Cyber Security Resource Centre, announced Monday, will be different
in approach than other measures that merely educate users on safe downloading practices, said CATA president John Reid.
“”It’s much more sophisticated than just the anecdotal difficulties that companies have,”” he said. “”This is not ‘how to protect yourself against a virus,’ it actually gets into the engineering of making your systems secure. . . . It’s basically a source of best practices. If something is working at TD Bank it may well work at another organization that’s encountering that same breach in its security.””
CATA hopes its member companies will contribute to the project and share information to their mutual benefit. A key partner in the initiative is an Ottawa firm called Electronic Warfare Associates-Canada Ltd., which specializes in benchmarking security tools based on ISO and international cryptographic standards.
“”The cybersecurity question is something that we’ve been tracking for a number of years now, but what’s been missing is a good appreciation for what’s been going on in Canada,”” said EWA-Canada president Jim Robbins. “”If you listen to some of the words that come from south of the border, there’s always the question: Is Canada the soft spot?””
EWA-Canada was also the first Canadian representative of the international organization Forum of Incident Response and Security Teams (FIRST) and established an emergency response group called CanCERT in 1998. Robbins hoped to get federal funding to support the initiative, but when that didn’t materialize a partnership with CATA was an ideal opportunity. The result is a group now called the CATA CanCERT Alliance.
“”(CanCERT) basically allows us to better track and understand vulnerabilities to IT infrastructure,”” said Reid. “”We forged a relationship with them (EWA-Canada) in order to strengthen the whole reporting infrastructure in Canada.””
CATA will eventually offer an alert service — a desktop icon that will flash whenever important security information is released. Time to implementation is one of the largest problems facing IT managers who are trying to lock down their networks against a security breach, said Reid. An early warning system could help prevent viruses like MyDoom from spreading.
“”So much of this is timing, because once you’ve got (a virus), it’s too late. It’s a matter of shortening the cycle or the time it takes for companies to take proactive steps.””
The cybersecurity centre will post relevant reports and research links as well as best practices from CATA members. The information will be openly available to non-members as well.
“”If we all boost our corporate citizenship, we can basically make it a much more productive and safe place,”” said Reid. “”The only way to do that is that organizations actually embrace more transparency in reporting.””
CATA will be announcing other initiatives in the coming months as part of its Canadian Homeland Security Task Force — a broader project designed to capture the organization’s approach to business security.