The Currency of TrustPrivacy, Security and Trust in Digital Government

About David

• Director of Strategic Initiatives,

University of New Brunswick,

Information Technology Services

• CEO, Beauceron Security Inc.

• Technology Analyst, Toronto640 AM

Talk Radio

• BA, ICS (‘05), MBA (‘15), CISM (‘17)

How we perceive the

Internet and

Technology

The way it really is

The Internet was never designed

to be secure

New Brunswick becomes the first province in

Canada to appoint a cabinet minister for the

electronic information highway

in

1994

New Brunswick Premier Frank McKenna, March 1, 1994

"If we want a piece of the action generated by

this technology, we can't be trying to catch the

train after it's left the station,

No one talked about highway

robbers on this brave new electronic

frontier

Warning Signs

• The Maskelyne Hack

• First National Bank of Chicago $70

Heist

• Operational Sundevil breaks up credit

card fraud group

• Operation Moonlight Maze

Down the Rabbit Hole

Mar. Apr. May June July Aug. Sept. Oct. Nov. Dec. Jan. Feb. Mar.

Clinton campaign chair

john Podesta falls victim to

a Gmail Phish

Ottawa Hospital hit

with ransomware

attack

San Francisco transit

payment system

crippled with

ransomware attack

Unknown hacker sets off

all 156 emergency tornado

sirens in Dallas - all at

once

Police Departments in US

hit with ransomware

attacks, lose case files

going back nearly a

decade

Communities of

Wabasca, Red

Earth and Calling

Lake, Alberta,

suffer data breach

affecting

employees,

ratepayers

Carleton University hit

with massive IT

infrastructure

compromise &

ransomware attack

Personal

information of

every single

voter in the

Philippines

breached

2016 2017Apr.

University of Calgary

suffers widespread IT

outage after ransomware

attack

Ukrainian power grid

hacked again

Wikileaks publishes

Vault 7, detailing CIA

hacking techniquesShadow Brokers leak

US NSA’s Equation

Group hacking

techniques and

secrets

Jan. Feb.

Criminals steal $81 million

from Bangladesh’s National

Bank via SWIFT transfers.

They almost got $1 billion.

North Korea hacks

into South Korean

and US secret

nuclear war plan

Rasputin goes on a hacking

spree, hitting 63 universities and

government agencies

There are no global conventions, norms or laws

governing cyberspace

In only 6% of police-reported

cyber crimes in Canada

are suspects ever identified

CYBERCRIME TRENDS IN CANADA 2012-2014

0

2250

4500

6750

9000

11250

2012 2013 2014

Total Violent-related crimes

Total Sex-related crimes

Total Harassment, Threats and Offences against Person and Reputation

Total Fraud, Identity crimes and Extortion

Total Other Crimes

DATA BREACH SUPPLY HAS SIGNIFICANTLY OUTPACED DEMAND

5,880,767,086Data Records Lost or Stolen Since 2013

1.5 Billion PwnedYahoo accounts breaches between 2012-2014

Only disclosed* in Fall 2016

Day Hour Minute Second

4,016,917 167,372 2,790 46

RECORDS BREACHED IN THE LAST:

CASE STUDY: THE UNIVERSITY OF CALGARY▸ This was not a classic ransomware malware

case

▸ All IT services where shut down while they

determined the initial source of the infection and

its method of transmission to 200+ devices

▸ The damage also included their entire faculty

and staff Microsoft Exchange e-mail environment

with recovery over a week-long period to O365

their solution

*Based on publicly available information

CASE STUDY: THE OPM BREACH▸ 21 million US federal government employees,

former employees, retirees effected

▸ Included 5.6 million sets of fingerprints

▸ Gained valid credentials likely through social

engineering

Brian Krebs, respected technology expert and cybersecurity journalist

The analysis paints the picture of a chronic —

almost willful — underestimation by senior

leadership at OPM about the seriousness of

the threat facing the agency, until it was too

late

Squandering public trust

Privacy by Design

Differential Privacy

Differential Security

Questions?