IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Vital U.S. Partnerships With Canada on All Things Cyber

At the InCyber Forum North America, held this past week in Montréal, Canada, the importance of maintaining meaningful global partners in cybersecurity was never more evident.  

Dan Lohrmann sitting on stage wearing a headset and moderating a panel of four speakers.
As I was about to take the main stage at the InCyber Forum North America held at the Montréal Convention Center to moderate a keynote panel on the topic of protecting critical infrastructure when a powerful feeling came over me regarding the importance of this cybersecurity topic and particularly the challenges we face as a global community at this moment.

No, this was not just a nervous feeling of intimidation before public speaking, nor even the awkward feeling I get when wearing a headset to translate French comments by panelists into English. Rather, with all that is going on around the world (thinking particularly about the war in Ukraine and our many challenges in the Middle East and Asia), the predictions that were made a decade ago by many of us in the cyber industry are coming true before our eyes.

For more details, and according to the program, the session was titled: “S01 – Critical Infrastructures: Challenges and Unique Perspectives.”

Here is the session description: “Attacks on critical infrastructures can take many forms. They may consist in paralyzing these entities, but they can also take the form of the theft of sensitive data. What role can public-private cooperation play in protecting these critical infrastructures? What are the specific challenges involved in protecting critical infrastructures in the energy and utilities sectors? How can the application of industrial cybersecurity principles, such as network segmentation and real-time monitoring, enhance the protection of a state's critical infrastructures? What are the ethical implications of protecting a state's critical infrastructures through cybersecurity, particularly with regard to data collection, citizens' privacy and the use of offensive techniques?”

This was the agenda:

Interview - Critical Infrastructures: Cybersecurity First: 9:20 a.m. - 9:40 a.m.
Speaker:
  • Patrick Boucher, senior assistant deputy minister (SADM) for the National Security and Cybersecurity Branch (NCSB), Public Safety Canada
Moderator:
  • Steve Waterhouse, capt. (retired), CD, CISSP

Round table - State CISOs: Challenges and Unique Perspectives: 9:40 a.m. - 10:25 a.m.
Speakers:
  • Nancy Rainosek, CISO, Government of Texas
  • Daniel Couillard, general manager of partnerships and risk mitigation, Canadian Centre for Cybersecurity (CCCS)
  • Lise Girard, assistant deputy minister of information security and cybersecurity, Ministère de la Cybersécurité et du Numérique du Québec (MCN)

Moderator:
  • Dan Lohrmann, CISO, Presidio

Closing remarks: 10:25 a.m. - 10:40 a.m.
Speaker:
  • Matthew Rosenquist, CISO, Eclipz.io Inc.

Dan Lohrmann standing on stage wearing a headset and holding a clipboard while speaking.

WHAT’S THE CURRENT CYBER SIGNIFICANCE?


As I mentioned in my opening remarks, many of us have been discussing critical infrastructure protection for more than a decade. We held our first state government-focused conference on this topic in 2005 in Michigan, with representatives from DHS and the private sector.

But attacks have been escalating over the past several years, as I highlighted in this piece on the anniversary of the Colonial Pipeline ransomware incident. Just this past week, five southern Ontario hospitals were impacted by a cyber attack on a shared services provider. Here’s an excerpt on that situation:

“A cyber attack on a firm that provides shared IT services for five hospitals in Southern Ontario could be an example of what happens if a provider has trouble.

“The five hospitals — Bluewater Health of Sarnia, Ont., Chatham Kent Health Alliance, Erie Shores HealthCare of Leamington, Ont., Hôtel-Dieu Grace Healthcare and Windsor Regional Hospitalsaid in a joint statement Monday that a cyber attack on their IT provider, TransForm Shared Service Organization, is impacting IT services.

“'Unfortunately, this incident is impacting our provision of care in various ways,' the hospitals said in the statement.”

The conversations during our critical infrastructure sessions ranged from urgent daily problems with cyber attacks to practical solutions available for partnerships. A related session the next day included White House representation and highlighted the new national cybersecurity strategy implementation plan.

But my main point is that we need to work with our neighbors, and that partnership needs to be ongoing both with the 50 states (and local governments) as well as with our neighbors to the north (and south).

Back in April, I highlighted a view from Europe on these topics, and many of the same challenges and solutions were again highlighted in Canada this past week.

Nevertheless, the opportunities to partner cannot just stop at borders, as cyberspace truly knows no borders. The approach taken by the InCyber Forum North America brings together a truly global mix of cyber industry experts who have meaningful dialog and discussion of various approaches.

I admire their different approach to cybersecurity events. This press release describes the event.

For example, check out their different sections:

MAIN STAGE
BLUE DISTRICT
WHITE DISTRICT
BLACK DISTRICT
GREEN DISTRICT
HACKING LAB
PITCH LAB

One roundtable I was in had experts from Brazil, Ukraine, Africa, Germany, France, Canada and the U.S.

This topic is also very important to Canada, as it is in the U.S. For example, see this investment article:

“Over $10 Million Invested by the Government of Québec and the Government of Canada in a Quantum Communication Test Bed Available to Montreal, Quebec City and the DistriQ Quantum Innovation Zone in Sherbrooke”

Also here are two related articles: “Delivering better public transit for people in Montréal” and “Montreal electricity organization latest victim in LockBit ransomware spree.”

FINAL THOUGHTS


There are many more observations on this international cyber topic that I plan to come back to in a later blog, but I want to end with an excerpt from a great article which highlights the need for cross-border cooperation in our dangerous cyber world.

“Canada, U.S. ‘have to look after each other’ on cybersecurity: Cyber Centre head":

“The man in charge of protecting Canadians from malicious hackers says it is vital for Canada and the United States to keep working closely together on cybersecurity.

“Sami Khoury, the head of the Canadian Centre for Cyber Security, was in D.C. this week for an international cybersecurity summit and meetings with U.S. counterparts.

“Khoury says the two countries have become essential partners in fortifying the continent’s cyber defenses, a collaboration he expects will only continue to grow.

“But in a world of ransomware, foreign interference and hostile nation-states, he worries that citizens and businesses alike aren’t taking the danger seriously.

“Khoury says the only thing that keeps him up at night is the risk of the Cyber Centre’s alerts and advice being disregarded, due to cost or apathy.”
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.