Presentation to PSCIOC

September 10, 2003

 Problems  Progress  Plans  Requests NCSIP Presentation to PSCIOC September 10, 2003 2

Supporting trusted e-government – There is work to do!

 Identification of new vulnerabilities in the essential infrastructure used to deliver services continues  So far this year  Microsoft – 41 security bulletins  CISCO – 13 security advisories  CERT/CC – 149 vulnerability notes NCSIP Presentation to PSCIOC September 10, 2003 3

NCSIP Presentation to PSCIOC September 10, 2003 4

August 2003 – major impact from 3 worms

 August 11 – Blaster and August 18 – Nachi  Spread rapidly and automatically to visible vulnerable systems  Patch had been available for 3+ weeks  August 18 – Sobig.f

 Mass mailing worm  Spread by users opening an attachment NCSIP Presentation to PSCIOC September 10, 2003 5

Impact of worms

      Canadian government’s affected - e-mail and network bottlenecks, some service interruptions, extensive effort to recover The US Federal Reserve Bank in Atlanta shut down its computer systems – there was no disruption to the US financial system (Blaster) Air Canada’s network to call centers and airport check in crippled, causing delays of many hours (Nachi) The US Navy/Marine Corps Intranet was taken off-line (Nachi and Sobig) The Maryland Motor Vehicle Administration closed their offices for ½ day (Blaster) Nordea Bank (Finland) closed as many as 70 branches and branches and customer service points were shut down all around the country (Blaster) NCSIP Presentation to PSCIOC September 10, 2003 6

NCSIP Presentation to PSCIOC September 10, 2003 7

Supporting trusted e-government – There is work to do!

 January 2003 – SQL Slammer Worm    Around the world in 10 minutes Clogged networks & interrupted services – ATMs, 9-1-1, airline reservations, power generation Patch had been available for 6 months  Future worms may be more destructive  Blaster, Nachi, Sobig.f and Slammer payloads did not affect confidentiality or integrity  Layered safeguards required  Patching as important as blocking and anti-virus NCSIP Presentation to PSCIOC September 10, 2003 8

Common issues for Canadian governments

 Preserving / achieving trust requires  Common minimum security levels  Effective awareness and education  Dealing with emerging threats  Patch management strategies  Intrusion prevention  Continuing training for IT specialists NCSIP Presentation to PSCIOC September 10, 2003 9

Progress

    Information Protection Coordination Centre  Liaison with OCIPEP resulting in expanded services Dialogue with Privacy Sub-committee   Common meeting in February Sharing of priorities and concerns  Agreement to proceed with a Security Classification Guide Inter-jurisdictional sharing of information – R&D   Standards, policies, processes Product assessments and recommendations Common self assessment tool    GOC and Quebec tools under consideration Both require tailoring $30,000 allocated by PSCIOC, costs may reach $75,000 NCSIP Presentation to PSCIOC September 10, 2003 10

Plans

      Awareness – assess required next steps Specialist Training – conduct needs survey Business continuity / disaster recovery – evaluate need for a Canadian center Security Classification Guide – finalize considering additional input from governments Coordination of IT Security Standards – investigate use of international standards Cyber exercise – participate in multi jurisdictional exercise NCSIP Presentation to PSCIOC September 10, 2003 11

Requests

 NCSIP wants to support PSCIOC’s goals and priorities     More communication desirable Secretariat should distribute action plan to sub-committees CIOs should support efforts of and communicate directly with their sub-committee members Privacy and security are closely related – continued work to understand privacy requirements should continue  Several NCSIP members would benefit from GOC security clearances    Would facilitate access to classified information when required Would be voluntary and not a requirement for membership Decision regarding PSCIOC support of concept requested NCSIP Presentation to PSCIOC September 10, 2003 12

Requests (2)

   NCSIP would like representation in Identity, Authentication and Authorization working group   Recommend that the working group include an NCSIP rep Recognize that business requirements must take the lead   Identity management a major security issue Representative could contribute knowledge and experience, help ensure technology neutrality, assess network capacity issues, coordinate with NCSIP, etc.

NCSIP would like to change its terms of reference  Membership to include a MISA BC representative   Executive Chair, Vice-chair and Secretary Vice-chair elected each spring, takes over as chair the following spring NCSIP requests increase in funding available for common self assessment tool to up to $75,000 NCSIP Presentation to PSCIOC September 10, 2003 13