Canada’s cyber intelligence agency says it’s working on what it calls the “Holy Grail” of data encryption to protect government information as the number of reports of privacy breaches, malware attempts and ransomware hits continues to grow.
Encryption mainly works in transit — which protects data when it’s being sent — or “at rest”, which guards information when it’s being stored. But in order to be processed and understood, that information needs to be decrypted, potentially putting it at risk.
“We want encryption when it’s being processed so you don’t have to decrypt it to do it, and that’s something called homomorphic encryption,” Scott Jones, head of the Communications Security Establishment’s (CSE) Canadian Centre for Cyber Security, told CBC News.
“That’s the Holy Grail of encryption that really gets us to a point where, ‘OK, now we will be secure even [while information is] being processed’ … That’s a relatively new phenomenon.”
The centre leads the government’s response to cyber security events, defends Ottawa’s cyber assets and provides advice to Canadian industries, businesses and citizens on how to protect themselves online. The CSE’s team can see up to two billion actions per day, including malicious infiltration attempts.
Jones said the CSE has teamed up with industry players and academics to work out how homomorphic encryption could function in a Canadian setting.
Scott Jones, head of the Canadian Centre for Cyber Security and CSE deputy chief of IT security, looks on during an announcement on the National Cyber Security Strategy in Ottawa June 12, 2018. (Justin Tang/Canadian Press)
“Encryption is absolutely a critical defence,” he said, noting the agency is probably five to ten years away from achieving that goal.
“One of the problems of cyber security is we can block two billion things, but one success is what we talk about … We consider any failure something that we have to address.”
Ransomware attacks on the rise
Brett Callow, a B.C.-based threat analyst with the international cyber security firm Emsisoft, said homomorphic encryption could reduce the likelihood of data being acquired stealthily in an easily usable form, but it’s not a perfect defence against all attacks.
“To use an analogy, the company’s data would be in a lockbox to which only it has key, but threat actors could place that lockbox in a second lockbox to which only they have the key,” he said.
“I’m not sure we’ll ever find a silver bullet. Security will likely be a constant and permanently ongoing game of whack-a-mole.”
More and more Canadian municipalities, provinces, government contractors and businesses have found themselves hit by ransomware attacks — which involve malicious software used to cripple a target’s computer system to solicit a cash payment. Just last week, the province of P.E.I. acknowledged that some Islanders’ personal information may have been compromised in a recent hit.
Callow said homomorphic encryption isn’t necessarily a perfect shield against sophisticated hackers.
“Ransomware attacks typically involve the harvesting of user and admin credentials. If the attackers were able to harvest credentials that enable users to access the data, they too would be able to access the data,” he said.
“In these circumstances, the actor wouldn’t necessarily be able to exfiltrate the original data in non-encrypted from, but they could certainly view it and, perhaps, take screen grabs.”
There’s also the problem of human error.
Federal departments and agencies have recorded thousands of privacy breaches over the past two years, according to recent figures tabled in the House of Commons — many due to slip-ups or misconduct.
Even that number likely falls short since many departments reported they didn’t know how many people were affected by individual information breaches, or how many were subsequently contacted and warned.
VANCOUVER – Contract negotiations resume today in Vancouver in a labour dispute that has paralyzed container cargo shipping at British Columbia’s ports since Monday.
The BC Maritime Employers Association and International Longshore and Warehouse Union Local 514 are scheduled to meet for the next three days in mediated talks to try to break a deadlock in negotiations.
The union, which represents more than 700 longshore supervisors at ports, including Vancouver, Prince Rupert and Nanaimo, has been without a contract since March last year.
The latest talks come after employers locked out workers in response to what it said was “strike activity” by union members.
The start of the lockout was then followed by several days of no engagement between the two parties, prompting federal Labour Minister Steven MacKinnon to speak with leaders on both sides, asking them to restart talks.
MacKinnon had said that the talks were “progressing at an insufficient pace, indicating a concerning absence of urgency from the parties involved” — a sentiment echoed by several business groups across Canada.
