Executives from two of the countryโs biggest enterprises behind the fledgling Canadian Cyber Threat Exchange say the service will help Canadian organizations of all sizes better fight the mounting amount of malware and breaches they face.
Threat sharing โis a powerful tool,โ Glenn Foster, senior vice-president and head of technology risk managment and information security at TD Bank, told infosec pros in Toronto on Wednesday at the annual SC Congress conference. He said knows because Canadian banks have had their own private threat exchange for almost two decades.
Cyber crime is cheap for nation-states and criminals, he said, in part because they share intelligence โ so the private and public sector should too. โWith CCTX I think being an enabler for us is going to be extending that value proposition across Canada to all connected entities to really flip that cost curve. So now at the end of the day our job is to make it more expensive for the adversary to be successful in what theyโre doing.โ
Colin Penny, senior vice-president of technology and chief information officer at Ontarioโs Hydro One power distributor, said Canadian electric utilities โ who have their own threat exchange โ can contribute their knowledge about vulnerabilities in network-connected industrial controls to other industries such as manufacturing and transportation.
โAs with any other complex system weโre only as strong as our weakest link. So itโs very important that and cross-sector collaboration and information sharing across the entire supply chain big and small in our sector brings the bar up for everybody. Itโs not about the largest that can afford it should be the most protected, itโs that everybody should be protected.โ
Both are on the nine-person board of the CCTX, announced last December to give municipalities, regions and the private sector the ability to join a threat exchange that only few โ like banks and utilities โ have set up.
Also meeting the infosec community this week at SC Congress and at the Anti-Phishing Working Groupโs Toronto conference was the CCTXโs new executive director Robert Gordon, a former senior official at Public Safety Canada who helped design the governmentโs cyber threat strategy and a former senior civil servant at the Communications Security Establishment (CSE), the countryโs electronic spy agency, and the Canadian Security Intelligence Service (CSIS). Most recently he was a director in the global cybersecurity service at consulting and integration firm CGI.
In fact when he was with Public Safety Gordon helped get the private sector companies together to sketch the outline of the exchange when Ottawa heard firms were talking about the idea just under two years ago.
Gordon told both conferences the non-profit CCTX expects to go online at the end of this year, largely for enterprise-sized companies who will pay $50,000 a year for service and the right to contribute. In addition to the nine initial supporting enterprises, he hopes to add 20 more by then.
Early in 2017 service for small ($5,000 a year) and medium-sized ($20,000) companies will be available. Organizationsย can join for free and get more limited services.
Meanwhile CCTX expects to shortly pick an IT platform that will handle the data exchange and collaboration capabilites, and a managed security service provider that will host it.
Still to be worked out before the end of the year are exactly what services will be offered to enterprises and SMB members โ and Gordon said CCTX would fail if SMBs donโt see value in it.
So far Gordon has said threat data will be exchanged in near-real time through protocols like TAXII and STIX for those that can handle it, with all data will be anonomized โ privacy will be an essential element, he added. There will also be threat trend reports and the ability for security analysts to collaborate across sectors, particularly if they are looking at the same threat. For others there will be the ability to form so-called communities of trust for infosec pros, as well as security training courses.
For security named members to the exchange will be vetted, with Gordon suggesting the federal government could play a role.
Both Gordon and Foster emphasized they expect paying members to contribute to the exchange and not merely take data from it.
There are some who wonder if having another source of threat information added to the ones they already subscribe to will merely add โnoiseโ not substance. That was one question thrown at Gordon, Foster and Penny by John Del Grande, director of architecture and information security solutions at Presidentโs Choice Financial, the retail banking arm of Loblaws.
Gordon said that CCTX doesnโt want to duplicate the work of other international threat exchanges and analysis centres it will link to, and will provide โunique value.โ
โThe power of CCTX is going to be the communities, the people,โ added Foster, with cross-sector communities putting in โsweat equity.โ CCTX will also stress Canadian content, he said.
In an interview Del Grande said โIโm worried about the noise that comes through because we already have a hard time sorting through all the threat intel that comes in, in terms of whatโs valid and whatโs not โฆ Now youโll be getting stuff from cross-industry, which is a good but itโs going to add significantly to more things to filter through, potentially more one-0f things to look at, more false leads. Thatโs still a concern for me.โ
Showing value will be โcritically important,โ Gordon said. โCCTX is taking money from companies, theyโd better see some value. So I think broadly defined somehow weโve got to be reducing the risk factor coming through the door so companies should be getting information they can actually action to reduce that threat.โ
Related Download
Sponsor: F5
The present and future of application protection
This white paper looks at how security measures must be enhanced to ensure apps are secured everywhere, the investments organizations must make, and why security needs to be more focused at the application level.
Register Now