Committee
Consult the user guide
For assistance, please contact us
Consult the user guide
For assistance, please contact us
Add search criteria
Results: 61 - 75 of 139
Byron Holland
View Byron Holland Profile
Byron Holland
2020-05-20 15:09
Thank you very much, Madam Chair and honourable members of the committee.
Most people know the Canadian Internet Registration Authority, or CIRA, as the operator of the .ca registry. Our primary mission is the operation of a safe, stable and secure .ca domain space.
CIRA is recognized as a global leader in the domain name industry. In fact, many other countries leverage our infrastructure, services and knowledge for their own domain name registries. Our technology is considered best in class among our peers. In short, CIRA is fully equipped to navigate the COVID-19 crisis. We are confident in our ability to protect the integrity of .ca.
To date, we have tracked just over 2,000 .ca domain names with COVID-19-related keywords. For context, since January we have registered over 200,000 .ca domain names. This is aligned with what we are seeing from our peers in Europe and around the world, where COVID-19-related domains make up less than 1% of registrations so far this year. However, it’s also important to note that many of these domains are perfectly legitimate, and even positive, such as conquercovid19.ca, a campaign to support first responders.
We scrutinize all COVID-19-related domains carefully to ensure that they comply with our rules, particularly Canadian presence requirements, and to ensure that all domains stay Canadian. We are also working with our global domain name community, including organizations like the Council of European National Top-Level Domain Registries, to ensure that we are aligned with the best practices of our peers around the world.
However, it is not within CIRA's mandate to review or authenticate the content of .ca websites, nor would such authentication be effective, as the Internet, and related threats, is global. While .ca domain names are bound by Canadian law, thousands of other threats come from outside our borders. There are well-established existing tools and processes in place to deal with fraud online and cyber-attacks. If Canadians come across any domain they suspect of being used fraudulently or maliciously, they should contact the Canadian Anti-Fraud Centre or the Canadian Centre for Cyber Security. We work closely with both of those organizations.
When it comes to fraud on the Internet, it is important to remember that hackers love a crisis. While technical solutions form an important barrier to online fraud and cyber-threats, the biggest attack vector is human frailty. Cyber-thieves exploit anxiety, uncertainty and fear to prey on Canadians when they are at their most vulnerable. Unfortunately, the current COVID-19 pandemic provides fertile ground for these criminals.
In this environment, we launched CIRA Canadian Shield. This is a free security and privacy solution for individual Canadians and their families. Working with our partner, the Canadian Centre for Cyber Security, we are already protecting more than 50,000 Canadians with Canadian Shield as they work, learn, teach and socialize while at home during the pandemic. Canadian Shield reflects CIRA's commitment to build a trusted Internet for Canadians. We look forward to the opportunity to protect every Canadian with this free service.
CIRA is helping to protect Canadian hospitals, schools, universities and municipalities through our enterprise cybersecurity service DNS Firewall. It has an install base of more than 1.1 million users, which includes students, teachers, doctors, municipal workers and first responders across Canada.
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:15
Good afternoon, Madam Chair and committee members. Thank you for the invitation to appear today, from my dining room, to discuss pandemic-related cyber-fraud.
I am Scott Jones and I am the head of the Canadian Centre for Cyber Security at the Communications Security Establishment. CSE is one of Canada's key intelligence agencies and the country's lead technical authority for cybersecurity. Launched in October 2018, the cyber centre is a relatively new organization, but one with a rich history and over 70 years of cybersecurity experience, having previously functioned under CSE's long-standing IT security mandate. The cyber centre is a unified source of expert advice, guidance, services and support on cybersecurity operational matters, providing Canadian citizens and businesses with a clear and trusted place to turn to for cybersecurity advice.
Specifically, the cyber centre focuses on five main areas. We first inform Canada and Canadians about cybersecurity matters. Second, we protect Canadians' cybersecurity interests through targeted advice, guidance, hands-on assistance and strong collaborative partnerships. Third, we develop and share specialized cyber-defence technologies and tools, resulting in better cybersecurity for all Canadians. Fourth, we defend cyber systems, including government systems, by deploying sophisticated cyber-defence solutions. Fifth, we act as the operational leader and government spokesperson during cybersecurity events.
That point brings me to the specific topic of today's discussion, to speak to you about cybersecurity when it comes to COVID-19. As we noted in the national cyber-threat assessment in 2018, the biggest threat facing Canadians online is cybercrime. I would like to provide the committee with an update on the work that the cyber centre is doing to protect Canadians from cyber-fraud occurring before, during and after the pandemic.
