4 janvier 2019 | Local, C4ISR, Sécurité

Canada’s domestic spy agency looking to hire hackers and data scientists

By ALEX BOUTILIER Ottawa Bureau

OTTAWA–Canada's domestic spy agency is in the market for hackers.

The Canadian Security Intelligence Service (CSIS) wants to hire a “network exploitation analyst” to assist the agency in “cyber investigative activities.”

The successful candidate will be expected to build new tools for the spy agency to carry out electronic snooping, develop and maintain a database of “malware” exploits, and provide analysis of “technical artifacts,” according to the job posting.

CSIS, which investigates activities suspected of constituting threats to national security, can and routinely does rely on its sister agency, the Communication Security Establishment (CSE), for high-tech help with its espionage efforts. While CSE is focused on gathering foreign intelligence and is forbidden from spying on Canadians, it can assist domestic law enforcement and intelligence agencies with their own investigations.

But one spy watcher said CSIS building up an in-house capability for cyber spying may have less to do with traditional espionage than with its new powers actually to disrupt threats to Canada.

Ronald Deibert, the director of Citizen Lab at the University of Toronto's Munk School of Global Affairs, said he's not surprised CSIS is in the market for hackers — state-sponsored hacking is on the rise, and the Liberal government's new national security laws empower Canada's spy agencies to take part.

But Deibert, one of Canada's foremost cybersecurity researchers, told the Star that he has significant concerns about the agencies' new electronic powers.

“While (Liberal national security bill) C-59 placed some limits and provided some clarity on what those disruption powers would entail, the prospect of CSIS hacking in any form should give everyone pause, especially because there is still a lot of uncertainty around what that mandate would allow,” Deibert said in an email.

“Practically speaking, CSIS hacking could include computer network interference in a foreign election process, compromising the integrity of important digital tools that Canadians rely on for everyday privacy and security, creating fake online personas and using them to spread disinformation and more.”

John Townsend, a spokesperson for the spy agency, said Bill C-59 gives the agency “clear legislative authority” for the collection and analysis of information not “directly or immediately” related to national security threats.

Full article: https://www.thestar.com/news/canada/2019/01/03/canadas-domestic-spy-agency-looking-to-hire-hackers-and-data-scientists.html

Sur le même sujet

  • Griffon life extension program to include upgraded sims

    5 février 2019 | Local, Aérospatial

    Griffon life extension program to include upgraded sims

    The Royal Canadian Air Force (RCAF) will be seeking an upgrade to its CH-146 Griffon maintenance and flight training simulators as part of a life extension project for the multi-role utility helicopters. The first phase of the project, which is intended to keep the fleet of 85 Griffons flying until at least 2031, took off on Jan. 26 with the award of a $90 million contract to Bell Helicopter Textron Canada to develop and design options for the avionics systems, engines, integrated sensors and cockpit displays. A follow-on contract to install new systems and upgrade others is expected in 2022. Around the same time, the federal government will be inviting industry to respond to a request for proposals to modernize the Griffon simulators, according to a Department of National Defence spokesperson. “The upgrade to the flight simulation devices will be procured under a separate contract,” she said in an emailed response. The CH-146 simulators were built by CAE and delivered to the RCAF in the mid-1990s, shortly before the helicopters entered service between 1995 and 1997. CAE continues to provide in-service support. As part of what is being called the Griffon Limited Life Extension (GLLE) project, the RCAF wants to replace a number of the helicopter's avionics systems, including communications radios and cryptographic equipment, cockpit voice and flight recorders, the navigation systems, the automatic flight control systems, and the control display units. Obsolescence of critical components has been a problem for maintenance technicians for several years now. The design phase will also look at upgrades to the engines and to the sensor suite. The CH-146, which is based on the Bell 412, performs a variety of transport, close fire support and armed escort missions for tactical aviation and special operations forces. However, it has a top speed of around 260 kilometres per hour, well below that of the Boeing CH-147F Chinook that it escorts during missions such as Operation Presence in Mali. “These helicopters have performed extremely well over the years and with these new upgrades, they will continue to be a valuable asset that will allow our personnel to carry out missions and operations successfully well into the future,” RCAF commander LGen Al Meinzinger said in a statement. While aircrews would like more speed, more lift and bigger guns as part of any upgrade program, the current platform meets most of their needs, Col Travis Morehen, commanding officer of 1 Wing, the RCAF's tactical aviation headquarters in Kingston, Ont., told Skies in a recent interview. “I think we have done a really good job of exploiting what we can do with the Griffon,” said Morehen, who is currently serving as commander of the Canadian Armed Forces task force in Mali. “I don't think there are many nations that have been as agile and flexible with that type of platform as we have, whether it is the combat service support role for search and rescue, or precision insertion for special operations . . . or what we are doing in terms of utility lift, or providing, with the GAU-21 (.50 Cal machine gun), stand off fires.” Whatever the changes that are ultimately accepted as part of the initial design phase now being conducted by Bell, the helicopters will require upgraded flight training and maintenance simulators to match. The GLLE project, including modernized simulators, is expected to reach initial operational capability by 2024 and be fully operational by 2026. https://www.skiesmag.com/news/griffon-life-extension-program-to-include-upgraded-sims/

  • No need to ensure purchased military equipment actually works, government officials argue in procurement dispute

