MapleSEC: How the Canadian government’s Cyber Centre helps infosec pros

Share post:

What does the Canadian Centre for Cyber Security do for infosec pros?

Quite a lot, according to Melanie Anderson, the federal agency’s director-general for secure solutions and services.

In a keynote speech during IT World Canada‘s MapleSec series of cybersecurity presentations this week, Anderson outlined the free services the federal department offers to help protect IT networks (Many need a feed reader):

— Cyber Flashes – actionable information describing an immediate issue targeting the federal government or systems of importance;

Alerts – to raise awareness of a recent cyber threat with mitigation advice. On request the Centre can provide more detail for subscribers;

— Weekly Technical Reports – summaries of events as well as indicators of compromise (IoCs);

— Aventail – an automated threat intelligence service that runs at machine speed for critical infrastructure providers that includes IoCs such as domain URLs and IP addresses that can be fed into your system. In 2022 Avantail sent out over 46,900 IoCs;

— NCTNS Notifications – short for the National Cyber Threat Notification Service, which are warnings sent to an organization if the Centre sees a sign of compromise in its IP space;

— Scorecards – a monthly report for NCTNS subscribers;

Malware.cyber.gc.ca – a website where infosec pros can submit suspicious files for analysis. It uses Assemblyline, a Centre-created analysis tool;

Assemblyline – yes, it can be downloaded for use in your own environment;

— a Learning Hub – training for employees of all levels of government and critical infrastructure providers;

— and some incident response advice.

All this is in addition to free advisory documents such as baseline controls for small and medium businesses.

The Cyber Centre is the government’s authority on cybersecurity for government departments and businesses. The Centre is part of the Communications Security Establishment (CSE), responsible for defending federal IT networks, creating secure communications for government departments and breaking foreign codes. In turn the CSE is part of the Department of National Defence.

One of Anderson’s key messages is that cybersecurity is a team sport: If you have an incident or discover an indicator of compromise, report it to the Centre. If it’s a criminal offence, like ransomware, report it to the RCMP. If it’s phishing, report it to the Canadian Anti-Fraud Centre.

She also emphasized the importance of organizations observing cybersecurity basics. “Many times we have incidents that mostly occur because of human error, sometimes poor cyber hygiene — lack of multifactor authentication, poor passwords, clicking on an attachment and poor risk awareness.”

Finally, Anderson concluded with a call to action for infosec pros: Mentor at least one person, particularly people from diverse backgrounds.

“In my mind this is very crucial to help the next generation learn more about cybersecurity, leadership, and to pass on the tools and tips to enable a resilient workforce.”

The post MapleSEC: How the Canadian government’s Cyber Centre helps infosec pros first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Russian threat actor expanding its target list, warns Five Eyes report

APT29 is increasingly going after cloud services in mo

Canada’s privacy watchdog investigating hack at Global Affairs

Inquiry will look into adequacy of data safeguards at the federal

Sidebar: The powerful Digital Safety Commission

A look at the powers of the proposed five-person body charged with overseeing the Online

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways