MapleSEC: How the Canadian government’s Cyber Centre helps infosec pros

What does the Canadian Centre for Cyber Security do for infosec pros?

Quite a lot, according to Melanie Anderson, the federal agency’s director-general for secure solutions and services.

In a keynote speech during IT World Canada‘s MapleSec series of cybersecurity presentations this week, Anderson outlined the free services the federal department offers to help protect IT networks (Many need a feed reader):

— Cyber Flashes – actionable information describing an immediate issue targeting the federal government or systems of importance;

— Alerts – to raise awareness of a recent cyber threat with mitigation advice. On request the Centre can provide more detail for subscribers;

— Weekly Technical Reports – summaries of events as well as indicators of compromise (IoCs);

— Aventail – an automated threat intelligence service that runs at machine speed for critical infrastructure providers that includes IoCs such as domain URLs and IP addresses that can be fed into your system. In 2022 Avantail sent out over 46,900 IoCs;

— NCTNS Notifications – short for the National Cyber Threat Notification Service, which are warnings sent to an organization if the Centre sees a sign of compromise in its IP space;

— Scorecards – a monthly report for NCTNS subscribers;

— Malware.cyber.gc.ca – a website where infosec pros can submit suspicious files for analysis. It uses Assemblyline, a Centre-created analysis tool;

— Assemblyline – yes, it can be downloaded for use in your own environment;

— a Learning Hub – training for employees of all levels of government and critical infrastructure providers;

— and some incident response advice.

All this is in addition to free advisory documents such as baseline controls for small and medium businesses.

The Cyber Centre is the government’s authority on cybersecurity for government departments and businesses. The Centre is part of the Communications Security Establishment (CSE), responsible for defending federal IT networks, creating secure communications for government departments and breaking foreign codes. In turn the CSE is part of the Department of National Defence.

One of Anderson’s key messages is that cybersecurity is a team sport: If you have an incident or discover an indicator of compromise, report it to the Centre. If it’s a criminal offence, like ransomware, report it to the RCMP. If it’s phishing, report it to the Canadian Anti-Fraud Centre.

She also emphasized the importance of organizations observing cybersecurity basics. “Many times we have incidents that mostly occur because of human error, sometimes poor cyber hygiene — lack of multifactor authentication, poor passwords, clicking on an attachment and poor risk awareness.”

Finally, Anderson concluded with a call to action for infosec pros: Mentor at least one person, particularly people from diverse backgrounds.

“In my mind this is very crucial to help the next generation learn more about cybersecurity, leadership, and to pass on the tools and tips to enable a resilient workforce.”