Canada’s cyber intelligence agency says it’s working on what it calls the “Holy Grail” of data encryption to protect government information as the number of reports of privacy breaches, malware attempts and ransomware hits continues to grow.
Encryption mainly works in transit — which protects data when it’s being sent — or “at rest”, which guards information when it’s being stored. But in order to be processed and understood, that information needs to be decrypted, potentially putting it at risk.
“We want encryption when it’s being processed so you don’t have to decrypt it to do it, and that’s something called homomorphic encryption,” Scott Jones, head of the Communications Security Establishment’s (CSE) Canadian Centre for Cyber Security, told CBC News.
“That’s the Holy Grail of encryption that really gets us to a point where, ‘OK, now we will be secure even [while information is] being processed’ … That’s a relatively new phenomenon.”
The centre leads the government’s response to cyber security events, defends Ottawa’s cyber assets and provides advice to Canadian industries, businesses and citizens on how to protect themselves online. The CSE’s team can see up to two billion actions per day, including malicious infiltration attempts.
Jones said the CSE has teamed up with industry players and academics to work out how homomorphic encryption could function in a Canadian setting.
Scott Jones, head of the Canadian Centre for Cyber Security and CSE deputy chief of IT security, looks on during an announcement on the National Cyber Security Strategy in Ottawa June 12, 2018. (Justin Tang/Canadian Press)
“Encryption is absolutely a critical defence,” he said, noting the agency is probably five to ten years away from achieving that goal.
“One of the problems of cyber security is we can block two billion things, but one success is what we talk about … We consider any failure something that we have to address.”
Ransomware attacks on the rise
Brett Callow, a B.C.-based threat analyst with the international cyber security firm Emsisoft, said homomorphic encryption could reduce the likelihood of data being acquired stealthily in an easily usable form, but it’s not a perfect defence against all attacks.
“To use an analogy, the company’s data would be in a lockbox to which only it has key, but threat actors could place that lockbox in a second lockbox to which only they have the key,” he said.
“I’m not sure we’ll ever find a silver bullet. Security will likely be a constant and permanently ongoing game of whack-a-mole.”
More and more Canadian municipalities, provinces, government contractors and businesses have found themselves hit by ransomware attacks — which involve malicious software used to cripple a target’s computer system to solicit a cash payment. Just last week, the province of P.E.I. acknowledged that some Islanders’ personal information may have been compromised in a recent hit.
Callow said homomorphic encryption isn’t necessarily a perfect shield against sophisticated hackers.
“Ransomware attacks typically involve the harvesting of user and admin credentials. If the attackers were able to harvest credentials that enable users to access the data, they too would be able to access the data,” he said.
“In these circumstances, the actor wouldn’t necessarily be able to exfiltrate the original data in non-encrypted from, but they could certainly view it and, perhaps, take screen grabs.”
There’s also the problem of human error.
Federal departments and agencies have recorded thousands of privacy breaches over the past two years, according to recent figures tabled in the House of Commons — many due to slip-ups or misconduct.
Even that number likely falls short since many departments reported they didn’t know how many people were affected by individual information breaches, or how many were subsequently contacted and warned.
DUBAI, United Arab Emirates (AP) — New Zealand won the Women’s T20 World Cup for the first time, beating South Africa by 32 runs on Sunday after a standout performance from Amelia Kerr with bat and ball.
South Africa’s chase was held to 126-9 in 20 overs at the Dubai International Cricket Stadium in reply to New Zealand’s 158-5 in the final of the 18-day tournament.
South Africa was also seeking to become a first-time champion.
After South Africa captain Laura Wolvaardt won the toss and opted to bowl, Kerr top scored for New Zealand with a 38-ball 43. Brooke Halliday hit 38 runs in 28 deliveries and opener Suzie Bates scored 32 in 31. Nonkululeko Mlaba took 2-31 in four overs for South Africa.
South Africa made a strong start to its chase, reaching 51-1 in 6.5 overs but never really threatened afterward, reaching the halfway stage of its innings at 64-3.
Wolvaardt top scored for South Africa with a 27-ball 33.
Kerr took 3-24 in her four overs, including Wolvaardt’s wicket.
This was South Africa’s second straight final appearance in the tournament. Losing to Australia by 19 runs, it had finished runners-up in its home tournament in 2023, its best result in the tournament.
New Zealand, meanwhile, reached the tournament final for the first time since 2010. In the first two editions – 2009 and 2010 – it had lost to England by six wickets in London, and to Australia by three runs in Barbados.
SAO PAULO (AP) — Brazil’s President Luiz Inácio Lula da Silva on Sunday canceled his trip to Russia for a BRICS summit after an accident at home that left him with a cut in the neck, his office said.
The 78-year-old leader was scheduled to attend a summit of the BRICS bloc of developing economies in the city of Kazan from Tuesday to Thursday this week.
Hospital Sirio Libanês in Sao Paulo said in a statement that the leftist leader was instructed not to take long distance trips, but can keep his other activities. Doctors Roberto Kalil and Ana Heleno Germoglio said they will regularly check on Lula’s recovery.
Brazil’s presidency said in a separate statement that Lula will take part in the summit by videoconference and will continue his work in capital Brasilia this week. It did not disclose details about what caused the president’s injury.
