Critical infrastructure, such as the energy sector, financial
systems, government operations, national security, transportation
networks, water supply, blood supply and the health system, is
fundamental to our daily life. It is also heavily dependent on
cyber networks. Threats to cyber networks are increasing in number,
frequency and impact. Cyber attacks originate from various persons
including financial opportunists, activists or government, and the
motives for such attacks are equally varied. Motivation for cyber
attacks include financial gains, political statements, destructive
intentions and power. The nature of the attacks and their targets
correspond with the motives of the attacks.
A cyber attack that shuts down, disrupts or manipulates
operations relating to electricity, power, water supply, blood
supply or financial systems, for even a few hours, can have
wide-ranging and significant results.
Threats to cyber networks and the corresponding cyber security
has become a critical issue among government leaders from
industrialized nations, as well as within the international
economic unions and community, often resulting in cyber threats and
cyber security being an agenda item during their summits. The
Canadian government has also declared that cyber security is a key
threat to its economy and critical infrastructure. The United
States has declared that cyber security is one of the most serious
economic and national security challenges it faces, which has
resulted in both domestic and international cyber security
initiatives. The European Union has pushed for directives that
would require harmonized rules on cyber security among member
At this point, all critical infrastructure operations and
industries must have cyber threats as one of their key risks to
manage with the corresponding cyber security measures as an
integral and pervasive part of their operations. The approach to
preventing and reacting to cyber security threats should be
informed, without ego, built into the fabric of all of the business
operations and ongoing.
Cyber security must include a technology component, but only as
one of many elements. Cyber security initiatives must include
threat risk assessments which include penetration testing and human
engineering testing. Responses to difference cyber threat scenarios
– from ransomware to denial of service to operation shut down
or manipulation – should be anticipated, documented and
practiced. Policies need to set out what is to be done in each type
of threat, who is to be notified, what the goals are of each
response and who has what responsibilities. Employees and human
connections to the operations are the weakest entry point. While
written policies are a must, each employee must be educated and
tested on cyber security protocols and policies, and consultants,
agents and other representatives who have access to the cyber
infrastructure must be held to the same standards. The final
success or failure should rest with the organization's most
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Canada's Commissioner of Competition, John Pecman, addressed the link between competition and innovation and provided updates on the Fintech market study launched by the Competition Bureau earlier this year.
The campaign aims to bring awareness to the wide scope of concerns that the term cybersecurity covers, including internet security, privacy, mobile safety, distributed denial-of-service (DDoS) attacks...
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).