Cyber Security For Major Events: Canada

Defence Research and
Development Canada
Recherche et dveloppement
pour la dfense Canada Canada
Cyber Security for Major Events
Lynne Genik, MSc
Operational Research Scientist, DRDC Centre for Security Science
Luc Beaudoin, P.Eng, MSc, MBA
Chief of Cyber Operations, Canadian Cyber Incident Response Centre

Presentation for PST 2010 Innovation Day August 17, 2010
Defence R&D Canada CSS R & D pour la dfense Canada CSS
Overview
Lynne
Major Events
Why is Cyber Security Important?
Vancouver 2010 Cyber Security Preparations
V2010 MECSS Cyber Security Project
Observations/Lessons Learned
Luc
Operational Implementation
Vancouver 2010 Games
G8 G20 Summits
Lessons Learned
Conclusion

3
Weapons Effects
Vehicles
Autonomous Systems
Military Engineering
Chem & Bio Defence
Human Factors
Decision Support
Command Effectiveness
Operational Medicine
Simulation & Modelling
Radar, EW
Space Systems
Information Operations
Communications
Synthetic Environment
Electro-optics
Combat Systems
Command & Control
Information Management
Systems Environment
Underwater Sensing
Materials
Air Vehicles
Marine Vehicles
Signature Mgt.
Defence R&D Canada
Centre for Security
Science
Centre for Operations
Research and Analysis
DRDC Major Events Coordinated Security
Solutions (MECSS) Model
Operationalizing S&T Investment
Public Safety
Canada
SA
National Science and Technology Community

Privy Council
Office
Exercises/CI/CBRNE
Joint Task
Force(G)
British Columbia
Public Safety
RCMP
Major Events
SA
SA
SA
SA
S&T Source
Industry
International
S&T
Academia
Centres of
Excellence
Federal Labs
S&T
Clusters
MECSS
G8/G20 ISU
SA
Security Partners
Integrated
Security Unit
Major Events
Focus the world spotlight on host country
V2010: 10,000 accredited, 4000 unaccredited
media
Collaboration and cooperation of many organizations
All levels of government and private sector
V2010 Exercise Gold: 140 agencies, 45
coordination centres, 2000 participants
Budgets in the billions
Security: V2010 $1B, G8/G20 $1B
Broadcasting rights: NBC US$2.2B for 2010/2012
Olympics
Infrastructure costs: V2010 Canada Line $2B, Sea-
to-Sky Highway expansion $1B
Vancouver 2010 Some numbers
25,000 volunteers
6000 law enforcement, 5000 Canadian Forces, 4800 private
security officers
119 agencies contributing police/peace officer from across
Canada
43 days of aircraft patrol
205,000 accreditations (Olympic family, security workforce,
VANOC, volunteers, etc.)

Olympics Paralympics
Athletes and officials 6500 1350
Registered athletes 2632 506
Participating countries 82 42
Tickets available 1.6M 250k
Why is Cyber Security Important?
Relied on by all sectors for operations
Safety
Security
Event broadcasting
Key messages/event results
Etc.
Significant cyber security incident would reflect badly
on Canada
V2010 Cyber Security Preparations
V2010 Cyber Security Working Group
V2010 Integrated Exercises Series
Integrated Threat Assessment Centre (ITAC)
Joint Intelligence Group
ISU Critical Infrastructure Unit (physical security)
Individual organizations
V2010 - Cyber Issues
Gaps in cyber threat situational awareness
Interdependencies
Silos
Response

V2010 MECSS Cyber Security
Project
Getting started
Generally, those familiar with cyber operations
saw value
Resistance from some key offices/people
Several key influential people were critical
Not a lot of time.
MECSS Cyber Security Project
Goals:
Identify/close gaps
Establish cyber response capability across key
stakeholders
Approach:
Small team of experts from different departments
Identified key cyber stakeholders

GOC (Ottawa)

MOC
(VANOC)
TCC
(ISU)
Liaisons for CF, EMBC, PS

PECC

NOC
(RCMP)

Venue

PREOC

EOCs
Local Authorities
Health
BCAS
Utilities
Transportation
Agencies
Others
ICP- Urban Domain
& Live Sites

VACC
West Vancouver
Vancouver
Richmond
WACC

Decision Authority
Link
Information
Sharing Link
DOCs

2010
Provincial
Games
Secretariat

GPPAG

CCG

MDEC

Public Safety

Security
Games

COO

Crisis
Cell

OCC

GJOC
Air (ACC)
Land (LCC)
Marine (MCC)
OMOC

ASOCC

PS Presence

PEP/IPS/
TEAMS
OFC
BCAS
BCCS
BCSS
Health
Authorities
MoH
MoT
PAB
Metro
Vancouver RD
Translink
BC Hydro
Terasen Gas
RCMP
CF Liaison
INAC
PS Liaison
Other
RCMP Pacific Region
Dep. Commissioner

VGM
VFM
BCAS
Fire
Others As Required
BRONZE
CMDR

2010
Federal
Games
Secretariat

JIG

Venue

E-Comm or
Dispatch Centers
ICC
Support
Function Command
Centre(s)

