Science

New cybersecurity network aims to share data on emerging threats

Leaders of some of Canada's largest industries are creating a new network to help businesses and the public stay abreast of emerging cyber threats from malware, hackers and online criminals.

Open to small and large businesses, Canadian Cyber Threat Exchange set to launch in early 2016

An analyst looks at code in the malware lab of a cybersecurity lab. Some of Canada's industry leaders are creating a new network to help businesses and the public stay abreast of emerging cyber threats. (Jim Urquhart/Reuters)

Leaders of some of Canada's largest industries are creating a new network to help businesses and the public stay abreast of emerging cyber threats from malware, hackers and online criminals.

"The threat is constantly evolving. The kinds of attacks, viruses and malware are rapidly changing. Nobody has the capability of staying ahead of it all the time," said John Manley, president of the Canadian Council of Chief Executives, which is spearheading the program.

Billed as the CCTX — or the Canadian Cyber Threat Exchange — it is set to launch in early 2016.

It will be run as an independent, not-for-profit organization open to business and institutions of all sizes. Its founding members include Air Canada, Bell Canada, CN Rail and HydroOne, as well as Royal Bank and TD.

Confidentiality around cyber breaches​

A CBC News investigation into cybercrime this fall determined Canada lags behind other countries when it comes to tracking, policing and thwarting cybercrime. Until now, Canada has had no system to track cyber incidents and private companies are not required to alert the public or customers when there is a breach.

Manley says most Canadian companies fear publicly acknowledging being a victim of a cyberattack for fear of losing business.

"In a world where everyone is being attacked, all the time, nobody wants to stick their hand up and say, 'They got in.' But they are willing to share," Manley told CBC News as he unveiled details of the new CCTX.

Manley says the CCTX won't require members to publicly admit to being targets of cyberattacks; rather, it will be a way to report new threats and share strategies to defend against them.

"It won't be to say, 'Oh look, Bell Canada was attacked and shut down for 30 minutes,'" Manley explained. "Instead it'll be a clearing house … a way to share information about incidents of, for example, malware, the kind of characteristics when it infected a CCTX member. It had this impact. Here was their response. Maybe they'll even share code written to deal with it."

Program's cost to be member-funded

The CCTX will be member-funded, with large corporations charged an annual fee of $50,000. Medium and small business will be required to pay $20,000 and $5,000 respectively.

The initiative will also work with the federal government's Canadian Cyber Incident Response Centre run by the Ministry of Public Safety.

"We believe this will expand quickly across large enterprises," Manley says.

Imran Ahmad, a Toronto lawyer specializing in cybersecurity and member of the Canadian Advanced Technology Alliance, an innovation and IT advocacy group, calls the new made-in-Canada program "good news."

"I want to see what the timeline is on this thing," Ahmad said. "I think there is a real need right now where businesses and organizations — government, universities, schools and all that — they need to have this resource sooner than later."

He says there are other "cyber threat sharing" businesses run by the likes of IBM. But this not-for-profit approach, engaging many different sectors, will help reach a large swath of Canadian enterprises, which may not all be equipped or able to defend themselves against cyberattacks.

John Manley says ultimately the CCTX should help all Canadians.

"Cybersecurity is a major concern for the electricity sector, telecommunications services, government, banking and financial services," Manley said. "Your service providers are today being attacked be it by criminals, state-sponsored hackers, or others. If you lose those services — you will care. This is for everybody."

ABOUT THE AUTHOR

Dave Seglins

CBC Investigations

Dave Seglins is an investigative journalist whose recent work includes exposés on global ticket scalping, offshore tax avoidance and government surveillance. He covers a range of domestic and international issues, including rail safety, policing, government and corporate corruption.