Coming soon: a Canadian cyber-security strategy

A national cyber-security strategy that will seek to protect key infrastructure as well as Canadians' identities is on the way, an RCMP executive says.

A national cyber-security strategy that will seek to protect key infrastructure as well as Canadians' identities is on the way , an RCMP executive says.

Details of the strategy — a partnership between the public and private sectors — will emerge over the next few months, said David Black, manager of the RCMP's cyber infrastructure protection section. The plan is being put together by Public Safety Canada with input from telecommunications and technology companies such as Bell Canada Inc. and Microsoft Corp.

"There's a lot of discussion about what Canada needs to do about cyber security," he told an audience of cyber-security professionals at a conference in Toronto. "You should be hearing elements of that strategy emerging post-election."

Some details may emerge at a high-level security conference being hosted by the Conference Board of Canada in Gatineau, Que., in early November. A number of officials from Defence Canada, as well as Public Safety Minister Stockwell Day, are scheduled to speak at the event.

The plan is likely to address a number of the issues the RCMP considers priorities, including identity theft, the evolution of cyber crime for profit, the protection of critical cyber infrastructure and the convergence of technological and physical security.

Black said an issue such as identity theft needs to be better defined and enshrined in legislation.

He also told the conference the RCMP is steadily improving its ability to deal with technological security issues after consolidating a number of units into its Cyber Crime Council two years ago. Before that group was set up, the RCMP's cyber security operations were "all over the place."

"We're getting better all the time," he said.

Black's speech kicked off the second annual SecTor conference, Canada's answer to DefCon, the largest hacker convention in the United States. Many attendees and speakers at SecTor were "white-hat" security professionals, "good guy" hackers who work for companies by finding their internal vulnerabilities.

Black also said Canada needs new regulations and standards for computer forensic professionals to boost the quality of evidence that can be brought forward in security cases. Texas, for example, recently enacted a rule that requires all computer forensics experts to become licensed private investigators.

While Canada doesn't need to go that far, Black said, similar measures — such as the training courses the RCMP gives its own computer forensics investigators — need to be implemented.

"There is no standard at this point and we need one. Not in terms of necessarily licensing … we would like to see a similar training regime developed for those claiming to do computer forensics."