The Past, Present and Future of Chinese Cyber Operations

China, as one of many alleged actors on the frontier of cyber espionage, is best understood by briefly examining the past century, how it influences contemporary cyber operations attributed to Chinese-based actors, and how they could be used against the Canadian Armed Forces in a potential Southeast Asian conflict.

Out of nowhere, here’s an article I wrote for the Canadian Military Journal. China,  as one of many alleged actors on the frontier of cyber espionage, is best understood by briefly examining the past century, how it influences contemporary cyber operations attributed to Chinese-based actors, and how they could be used against the Canadian Armed Forces in a potential Southeast Asian conflict.

See the full article here: https://www.academia.edu/7633668/The_Past_Present_and_Future_of_Chinese_Cyber_Operations; or

here: http://www.journal.forces.gc.ca/vol14/no3/PDF/CMJ143Ep26.pdf

 

Survey Points to Energy Sector at Risk of Cyber Attacks

A survey of 200 leaders from the critical infrastructure industries revealed that the energy sector is the most likely to be victim of a cyber attack. The survey was completed by IDC was conducted in August and October in Canada, the U.S and Europe[1].

The reasons to explain this phenomenon are the cost, apathy and government bureaucracy according to the survey. Also, industries are adding more and more possible access points to the internal network by connecting new sensors, meters and other equipment to their networks.

“]Percentage of respondents prepared and not prepared by industry sectors

Of course, energy industries networks are valuable targets, and would probably be the first victims in a case of a full-scale cyber attack. And as the events of 2003 shown[3], only a few power plants need to go down in order to create chaos on a wide region.

If costs are the main factor to wait before securing networks, security is not likely to be in the priorities of managers during the economic crisis that’s coming on the horizon. Unfortunately, those who take the risk of not hardening their security now may pay the price later…And according to Rick Nicholson, research vice president for IDC’s Energy Insights:

“Most utility CIOs [chief information officers] believe that their companies will be compliant with relevant standards, but still have a long way to go before being adequately prepared for all cyber attacks.”

Another interesting point, all these news come right after a newly president-elect enters the Whitehouse… see Whitehouse Hacked by Chinese Several Times, Both U.S Presidential Campaigns Hacked.


[1] “Survey: Critical infrastructure risks cyber attack”, Miya Knights, IT PRO, November 10, 2008, http://www.itpro.co.uk/608067/survey-critical-infrastructure-risks-cyber-attack (accessed on November 11, 2008)

[2] “Energy industry at risk of cyberattack, survey says”, Elinor Mills, November 11, 2008, http://news.cnet.com/8301-1009_3-10094382-83.html?part=rss&tag=feed&subj=News-Security (accessed on November 11, 2008)

[3] “Blackouts cause N America chaos”, BBC News, August 15, 2003,  http://news.bbc.co.uk/2/hi/americas/3152451.stm (accessed on November 11, 2008)

Quebec Launches Campaign Against Identity Theft

Yesterday the ISIQ (Institut de la Sécurité de l’Information du Québec) launched its new campaign to educate citizens computer security and protection of personal information over the Internet. The ISIQ launched a new portal, MonIdentité (in French) containing lots of information for users on how to protect their identity and to identify risks such as phishing, spyware, Trojans and weak passwords. The campaign has been launch by Pierre Arcand, deputy of the Mont-Royal district in Montreal.

“We want the citizens to become their own artisans of their security on the Internet, by adopting a secure behavior.” said M. Pierre Arcand.

The campaign comes amid a declaration from the Chaire de recherche du Canada sur la sécurité, identité et technologie (in French) who reports that in the last 3 years, 314 millions personal files where lost in 976 incidents in Canada and in the United States. Half of them were due to the incompetence of the owning corporation or organization.[1]

This is exactly the kind of initiative we need. Humans are always the weakest link in any security network, therefore educating the population about security is essential. My only fear is that this campaign will largely be ignored by the media and the population, since elections are looming in the province and economic news are still the main topic.

Je Protège Mon Identité - ISIQ Portal
Je Protège Mon Identité - ISIQ Portal

[1] “Pour naviguer sans tracas”, Radio-Canada, October 27, 2008, http://www.radio-canada.ca/nouvelles/societe/2008/10/27/003-securite-informatique.shtml (accessed on October 28, 2008)