    4 septembre 2018 | Local, Aérospatial, Naval, Terrestre, C4ISR

    No need to ensure purchased military equipment actually works, government officials argue in procurement dispute

    David Pugliese, Ottawa Citizen Officials admit they have never tested the latest search and rescue gear to be used by the military and coast guard Canada is under no obligation to ensure the military equipment it purchases can actually do the job, federal officials are arguing, as they admit they have never tested the latest search and rescue gear to be used by the military and coast guard. The admission by staff of Public Services and Procurement Canada is among the evidence in a complaint by two defence firms that argue the government's decision to award a contract to a rival company was unfair. The complaint was filed on July 27 with the Canadian International Trade Tribunal by Kongsberg Geospatial of Ottawa on behalf of Critical Software, a Portuguese firm. The complaint centres on the government decision to name MDA Systems the winner of a $5.6 million contract to provide software to help in search and rescue missions. Critical Software, which teamed with Kongsberg to bid on the project, had originally raised concerns with the government about why the two companies' proposal was thrown out on a technicality. The Critical Software system is used by more than 1,000 organizations, such as coast guards, police and military in more than 30 countries in Europe, Asia, Africa and South America. But because Critical Software and Kongsberg didn't provide a percentage figure of how many systems were in use in each region, their bid was disqualified by the government. The two companies questioned that decision and were stunned when federal officials admitted they have never tested the winning system and didn't actually know whether it meets the requirements of the Canadian Forces or the Canadian Coast Guard. Public Service and Procurement Canada officials stated “Canada may, but will have no obligation, to require that the top-ranked Bidder demonstrate any features, functionality and capabilities described in this bid solicitation or in its bid,” according to the federal response provided to Kongsberg/Critical Software and included in its complaint to the trade tribunal. The government noted in its response that such an evaluation would be conducted after the contract was awarded and insisted the acquisition process was fair and open. Full article: https://nationalpost.com/news/canada/no-need-to-ensure-military-equipment-purchased-actually-works-government-officials-argue-in-procurement-dispute

  • Online 'phishing' attacks expected to target housebound staffers as COVID-19 spreads

    17 mars 2020 | Local, C4ISR, Sécurité

    Online 'phishing' attacks expected to target housebound staffers as COVID-19 spreads

    It's a 'huge opportunity' for online crime, one expert warns The number of "phishing" attacks meant to steal the online credentials of public servants and corporate sector employees now housebound due to the COVID-19 pandemic is on the rise, one cyber security expert warns. Many attempts are being made against employees who are working from home on virtual private works (VPNs). Cyber experts are still gathering data to establish a direct correlation between the pandemic crisis and the increase in malicious activity. But Rafal Rohozinski, chief executive officer of the SecDev Group of Companies, said this pandemic moment — when large numbers of employees are at home and receiving instructions from their workplaces on how to connect to internal networks — offers online thieves a "huge opportunity." Federal government and corporate sector systems were never designed to support a sudden, mass migration of employees from offices to their homes, he said. "The opening that creates for those who want to wreak havoc through ransomware and malware is really, really significant," said Rohozinski. "And I don't think we're anywhere near prepared for that. "What we're seeing is an increase in phishing being used as a means to get people's credentials." U.S. Health Department attacked The U.S. Health and Human Services Department's website was hit by a cyber attack over several hours on Sunday, an incident which involved overloading its servers with millions of hits. Officials said the system was not penetrated, although media reports in Washington described it as an attempt to undermine the U.S. government's response to the coronavirus pandemic — and may have been the work of a foreign actor. Rohozinski said that while the facts are not all in yet, his "professional guess" is that there's a link between the attack and the COVID-19 crisis. Last week, Canada's top military commander warned that he'd seen recent indications the country's adversaries intend to exploit the uncertainty, confusion and fear generated by the pandemic. Send in the trolls: Canada braces for an online disinformation assault on COVID-19 Gen. Jonathan Vance, chief of the defence staff, was not specific about the potential threats — but experts say they could range from hacking to online disinformation campaigns aimed at discrediting the federal government's response. Rohozinski said he's concerned about the federal government's technical capacity to support thousands of employees on private networks. "Everybody's moving on to VPNs. Everybody," he said. "This is an enormous pinpoint and an enormous vulnerability." Federal Digital Government Minister Joyce Murray's office was asked for a response Monday, but was unable to provide an immediate comment. Many of the country's leading information technology companies are part of the Canadian Cyber Threat Exchange (CCTE), a nonprofit centre where companies can swap information and insights. A CCTE spokeswoman said the corporate sector is better prepared to face the challenges posed by the mass movement of employees to home networks. Canada to bar entry to travellers who are not citizens, permanent residents or Americans Canadian military bans international travel in response to COVID-19 Still, there is reason for concern. "Given we are moving people to work from home now, companies need to ensure that the work from home environment is as safe as the corporate environment and that people are trained to notice these phishing campaigns, just like they were in the corporate environment," said Mary Jane Couldridge, director of business development at the CCTE. "It's a matter of keeping our community aware of what is impacting Canada daily so we know how to react to it and prevent it from spreading — and not chase rainbows." Most corporations have plans they'll activate now to cover the wholesale movement of employees to networks outside of the office, she added. https://www.cbc.ca/news/politics/online-hacking-phishing-covid-19-coronavirus-1.5499725

Toutes les nouvelles