During these uncertain times, cyber-threat actors are attempting to take advantage of Canadians' heightened levels of concern and fears around COVID-19. Many Canadians are naturally feeling fearful and stressed, and those emotional responses can be exploited online. We've seen an increase in reports of malicious actors using COVID-19 in phishing campaigns and malware scams.
COVID has presented cybercriminals and fraudsters with an effective lure to encourage victims to visit fake sites, open email attachments and click on text messaging links. These websites, emails and links frequently impersonate health organizations and can pretend to be from the Government of Canada, among others. They are trying to spread malware and scam Canadians out of their money or private data.
The cyber centre has assessed that the COVID-19 pandemic presents an elevated level of risk to the cybersecurity of Canadian health organizations involved in the national response to the pandemic. I want to reassure you that CSE and the cyber centre are working hard to mitigate these threats and protect Canadians.
I am pleased to share with you the steps we're taking to protect the Government of Canada, systems of importance, and all Canadians from cyber-fraud during these times. We continue to leverage all aspects of our mandate to ensure that Canada is protected against threats and that the Government of Canada has access to information that can help inform decisions on our approach to COVID-19. The cyber centre is working tirelessly to continuously raise public awareness of cyber-threats to Canadian health organizations by proactively issuing cyber-threat alerts and providing tailored advice and guidance to Canadian health organizations, government partners and industry stakeholders.
In addition to our advice and guidance for Canadian organizations, we continue to enhance the Get Cyber Safe campaign to help all Canadians take action to help themselves be safe online. In coordination with industry partners and the international network of cybersecurity organizations, the cyber centre is contributing to the removal of fraudulent sites and other materials used to lure Canadians, including sites impersonating the Government of Canada.
To support programs of importance to the government, we have also continued to monitor and protect important Government of Canada programs against cyber-threats, including the Canada emergency response benefit web application. [Technical difficulty—Editor]
Simon Marchand
View Simon Marchand Profile
Simon Marchand
2020-05-20 15:20
Members of the committee, good afternoon and thank you for having me today.
My name is Simon Marchand, and I am the chief fraud prevention officer at Nuance Communications Canada. Nuance is an American company with a strong presence in Montreal. It develops technologies that rely on artificial intelligence and voice biometrics for use in fraud prevention, among other things. My specific role is to apply those voice biometric technologies to identity theft prevention. Nuance's products are widely deployed throughout Canada, with most of the big banks and telecommunications carriers using its biometric-based technologies. Nuance also has an extensive international clientele, including major U.S. banks and most of the world's big companies. We develop solutions for law enforcement agencies and government service providers, as well, to help them gather evidence and identify citizens.
I am here today to share with you some of our observations. In my capacity, I'm obviously abreast of all the major scams around the world. I'd like to tell you what we've seen in relation to the COVID-19 pandemic and flag some of the risks that need to be addressed, to help ensure Canada's legislation is equipped to deal with fraud-related issues that may be imminent.
I'll start with some of the internal risks. In response to the COVID-19 pandemic, companies quickly reorganized their operations to accommodate telework. I'm not here to praise or criticize telework, but I will say that it poses real risks, especially in connection with customer service. All customer service representatives who usually work in call centres are now working from home, in an unsupervised environment. Despite having few tools, they now have access to sensitive information about consumers, ranging from information about their assets to information that someone could use to impersonate someone else.
The current socio-economic reality will no doubt put pressure on many households. When it comes to internal fraud, we know that pressure and opportunity are the two basic factors that drive an employee to go against their employer's interests and commit fraud, including stealing information belonging to the organization. Let us not forget that some organizations collect highly sensitive information about Canadians.
These changes in how work is organized raise the possibility of information being stolen and eventually posted on the dark web. That will definitely serve identity thieves well.
Other witnesses have talked about phishing scams, a problem that's already well documented. Sophisticated criminals have adapted to the pandemic and are using COVID-19 as a cover to trick people into providing their information. Some areas have seen a 600% increase in the number of phishing scams involving COVID-19; attachments, links to websites and other methods are being used to lure victims.
Fraudsters will be able to get their hands on vast amounts of consumer information, which they won't use in the next few weeks. Rather, they'll wait six to 18 months before opening up accounts, taking out financial products and acquiring products from telecommunications carriers.
Since banks and telecommunications carriers are federally regulated, lawmakers need to be aware of these risks. Much of the focus is on the company's responsibility to protect the data entrusted to it. I think, though, the focus should be on accountability and the responsibility companies have in relation to the information they use to deliver services. When a bank's system is hacked and client information is stolen, it calls into question the bank's responsibility, which is protecting that information. No one asks about what will happen to the information once it's collected. There's a huge accountability gap.
I would be happy to answer any questions you have on the subject.
