The shadow war: What policymakers need to know about cybersecurity
Eric MillerVice President, Policy, Innovation, and Competitiveness
Canadian Council of Chief Executives
March 9, 2015
3
3rd Platform2005-Present
Cloud Big Data Social
MOBILE DEVICES
BILLIONS OF USERS BILLIONS OF APPS
2rd Platform1990-2005
LAN/Internet Client/Server
PC
HUNDREDS OF MILLIONS OF USERS
HUNDREDS OF THOUSANDS OF APPS
1st Platform1970-1990
Mainframe Mini Computer
TERMINALS
MILLIONS OF USERS THOUSANDS OF APPS
EVOLUTION OF COMPUTING
Sources: Modified from IDC and RSA
Cyber Threats
• Fraud: Target 2013, Home Depot 2014
• National Security: Estonia 2007, Iran
• Theft of IP/Assets: Finance/DRDC 2011, NRC 2014
• Hackivism: Quebec 2012, “Anonymous” fights ISIS 2014-15
New Technical Complexity
Spear phishing Whaling Distributed Denial of
Service (DDoS) attack Botnets
Zero-day exploit Watering hole attack Extortionware Exploit kits
5
The Dark Web
6
• “Dark Web”: Collection of websites that are publicly visible but hide IP addresses of servers that run them.
• Everything from drugs and arms to fake passports and stolen credit cards for sale.
Internet of Things
7
• Everything that is networked is hackable.
• By 2020, an estimated 40 billion devices will transmit data over the Internet.
• Security of devices running our lives will be huge challenge.
Collaboration: Key to Progress
• Neither government nor private sector can solve this challenge alone.
• Private sector owns 90% of critical infrastructure and most non-critical infrastructure in North America.
8
Collaboration: Key to Progress 2
• Biggest companies invest heavily in cyber.
• Public sector makes laws and regulations and brings key capabilities to the table.
• Public sector also facilities information and capability sharing.
9
Closing Questions• How do we as a country get ahead of this fast
evolving challenge?
• Are there better ways to work with our allies on cybersecurity?
• What is the role of Parliament in addressing these challenges?
10