9 septembre 2019 | Local, C4ISR

Norad asked Canada to 'identify and mitigate' cyber threats to critical civilian sites

by Murray Brewster

The U.S.-led North American Aerospace Defence Command (Norad) asked the Canadian military to do an inventory of its bases and the surrounding civilian infrastructure, looking for critical systems vulnerable to a cyberattack.

The letter to Canada's chief of the defence staff, written by then-Norad commander U.S. Admiral William Gourtney just over three years ago, was obtained by CBC News under access to information legislation.

Despite the passage of time, two leading cyber experts said the request highlights an enduring concern of both defence planners and people in high-tech industries.

The notion that a cyberattack could shut down civilian infrastructure — such as power grids, water treatment plants or traffic systems — in the vicinity of a military base is nothing new.

What is unusual is that Norad sought reassurance, at the highest levels of the military, that Canada was on top of the evolving threat.

The Norad commander asked Gen. Jonathan Vance to "identify and mitigate" Infrastructure Control Systems (ICS) vulnerabilities on Canadian military bases, particularly at "installations that are critical for accomplishing Norad missions."

The March 24, 2016 letter also urged Canada's top military commander to "advocate developing capabilities to respond to cyber incidents on CAF [infrastructure control systems] and defend CAF [infrastructure control systems] if required."

Gourtney's concern was not limited to defence installations; he asked Vance to "work with Public Safety Canada to identify civilian infrastructure that is critical to CAF and Norad missions. This includes developing processes for reporting cyber incidents on the identified civilian infrastructure."

Vance responded to Gourtney (who has since retired and was replaced by U.S. Air Force Gen. Terrence O'Shaughnessy) three months later and directed the military to hunt for vulnerabilities.

"I share Norad's concerns for the cybersecurity" of critical defence infrastructure, Vance wrote on June 10, 2016, in a letter obtained by CBC News under access to information legislation.

He noted that the Canadian government has identified "adversaries" that pose "a significant threat and efforts have been made to identify and develop protective strategies for Canadian critical infrastructure."

The Liberal government — through its defence strategy and overhaul of security legislation — tackled some of the concerns raised by Norad.

It gave the Communications Security Establishment (CSE) and the military new powers to conduct offensive cyber operations. Perhaps more importantly, it set up the Canadian Centre for Cyber Security for civilian infrastructure, which — according to CSE — aims to "be a place where private and public sectors work side-by-side to solve Canada's most complex cyber issues."

David Masson, a cyber expert, said minimizing the vulnerability of civilian, privately operated infrastructure continues to be an extraordinarily complex task.

The major vulnerability is in what's known as operational technology systems, the kind of computer-driven tasks in utilities and other infrastructure that open and close valves or perform remote functions.

The task of securing them is made extraordinary difficult in part by the wide variety of operating systems out there.

"There's lots of them," said Masson, the director of technology at Darktrace, a leading cybersecurity company. "Look at it as 50, 60, 70 different bespoke communications systems. There's no real standardization because they're so old. Many of them were never expected to be connected to the internet."

He pointed to the 2015 and 2016 cyberattacks on Ukraine's power grid, which in one instance cut electricity to 225,000 people, as examples of what's possible when hackers go after operational technology systems.

It is also the kind of event that Norad is concerned about.

"The kinds of equipment and machinery that supports the transport of natural gas or the provision of air conditioned services, or our water supply — all of those are critical to Canadians and our militaries," Lt.-Gen.Christopher Coates, the Canadian deputy commander, said in a recent interview with CBC News.

He said Norad is focused on the capabilities that are essential to doing its job of defending North America against attack, and they try to "minimize those vulnerabilities where we can."

There is, Coates said, an interesting discussion taking place at many levels of the military about what constitutes critical infrastructure.

"You asked if we're satisfied. I get paid to be concerned about the defences and security of our nations. I don't think I should ever be satisfied," he added.

'Inauthentic activity' in Alberta election a possible preview of tactics in the federal campaign, report warns
Privacy commissioner launches investigation into licence plate breach
With ransomware on the rise, RCMP urging victims to 'be patient with police'
Christian Leuprecht, a defence expert at Queen's University in Kingston, Ont., said defining critical infrastructure is a complex and evolving task.

He pointed to Russian interference in the 2016 U.S. presidential election; prior to that event, he said, the definition of critical infrastructure was limited to power plants, electricity grids and even the financial system.

"A lot of things people are wrestling with the question of what institutions — take, for example, democratic institutions — become critical infrastructure," said Leuprecht.

The Ukrainian attacks, in the view of many defence experts, are a blueprint of what the opening shots of a future war would look like.

"There's a considerable and growing awareness that our defence and critical infrastructure systems are closely tied together because countries, such as China, preserve cyberattack as a first-strike option," Leuprecht said.

