Up In The Clouds

"What we see is an increasing level of activity on the networks. I am concerned that this is going to break a threshold where the private sector can no longer handle it and the government is going to have to step in."
"Most of the people do not understand the magnitude of the threat and the problems we face, nor the impact of some of the solutions that we put in place. There are things that we can do and must do to protect our country."
Gen. Keith Alexander, head, U.S. Cyber Command

What seemed fanciful and improbable not all that long ago, because we felt that new technology could always surmount any potential problems, and that security on systems that control our way of life, from municipal infrastructure services delivery of water, energy, and communications, to security, banking, academics, corporate interests and government offices would always be assured has turned into whistling in the dark.

This was brought home through discussion that took place during a security conference held in Ottawa. John Adams, former chief of the Communications Security Establishment Canada spoke to reporters of the need for the federal government to move ahead on the file of setting standards for cyber-security. Government decided instead of enacting legislative standards to share best practices with industry.

A research paper recently released for CSIS suggested funding infrastructure such as water systems and electrical grids to ensure national security. "It's a foray, but I'm not sure how successful it's going to be. First of all, it's voluntary and secondly there's always conditions. The private sector, some will play and some won't and if one's weak, they're all weak."

For the unaware public, if there were concerns about security breaches they were temporary - there were always patches that could be devised that would settle such matters until the next one came along. If those delivering the threats thought they were so clever, we, the good guys, were just that much cleverer.  But then, all that's needed to wreak havoc is one or two really good shocks to the system. 

Say the delivery of electrical supply over a large integrated North-American system to go off line because some clever hacker working at the behest of a malevolent government intelligence bureaucrat flipped a critical switch. Or threatened to, if our government was engaged in something that proved to be inconvenient to the country pulling its weight with such threats.

Sounds implausible because it's just too far-reaching and difficult to imagine, but it has already happened. When Russia interfered with the entire network and put Estonia's computer system out of commission. Through a sour incident over which Russia took umbrage. For government agencies to step in and take charge of the entire country's cyber security it would take an agreement with Internet providers.

And that's usually when privacy commissioners and civil liberties organizations raise their heads and cry out "wait just a minute, here!", calling out against presumed loss of civil liberties. Communication of suspicions from Internet service providers to federal security agencies relating to potential attacks would invariably result in some backlash, when not everyone sees the potential of espionage problems looming in the near distance.

Cyber-criminals alone, not state actors, have taken advantage of openings in security to steal $4-trillion annually from vulnerable corporate interests and private individuals alike. It costs companies $15-trillion to try to protect themselves from those losses; four times the price of the losses, to control the situation so that losses don't mount even higher.

The White House made an announcement it was prepared to punish countries that fail to enact their responsibility by cracking down on hackers that steal corporate secrets. And there was little discretion involved, in naming suspected culprits: China, India and Russia.  Although Canada has not formally responded to the U.S. strategy, there was an oblique statement of support.

A spokesman for Public Safety Minister Vic Toews stated that Canada's cyber-security strategy government agencies would "work with the private sector and our allies to guard against these threats." One strategy appears to be moving from the vulnerabilities in traditional networks toward a secure cloud network.