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:26
I've been alerted to where I was. Thank you. I'm sorry about that. Technology affects us all.
In coordination with our industry partners and the international work of cybersecurity organizations, we have contributed to removing of fraudulent sites, and I talked about the protection of the CERB, the Canadian emergency response benefit.
Cyber-attackers are now looking to exploit teleworking connections because so many people are now working outside of their organization's traditional IT security perimeters. In response, the cyber centre has partnered with the Canadian Internet Registration Authority, or CIRA as you've heard, to create and launch CIRA's Canadian Shield. This is a free DNS firewall service that will provide online privacy and security to Canadians. CIRA has shown tremendous leadership in giving Canadians an option to better protect themselves online, and I thank them for their partnership.
To further protect Canadians, the next important step we've taken is informing Canadians about cybersecurity matters. Through targeted advice and guidance, the cyber centre is helping to protect Canadians' cybersecurity interests. We shared cybersecurity tips on video teleconferencing tools and telework to help inform and educate Canadians about how to stay safe online, particularly while many of us are working from home.
The cyber centre has created a collection of advice and guidance products, many of which are now more relevant than ever. I encourage Canadians to visit our website to learn more about our specific guidelines and best practices that can be applied to protect yourself from cyber threats.
Finally, it is important to note that the Government of Canada has a strong and valuable relationship with our international cyber partners. We regularly share information, which has a significant impact on protecting our respective countries' safety and security. CSE and the cyber centre are working to address cyber threats facing Canadians during these times; however, cybersecurity is everyone's responsibility and will take all of our expertise to protect Canada and Canadians.
Thank you again for the opportunity to appear before you today, and thank you for your patience with technology. I am pleased to answer any questions you may have.
Byron Holland
View Byron Holland Profile
Byron Holland
2020-05-20 15:33
I have changed my mike and headset. Hopefully, that will be better.
Madam Chair, thank you for the opportunity to present yet again. I will start at the beginning, as you've asked, to make sure that the folks who were not able to hear can.
My name is Byron Holland. I'm the president and CEO of the Canadian Internet Registration Authority. Our primary mission is the operation of a safe, stable and secure .ca domain name registry.
We are recognized as a global leader in our space. In fact, many other countries leverage our infrastructure, services and knowledge for their own domain name registries. Our technology is considered best in class among our peers. In short, CIRA is fully equipped to navigate the COVID-19 crisis. We are confident in our ability to protect the integrity of .ca.
To date, we have tracked just over 2,000 .ca domain names with COVID-19-related keywords. For context, we've added more than 200,000 .ca domain names since the beginning of the year. This is aligned with what we are seeing from our peers around the world where COVID-19-related domains make up less than 1% of total registrations. However, it is also important to note that many of these domains are perfectly legitimate, and even positive, such as conquercovid.ca, a campaign to support first responders.
We scrutinize all COVID-19-related domain names carefully to make sure that they comply with our rules, particularly our Canadian presence requirements. We are also working with our global domain name community, including organizations such as the Council of European National Top-Level Domain Registries, to ensure that we are aligned with best global practices.
However, it's important to note that it is not within CIRA's mandate to review or authenticate the content of .ca websites, nor would such authentication be effective, as the Internet and related threats are truly global. While .ca domains are bound by Canadian law, there are thousands of other threats that come in from outside our borders. There are well-established existing tools and processes in place to deal with online fraud and cyber-attacks. If Canadians come across any domain names that they suspect are being used fraudulently or maliciously, they can contact the Canadian Anti-Fraud Centre or as we've heard, the Canadian Centre for Cyber Security. We work closely with both organizations.
When it comes to fraud on the Internet, it's important to remember that hackers love a good crisis. While technical solutions form an important barrier to online fraud, the biggest attack vector is human frailty, which cyber-thieves exploit. Unfortunately, the current pandemic has provided these criminals with an atmosphere of heightened anxiety in which to operate and has simultaneously forced most Canadians to work, learn, teach and socialize from their home networks and personal devices, most of which are not equipped with enterprise-grade security.
It is in this environment that we've launched CIRA Canadian Shield, a free security and privacy solution for all Canadians and their families. We've done this, as you heard, in partnership with the Canadian Centre for Cyber Security. We currently protect more than 50,000 Canadians, with a growing user base. Canadian Shield reflects CIRA's commitment to build a trusted Internet for Canadians, and we look forward to providing the opportunity to protect every Canadian with this free service.
We also help protect Canada's hospitals, schools, universities and municipalities through our enterprise cybersecurity service, CIRA's DNS Firewall. We have more than 1.1 million users, who include students, teachers, doctors, municipal workers and first responders across Canada. We are providing this service free of charge to all Canadian health care facilities and small businesses until September, hopefully when this crisis will be starting to recede.