Masson said there are ways to limit the vulnerability of operational technology systems. Not connecting them to the internet would be a start, but many companies are choosing not to do that for efficiency reasons.

He said they also can be protected with "robust" security systems.

https://www.cbc.ca/news/politics/norad-cyber-civilian-1.5273917

Sur le même sujet

7 décembre 2018 | Local, Aérospatial

Senate committee outlines recommendations for Canadian SAR
by Ken Pole As the Royal Canadian Air Force (RCAF) gears up for the late 2019 arrival of the first of 16 new Airbus CC-295 fixed-wing search and rescue (FWSAR) aircraft, a Senate committee said the government should consider the deployment of even more search and rescue (SAR) aircraft. “This would be a multi-year, mega-government dollar capital procurement project,” the Standing Senate Committee on Fisheries and Oceans acknowledged in an exhaustive new report, When Every Minute Counts: Maritime Search and Rescue. “Repositioning current aeronautical SAR assets is not feasible . . . at this time because the fleet is fully utilized.” The November 2018 report is based on more than two years of study and hearings, which wrapped up in October. While most witnesses were heard in Ottawa — including senior RCAF, Canadian Coast Guard (CCG) and Transport Canada officials, as well as representatives of several industries — the committee also travelled to bases across the country as well as visiting officials and SAR facilities in England, Ireland, Norway and Denmark. RCAF fixed- and rotary-wing assets are a key element in covering nearly 18 million square kilometres of land and sea. In 2017, the Joint Rescue Coordination Centres in Victoria, Trenton and Halifax responded to 10,003 SAR calls, 62 per cent of them maritime. The committee predicts that the number of calls in the Arctic will increase as global warming results in a longer ice-free navigation period. Accordingly, the report recommends that the CCG establish additional primary search and rescue stations in the Canadian Arctic, where no SAR aircraft are currently based. It also calls on the Department of National Defence (DND) to authorize a pilot project which would see private civilian helicopters provide coverage in the North as well as in Newfoundland and Labrador, where the committee says “a disproportionately high number” of SAR incidents occur. In addition to the possible privatization of some missions (CHC Helicopter and Cougar Helicopters Inc. appeared before the committee), the committee also said the CCG should be an independent agency. “The Canadian Coast Guard . . . is hampered by its position within Fisheries and Oceans Canada, which leaves it at the mercy of the department for funding and prevents it from receiving long-term sustainable capital funding.” SAR reaction times were also an issue for the committee. It was told that the CCG's official time is 30 minutes from when a helicopter or ship is tasked until it departs, but that it usually takes less than 15 minutes in the case of a surface vessel, because they are probably on the water already. In comparison, the RCAF has a reaction time of 30 minutes during a typical eight-hour working day five days a week, and two hours at all other times. “Like the CCG vessels, the Canadian Armed Forces (CAF) crews are often airborne sooner than the targeted reaction time, around 20 minutes during working hours and one hour outside of working hours,” the committee notes. “However, there was considerable discussion regarding what witnesses called the CAF's ‘two-tier reaction time.' It was stressed that the two-hour reaction time guaranteed outside of working hours had . . . resulted in missions becoming recovery-oriented instead of rescue-oriented. In their view, the CAF should have a reaction time of 30 minutes, 24/7/365, like the CCG.” DND witnesses told the committee the concern had been addressed “to the extent possible” and it was the responsibility of SAR commanders in the three regions to align the 30-minute reaction time to coincide with the observed periods of greatest maritime SAR activity. “Overall, the committee was told that shifting the regular weekly schedules without increasing the total number of hours worked has improved readiness.” It also was told it was impossible for the RCAF to maintain 30-minute readiness at all times because “pilots and SAR aircrew members have a limit on how long they can engage in flying operations.” Sustaining a 30-minute target would require crews to remain poised on flight lines. “The two-hour reaction time allows the pilots and aircrews to be ‘fresh' and able to deliver a SAR response for up to 14, 16, 18 hours, which allows them to then go longer, further distances. Moreover, the increased level of readiness would require more aircraft, add more maintenance and necessitate infrastructure upgrades.” The committee says that despite improvements, Canada's SAR reaction time is “not at par” with other countries. “Aeronautical SAR assets operated in the United Kingdom, Ireland, and Denmark respond within 15 minutes during the day and between 30 and 45 minutes at night.” The committee says that given current shortfalls in the RCAF's pilot, flight engineer and SAR Technician cadres, it isn't possible to impose similar reaction times on RCAF crews. But it says it hopes the RCAF will reconsider its reaction time targets once personnel shortages are addressed. https://www.skiesmag.com/news/senate-committee-outlines-recommendations-for-canadian-sar
28 janvier 2019 | Local, Aérospatial

