Canada vulnerable to Russian cyber attacks, says security expert
CBC Radio | Posted: January 2, 2017 3:39 PM | Last Updated: January 2, 2017
In December, allegations from the White House that Russian cyber-hacking interfered with the U.S. election, seem to have pitted the incoming and outgoing American presidents against each other.
Recently, U.S. President Barack Obama retaliated against Russia, imposing new sanctions and expelling dozens of diplomats. But Russian President Vladimir Putin surprised many by choosing not to retaliate — apparently waiting things out until Jan. 20., Donald Trump's inauguration.
New York Times correspondent Andrew Kramer has been reporting on Russia's alleged intensification of its cyberwarfare activities and joined The Current's Anna Maria Tremonti to discuss Putin's goals allegedly recruiting hackers.
"There's a deep interest in obtaining these capabilities for the Russia military and security services, and how it will be used," explains Kramer.
In his reporting of Kremlin's ongoing efforts to boost its cyber warfare capabilities, Kramer says little is known. "It's a secretive effort."
"It's not just a matter of uniformed military and in bunkers, for example, but it's really a sprawling activity that ... has included elements of Russia's I.T. community students and, according to at least some, indications criminal hackers as well."
Canada is not immune to this type of hacking. According to a report put out by the Communications Security Establishment (CSE), a Canadian federal intelligence agency, there were 4,500 known federal government computer-system compromises in 2016 alone.
Security expert Chris Dodunski of Phirelight Security Solutions says Canadian government institutions and political parties are very vulnerable to foreign cyber attacks.
He tells Tremonti that Canadian companies and institutions need to be situationally aware of what's going on to protect themselves.
"It's very difficult to keep tabs on the latest developments of the cyber threat landscape."
But he says a combination of training people about process, proper methodology and technology have to be considered.
"There's always a proper balance between having too much security and not enough security," says Dodunski.
"You know it's got to be in alignment with the business or the organization."
Listen to the full conversation at the top of this web post.
This segment was produced by The Current's Marc Apollonio and Samira Mohyeddin.