- 注册
- 2002-10-07
- 消息
- 402,590
- 荣誉分数
- 76
- 声望点数
- 228
Every successful cyber attack on government networks last year could have been avoided if federal computers had been properly patched and were up to date with the latest available software, says one of the people charged with defending this country against hackers.
Scott Jones, the director general of cyber defence at the Communications Security Establishment Canada, took to the stage Wednesday at the Government Technology Exhibition and Conference in Ottawa.
He said the stories everyone has heard of hackers getting more and more sophisticated in the way they worm their way into government systems are all true. However, he said, one of the biggest issues facing government, and other organizations, remains keeping up with updates to their computing infrastructure.
Among the challenges Jones faces with the Government of Canada systems is in testing software patches before they are rolled out. It could lead to entire networks being pulled offline until a vulnerability can be addressed in a secure fashion, he said.
“How long do you think it takes to test and patch multiple systems across all federal departments?” Jones asked the crowd in attendance, adding that the lag in getting patches out to government computers isn’t lost on the hackers.
“Persistent threats will gain access to our systems,” said Jones. “It would be an understatement to say that this has been a hectic year for cyber security in Canada.”
With so many vulnerabilities being released on a day-to-day basis, software makers are scrambling to release software patches for their products, often those patches have been so hastily designed that they are full of software bugs themselves, which can lead to bigger problems.
Hackers regularly comb through new patches released by software vendors in order to determine the vulnerabilities in various types of software then quickly tailor viruses, worms or other malware to take advantage of those flaws.
“We’ll see a patch released on Tuesday and then exploits for those vulnerabilities on Wednesday,” he said.
Jones said the ongoing shift to Shared Services Canada will help the Canadian Security Establishment to better protect government information as it will reduce the number of access points, email networks and data centres that require monitoring.
His message to the crowd of security professionals was that they should start expecting hackers to break in and prepare accordingly.
He suggested organizations divide information stores, keeping research and statistics seperate from payroll and business information. He also suggested having multiple tiers of access to prevent lower-level staff members from being targeted and giving up the keys to the entire digital kingdom.
“The people most targeted are the admin community of senior officials. They are bombarded,” he said. “Key information should be stored in restricted areas.”
Diane Finley, minister of public works and government services, said later Wednesday at the conference that the federal government spends more that $5 billion annually on information technology for its workers.
She said Shared Services Canada will soon be saving the government as much as $150 million annually and will eventually reduce the number of datacentres operated by the government from 485 to 7.
Finley told the crowd the rollout of Shared Services Canada is a kin to carpooling.
“Now we’re replacing 43 cars with a 43-person bus. In the end we’ll have one vehicle that all departments share. No more overspending, no more duplicating,” she said to the crowd in attendance, while applauding the federal government’s Cyber Security Strategy, which was released in 2010.
The strategy has been highly controversial, with many security experts claiming its seven-year, $245 million plan doesn’t set aside anywhere near enough investment to adequately prepare government for the online threats it is facing.
Finley wasn’t available for comment on the merits of the government’s official Cyber Security Strategy. A scheduled media scrum after her keynote address was cancelled.
The theme of this year’s GTEC event, which is being held at the Shaw Centre, is “Government from the Outside-in.” It aims to encourage public-sector workers to brainstorm new products and services to provide Canadians better access to government. The event, now in its 22nd year, will wrap up Thursday.
Vpilieci@ottawacitizen.com
Twitter.com/Vpilieci
查看原文...
Scott Jones, the director general of cyber defence at the Communications Security Establishment Canada, took to the stage Wednesday at the Government Technology Exhibition and Conference in Ottawa.
He said the stories everyone has heard of hackers getting more and more sophisticated in the way they worm their way into government systems are all true. However, he said, one of the biggest issues facing government, and other organizations, remains keeping up with updates to their computing infrastructure.
Among the challenges Jones faces with the Government of Canada systems is in testing software patches before they are rolled out. It could lead to entire networks being pulled offline until a vulnerability can be addressed in a secure fashion, he said.
“How long do you think it takes to test and patch multiple systems across all federal departments?” Jones asked the crowd in attendance, adding that the lag in getting patches out to government computers isn’t lost on the hackers.
“Persistent threats will gain access to our systems,” said Jones. “It would be an understatement to say that this has been a hectic year for cyber security in Canada.”
With so many vulnerabilities being released on a day-to-day basis, software makers are scrambling to release software patches for their products, often those patches have been so hastily designed that they are full of software bugs themselves, which can lead to bigger problems.
Hackers regularly comb through new patches released by software vendors in order to determine the vulnerabilities in various types of software then quickly tailor viruses, worms or other malware to take advantage of those flaws.
“We’ll see a patch released on Tuesday and then exploits for those vulnerabilities on Wednesday,” he said.
Jones said the ongoing shift to Shared Services Canada will help the Canadian Security Establishment to better protect government information as it will reduce the number of access points, email networks and data centres that require monitoring.
His message to the crowd of security professionals was that they should start expecting hackers to break in and prepare accordingly.
He suggested organizations divide information stores, keeping research and statistics seperate from payroll and business information. He also suggested having multiple tiers of access to prevent lower-level staff members from being targeted and giving up the keys to the entire digital kingdom.
“The people most targeted are the admin community of senior officials. They are bombarded,” he said. “Key information should be stored in restricted areas.”
Diane Finley, minister of public works and government services, said later Wednesday at the conference that the federal government spends more that $5 billion annually on information technology for its workers.
She said Shared Services Canada will soon be saving the government as much as $150 million annually and will eventually reduce the number of datacentres operated by the government from 485 to 7.
Finley told the crowd the rollout of Shared Services Canada is a kin to carpooling.
“Now we’re replacing 43 cars with a 43-person bus. In the end we’ll have one vehicle that all departments share. No more overspending, no more duplicating,” she said to the crowd in attendance, while applauding the federal government’s Cyber Security Strategy, which was released in 2010.
The strategy has been highly controversial, with many security experts claiming its seven-year, $245 million plan doesn’t set aside anywhere near enough investment to adequately prepare government for the online threats it is facing.
Finley wasn’t available for comment on the merits of the government’s official Cyber Security Strategy. A scheduled media scrum after her keynote address was cancelled.
The theme of this year’s GTEC event, which is being held at the Shaw Centre, is “Government from the Outside-in.” It aims to encourage public-sector workers to brainstorm new products and services to provide Canadians better access to government. The event, now in its 22nd year, will wrap up Thursday.
Vpilieci@ottawacitizen.com
Twitter.com/Vpilieci
查看原文...