CMT

Deputy CEO

CEO

I
C
C
Other

Developed by:
PA

GOLD
CMDR

SILVER
CMDR

IMT

Final January 20, 2010
Vancouver 2010 Integrated Connectivity Schematic
MECSS Cyber Security Project
Approach (continued):
Performed cyber security review
Short list of questions
Face-to-face meetings
Outputs:
Summary and recommendations provided to:
Integrated Security Unit
Canadian Cyber Incident Response Centre
Chart of key cyber stakeholders
V2010 Planning Observations
Organisations priorities varied by mandate and
structure
Lack of actionable cyber intelligence information
No one organisation aware of all IT assets
Density of assets very high
Shared critical assets, sometimes without awareness
Some assets holistically critical
No system, authority, or forum for de-conflicting
potential issues

Lessons Learned during V2010 Review
Establishing trust and credibility critical
Access to right subject matter experts (SMEs) key
Not all levels of government have computer
emergency response team capability
Stakeholder buy-in varied
Value of cyber information sharing not recognized
from onset
Threat and risk assessments not formally completed
by many key organisations
Cyber security knowledge in tacit form with SMEs
Audit checklist too formal and overwhelming
Operational Implementation
About the Canadian Cyber Incident Response
Centre (CCIRC)
Vancouver 2010 Games
G8 G20 Summits
Lessons learned
Conclusion
CCIRCs Mandate
coordinating the national response
CCIRCs Mandate
Coordination point for Government of Canada (GC) cyber
response;
Receive significant incidents reports from federal
departments (GC IT Incident Management Plan);
Engage Cyber Triage Unit;
Provide cyber inputs into the Government Operations
Centre (GOC) for situational awareness and risk
assessment.
International point of contact for Canada for cyber
security events (shared with CanCERT, RECOL, and
Anti-Fraud Centre);
Assist government departments, critical infrastructure
owners and international partners with cyber security
issues.

Cyber Security
Major Events Information Space
Schedule of
Events
Media
broadcasting
Results
+
Key Messages
Major Events Cyber Threats
1. Direct and indirect (ex: power outages) denial of
service on critical IT services;
2. Hacktivism (criminal, copyright infringement,
intellectual property, brand, etc);
3. Malware distribution scheme leveraging the
event:
Phishing organizers and participants;
Broad distribution (ex: social media, video,
search engine optimization (SEO) poisoning,
etc.)
4. Cyber incident affecting a guest/diplomat/VIP
involving Canadian IT assets.
Operational Challenges
Distributed Ownership
No clear national owner of the cyber security
puzzle: everyone has a piece;
Liability
Damages can be embarrassing and affect others
(data exfiltration, infrastructure leveraged for
sending spam and attacks, web defacement, etc.)
Expertise
Terminology and complexity requires direct
interactions between cyber professionals for
accurate diagnostic of incident root cause and
mitigation strategy.

Key Cyber Stakeholders
Event Office of Prime Interest
Main web portal
Shared services (schedule, media, connectivity, etc.)
Support Organisations
Weather systems;
Air traffic systems and other transport services;
Hotel/venue data services;
Cellular and fibre service providers;
First Responders
VHF/UHF radios
Dispatch system
Emergency phone (911)
Physical Security
Area monitoring (camera network)
Access control systems
Police and military information networks;
Satellite, unmanned aerial vehicles

Games Cyber Events
Vaucouver2010.com
Hosted in Ukraine
Copy of Vancouver2010.com;
Video codec;

Search engine optimization
(SEO) poisoning of Google
index

Olympic hats and mittens
2014 Winter Olympics
David Atkins artist
Luge Accident video Olympics
Apollo Ono Speed Skater
Opening Ceremony Olympics 2010
Opening Ceremony Olympics Tickets
Olympian Tweeting
Nodar Kumaritashvili Death
US short track speed skating
K.D. Lang Olympics
Olympic Parade of Nations

Federal
Provincial
Municipal
SMO
DND
CFNOC
OPP
ISU
Ontario IPC
IC
DFAIT
Toronto
RCMP
FIN
Telcos
CCIRC
G8/G20 Key Cyber Stakeholders
G8/G20 Cyber Events
Phishing
Financial sector
Federal departments

http://apelbaum.files.wordpress.com/2010/02/phish1.jpg
Lessons Learned
Build trust
Face-to-face
Dedicated support staff

Enable Reporting
Regular teleconferences
Simple incident exchange mechanism
Incident report template
Provide secure communication channels
PGP;
PKI;

Conclusion
Cyber security does not fit well in existing emergency
management frameworks:
Distributed ownership;
No geographical boundaries;
Time scale;
Defence R&D Canada was the right group to perform this work:
Expertise;
Trust (security clearances!)
Impartial;
There will always be cyber risks but identifying key
stakeholders, building trust amongst them, and providing an
information sharing forum has shown to be an efficient and
effective way to mitigate risks.

Cyber Security For Major Events: Canada

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Security For Major Events: Canada

Uploaded by

Copyright:

Available Formats

Defence Research and

You might also like