In a joint letter, more than 100 organizations, including the Canadian Chamber of Commerce, Business Council of Canada and associations representing industries from automotive and fertilizer to retail and mining, urged the government to do whatever it takes to end the work stoppage.
“While we acknowledge efforts to continue with mediation, parties have not been able to come to a negotiated agreement,” the letter says. “So, the federal government must take decisive action, using every tool at its disposal to resolve this dispute and limit the damage caused by this disruption.
“We simply cannot afford to once again put Canadian businesses at risk, which in turn puts Canadian livelihoods at risk.”
In the meantime, the union says it has filed a complaint to the Canada Industrial Relations Board against the employers, alleging the association threatened to pull existing conditions out of the last contract in direct contact with its members.
“The BCMEA is trying to undermine the union by attempting to turn members against its democratically elected leadership and bargaining committee — despite the fact that the BCMEA knows full well we received a 96 per cent mandate to take job action if needed,” union president Frank Morena said in a statement.
The employers have responded by calling the complaint “another meritless claim,” adding the final offer to the union that includes a 19.2 per cent wage increase over a four-year term remains on the table.
“The final offer has been on the table for over a week and represents a fair and balanced proposal for employees, and if accepted would end this dispute,” the employers’ statement says. “The offer does not require any concessions from the union.”
The union says the offer does not address the key issue of staffing requirement at the terminals as the port introduces more automation to cargo loading and unloading, which could potentially require fewer workers to operate than older systems.
The Port of Vancouver is the largest in Canada and has seen a number of labour disruptions, including two instances involving the rail and grain storage sectors earlier this year.
A 13-day strike by another group of workers at the port last year resulted in the disruption of a significant amount of shipping and trade.
This report by The Canadian Press was first published Nov. 9, 2024.
The Royal Canadian Legion says a new partnership with e-commerce giant Amazon is helping boost its veterans’ fund, and will hopefully expand its donor base in the digital world.
Since the Oct. 25 launch of its Amazon.ca storefront, the legion says it has received nearly 10,000 orders for poppies.
Online shoppers can order lapel poppies on Amazon in exchange for donations or buy items such as “We Remember” lawn signs, Remembrance Day pins and other accessories, with all proceeds going to the legion’s Poppy Trust Fund for Canadian veterans and their families.
Nujma Bond, the legion’s national spokesperson, said the organization sees this move as keeping up with modern purchasing habits.
“As the world around us evolves we have been looking at different ways to distribute poppies and to make it easier for people to access them,” she said in an interview.
“This is definitely a way to reach a wider number of Canadians of all ages. And certainly younger Canadians are much more active on the web, on social media in general, so we’re also engaging in that way.”
Al Plume, a member of a legion branch in Trenton, Ont., said the online store can also help with outreach to veterans who are far from home.
“For veterans that are overseas and are away, (or) can’t get to a store they can order them online, it’s Amazon.” Plume said.
Plume spent 35 years in the military with the Royal Engineers, and retired eight years ago. He said making sure veterans are looked after is his passion.
“I’ve seen the struggles that our veterans have had with Veterans Affairs … and that’s why I got involved, with making sure that the people get to them and help the veterans with their paperwork.”
But the message about the Amazon storefront didn’t appear to reach all of the legion’s locations, with volunteers at Branch 179 on Vancouver’s Commercial Drive saying they hadn’t heard about the online push.
Holly Paddon, the branch’s poppy campaign co-ordinator and bartender, said the Amazon partnership never came up in meetings with other legion volunteers and officials.
“I work at the legion, I work with the Vancouver poppy office and I go to the meetings for the Vancouver poppy campaign — which includes all the legions in Vancouver — and not once has this been mentioned,” she said.
Paddon said the initiative is a great idea, but she would like to have known more about it.
The legion also sells a larger collection of items at poppystore.ca.
This report by The Canadian Press was first published Nov. 9, 2024.
