Feds urged to beef up cyber-security
Force companies to protect themselves
OTTAWA — One day after a top Tory senator suggested the government and Canadians didn’t want more regulations on how we use cyberspace, a former British spy chief said that thinking needed to be deleted.
Governments need to possibly create more red tape to force companies and individuals to think about cyber-security because too few are doing enough to protect themselves and others from cyber threats, Sir David Pepper told a security conference Wednesday in Ottawa.
“Governments have to be ready to intervene certainly more than they want to,” said Pepper, former head of the Government Communications Headquarters, the British agency charged with monitoring and protecting the U.K. government from cyber-threats.
“Regulations may well be necessary.”
Pepper suggested governments consider making cyber-security part of regulatory approval for critical infrastructure industries such as transportation and utilities.
In Canada, that also could mean the CRTC requires telecommunications providers to show they are changing passwords and keeping their cyber-security protocols upto-date before receiving a CRTC licence.
“We know there’s a vulnerability there,” Pepper said after his speech.
“I don’t know what the practicalities are. One of the problems you’ve got here is how do you actually write down the standards that you would put in the licence? There’s nobody talking vacuously about standards.”
On Tuesday, a high-profile Tory senator told the SecureTech conference that government and Canadians weren’t interested in more red tape and regulations in cyberspace.
Sen. Pamela Wallin instead suggested that Canadians needed to take personal responsibility for their actions online. Too few people take appropriate steps to protect themselves from malware and hackers, Wallin said, with young Canadians being naive about their safety online.
Canadians that weren’t taking basic steps to be cyber-secure were leaving other online users, and the federal government, open to attack, she said.
Pepper agreed that too few were taking cyber-security seriously, but governments shouldn’t hope that businesses and individuals on their own will change how they behave online.
The CEO of software maker OpenText, Mark Barrenechea, said a debate or movement toward more government policies and interventions is badly needed.
If such policies had been around years ago, companies such as Nortel may still be around, he said, rather than having fallen victim to a campaign of cyber-based economic espionage believed to have originated in China.
He said he expected more statesponsored cyber-espionage in the coming months and years, and hackers will gain access to systems.
Governments, he said, must be public about their response policies should they too fall victim to a cyber-attack. .