Plus question pour le Canada de se retirer du très coûteux programme des F-35 américains
Par Stéphane Parent | francais@rcinet.ca Le responsable de l'approvisionnement militaire au ministère de la Défense révèle que le Canada, l'un des neuf pays partenaires du programme de mise au point des F-35, n'a pas planifié de s'en retirer. Il semble qu'Ottawa ira de l'avant avec le versement de dizaines de millions de dollars pour le développement de cet avion de chasse F-35, même si le gouvernement fédéral continue d'étudier la pertinence ou non d'acheter ces appareils pour remplacer près d'une centaine de CF-18 qui ont plus de 40 ans d'usure. Le F-35 figure parmi les quatre modèles qui seront évalués à partir du printemps prochain dans un appel d'offres de 19 milliards, qui résultera dans l'acquisition de 88 nouveaux avions de combat. Le Canada a investi plus de 500 millions dans le programme des F-35 au cours des 20 dernières années, dont 54 millions l'an dernier. Son prochain paiement annuel doit être fait ce printemps, et il y en aura sans doute d'autres, étant donné que l'appel d'offres n'est pas censé se conclure avant 2021 ou 2022. Ce versement annuel permet au Canada de demeurer pendant encore un an membre du club des neuf partenaires dans le projet du futur avion de chasse F-35, dont la mise au point connaît des déboires majeurs. La stratégie de rester dans le camp du F-35 Le Canada demeure donc résolument dans le camp de l'aviation militaire américaine avec l'Australie, le Danemark, l'Italie, la Norvège, les Pays-Bas, le Royaume-Uni et la Turquie. Ces pays pourront soumettre des offres pour les contrats de milliards de dollars liés à la fabrication et à l'entretien des avions de chasse, mais aussi bénéficier de rabais s'ils décident d'en acheter. D'autres modèles de rechange proposés sont de conception européenne – le Gripen de Saab, le Typhoon du consortium Eurofighter et le Rafale de Dassault – et Ottawa privilégie une conception http://www.rcinet.ca/fr/2019/01/24/plus-question-pour-le-canada-de-se-retirer-du-tres-couteux-programme-des-f-35-americains/
19 décembre 2018 | Local, Aérospatial

Airbus delivers Canada’s first H145 to the Royal Canadian Mounted Police
For multi-faceted law enforcement missions, the new H145 can be reconfigured quickly and easily Fort Erie, Ontario, 19 December 2018 – Airbus has delivered Canada's first H145 helicopter to the Royal Canadian Mounted Police (RCMP). The versatile twin-engine Airbus H145 is the latest variant of the H145 family of aircraft. RCMP's Air Support Unit will utilize the H145 for a variety of missions including surveillance and pursuit, fast roping, hoisting, Emergency Response Team operations, harbour surveillance and ship landings, and mountain search and rescue. The aircraft will be based in Langley, B.C., and will operate mainly in the Vancouver Lower Mainland region, with the ability to deploy elsewhere as required. "With its enhanced safety features and reputation for reduced maintenance and excellent availability, the multi-role H145 is an ideal aircraft for multi-faceted law enforcement missions," said Romain Trapp, President of Airbus Helicopters Canada. “We are very pleased that the H145 will enter into service to support RCMP operations, assisting the men and women who serve and protect the Canadian people.” Airbus helicopters are the aircraft of choice for law enforcement organizations across Canada, capturing 83 percent of the market. The H145 has been equipped with a wide variety of mission specific equipment including external hoist and rope down device (for 2/1 persons), Trakka A800 searchlight, Enhanced Reality System, Health Monitoring System (HMS), FLIR, Night Vision Goggles, Tactical Flight Officer (TFO) workstation and internal long range fuel tank system. The Airbus H145 leads the light twin-engine helicopter market, incorporating an innovative Helionix® avionics system and 4-axis autopilot. The aircraft's combination of speed and performance, along with the Fenestron® shrouded tail rotor, large cabin and rear-loading clamshell doors, makes it the aircraft of choice for a variety of civil missions worldwide. About Airbus Airbus is a global leader in aeronautics, space and related services. In 2017 it generated revenues of € 59 billion restated for IFRS 15 and employed a workforce of around 129,000. Airbus offers the most comprehensive range of passenger airliners from 100 to more than 600 seats. Airbus is also a European leader providing tanker, combat, transport and mission aircraft, as well as one of the world's leading space companies. In helicopters, Airbus provides the most efficient civil and military rotorcraft solutions worldwide. https://www.airbus.com/newsroom/press-releases/en/2018/12/airbus-delivers-canada-s-first-h145-to-the-royal-canadian-mounte.html

Toutes les nouvelles