Finally, the most important factor in protecting Canadians from fraud on the Internet is knowledge. Much like how your parents taught you to look both ways when crossing the street, Canadians need street smarts on the Internet to be able to identify fraud, fake news, misinformation and scams. The best way to do that is through awareness and education.
At CIRA, we have partnered with Beauceron Security, a great New Brunswick success story, to launch CIRA cybersecurity awareness training, a platform that provides education, benchmarking and ongoing testing to ensure employees have the most up-to-date cybersecurity street smarts. We have also launched a free cybersecurity course, Cybersecurity for Remote Workers, to help the thousands of Canadians now working from home to keep themselves and their organizations safe from cyber threats.
Everything I've mentioned so far represents elements of Canada's leadership, innovation and expertise in the area of cybersecurity. However, as Canada and the world enter an era when the Internet is proving to be the lifeboat for the global economy, we believe Canada must do more to be a global leader in cybersecurity. We would encourage the Government of Canada to dedicate more funding to cybersecurity research, solutions and platforms to protect Canadians and ensure the security of our digital economy. Only through investment can we ensure Canadians have the education, tools and platforms to protect themselves and their businesses from online fraud and malware.
There is no silver bullet. The threat landscape is constantly evolving, and our cybersecurity awareness and technology must keep pace. At CIRA, we're eager to help any way we can.
Thank you for your time.
View Glen Motz Profile
CPC (AB)
Thank you very much, Madam Chair.
Witnesses, thank you for your great introduction to this topic today.
I'm going to focus primarily in this round on Mr. Jones and the Communications Security Establishment.
If I heard you correctly in your opening remarks, as you advise on cyber-related attacks and frauds, you have been advising the government on foreign attacks and areas of cyber-related concerns throughout this COVID pandemic.
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:40
Yes, that is correct, absolutely. We continue to advise on all aspects, although the majority of activity we have seen is related to cybercrime.
View Glen Motz Profile
CPC (AB)
When there is a cyber intrusion, do you know off the top whether it's fraud related, cyber espionage, corporate espionage, a random attack or another purpose?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:41
Typically, when there is a report of some type of breach, our first action is to really look at how we can somehow do containment versus some type of attribution, meaning looking for the actor behind it. We always assume that it's the most sophisticated actor possible and that the actor is looking to take information or implement some type of advanced technique, but the fact is that almost every compromise we've seen or every incident we've seen reported is related to cybercrime right now.
We look first to contain, to help the victim make sure they're able to lock down their defences, improve their security, take action to prevent that adversary from spreading throughout their network, then work back from that and engage the right organizations, such as law enforcement, or our partners in the Canadian Security Intelligence Service if it is a foreign actor, and then, of course, CSE's own foreign intelligence mandate as well.
View Glen Motz Profile
CPC (AB)
Right.
Attacks on our front-line health workers could be designed to steal information, to sell personal information or to facilitate fraud. Has CSE been called in to deal with any of these intrusions or attacks on our health care institutions and front-line health care workers since the pandemic began? If so, how many times?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:42
There have been instances of cyber-incidents in health care-related fields, research and development organizations. We've intervened in a small number in terms of responding to the incident and giving advice and guidance.
The majority of our activity, though, has been focused on trying to provide information in advance, alerting to vulnerabilities, for example, that are growing or being announced, so that health care organizations can take proactive action. We really try to get information out about what an actor is doing to protect organizations in advance. We really are trying to be proactive in preventing any breach.
View Glen Motz Profile
CPC (AB)
Good.
Has CSE been called in to deal with any attacks on our own government's research into COVID vaccines?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:43
The Government of Canada defences are something that we have integrated into the ongoing operations. The way the government has been able to layer its defences over the last decade as we've built them out, it really is to proactively stop any malicious activity. There haven't been any breaches of the government, because our defences are layered in such a way that it is heavily protected.
View Glen Motz Profile
CPC (AB)
To reiterate what you just said, we have had attacks but there has been no intrusion, which is good to hear.
What's their intent in these attacks? Is it to take intellectual property or is it to gain economic opportunity? What is your assessment of that?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:44
Our assessment with regard to cybercriminals is that it really is about financial gain. They're looking to see what they can leverage. If you're looking at nation-states, we are seeing that everybody is trying to understand what's happening in the world. This is something that we've become alerted to, that there's a general increase in nation-state interest around these topics.
Results: 61 - 75 of 139 | Page: 5 of 10

|<
<
1
2
3
4
5
6
7
8
9
10
>
>|
Export As: XML CSV RSS

For more data options, please see Open Data