GTEC 2013

CSE GTEC 2013 - HTML5 Transcript/Captions

(Zoom in on a man created with computer graphics in a suit checking his mobile phone. An office building, an airplane, and a house, all generated with computer graphics, appear behind him. A green line links the house, the airplane, the office building, and the man together. The shot transitions to the green line crossing in front of a cityscape)

At work, on the road, or at home, Technology has us conencted twenty-four seven.

It's now just as easy to connect to someone across town as it is to those halfway around the world, all within seconds. Connectivity - and the collaboration it brings is essential to meeting our business objectives.

( Shot of a computer generated map of Canada, with green lines representing connectivity springing from it .)

But this hyper connectivity has it's disadvantages. Malicious actors, regardless of their location can connect back to you and your department, wreaking havoc on your network.

(Computer generated map of Canada, with red lines coming from off screen into the country, representing malicious actors connecting back to you and your department. Shot transitions to the man in the suit downloading content onto his computer from the internet. The shot has a red filter over top of it representing the threat to his computer. Then red lines begin to come out of his computer, and spread into his office, representing the threat to the network.)

Canadian government networks face an unprecedented rate of ever more sophisticated intrusion activities:

( One of the red lines travel into a data centre.)

  • malicious emails are being crafted daily resulting in recipients unknowingly launching content, spreading infections and turning over control of their systems to threat actors; ( Zoom in on a computer screen. An unidentified person checks their emails, opening one that is impersonating their bank. The email asks them to verify their bank account information by clicking the link provided. A button with a silver border and a red background with a white symbol of a bug is shown in the bottom right corner of the shot, indicating that this is an example of a malicious email.)
  • untrusted third party applications with malicious code are being developed just waiting for unsuspecting users to download, install and run; ( Close up of a malicious web page, offering download links. The cursor clicks a link and a pop up appears indicating the download has started. The screen becomes filtered with red indicating a threat attack.)
  • denial of service attacks are being launched, flooding networks with garbage information rendering them unusable. ( Close up of a malicious web page, offering download links. The cursor clicks a link and a pop up appears indicating the download has started. The screen becomes filtered with red indicating a threat attack.)

As a Government of Canada employee privy to important and sensitive information, you are a target. If you have a weak security posture, sensitive information can be stolen, productivity could be lost due to downtime, and recovery costs for your department may be significant. The end result is damange to your department's reputation,and to the trust and confidence in your work.

( Zoom in on the man in the suit working on his computer. He clicks and drags a file on his desktop, until one by one all of his files and folders begin to disappear in a flash of red..)

This is where we come in. We can help guide you on how to stop the cyber intruders.

( Zoom in on a generic black desktop computer with the monitor displaying the letters CSE .)

We are CSE, the Communications Security Establishment. We stand at the front line of cyber defence as the cyber security experts for the Government of Canada.

( CSE logo.)

CSE uses sophisticated methods to study and understand the threats,and leverages this unique knowledge to uncover malicious code hidden in plain sight.

( Lines of binary code going across the screen, while a red translucent square scans over them revealing the threat icons hidden in the code .)

We provide products and services to GC departments to help guide them in meeting security goals. This includes:

  • Lists of trusted IT products that have been pre-evaluated by CSE for use in Government systems so you have the right information to make an informed product selection decision; ( Two identical routers are shown side by side. One gets high-lighted with green to indicate it’s superiority over the other .)
  • Threat monitoring and cyber threat evaluations through GC CTEC to keep you informed of the threat landscape; ( Shot of several paper reports .)
  • Advanced technologies and specialized products to protect even your most sensitive and secret government information; ( Computer generated graphic of a file marked top secret floating into a safe. The door to the safe closes then locks .)
  • Security guidance publications to help you build and deploy the right architectures and solutions for your network; ( 3 examples of publications appear on screen, then float off.)
  • Leading edge IT Security Training on numerous topics through our ITS Learning Center; ( 3 A computer generated female in a business suit gives a presentation on IT Security .)

These are just some of the key ways CSE can help you. But IT security is a team effort and we must all play our part. That is where you come in.

( Collage of the previously mentioned products and services shown on screen.)

As a GC employee, you need to stay alert for suspicious behaviour, be proactive in reporting to your department, and strive to introduce security best practices into your day to day routine.

As an IT Security stakeholder, you should understand the threats, be aware of the risks and adapt your IT practices to protect you departmental information.

( Computer monitor showing the list of best IT security practices .)

Not sure where to start? CSE has released the TOP 35 Mitigation Measures needed to protect against cyber intrusions, and further pinpointed the Top 4 Measures that,if implemented as a "package", have been proven to stop the vast majority of cyber intrusions currently impacting the Government of Canada.

( A list of the top 35 mitigation measures drop down the screen, the threat icon buttons make a border along the top of the page. When it reaches the top of the list, the top 4 mitigations get highlighted and bolded .)

Whitelisting is the process of generating a list of authorized software programs you trust to run on your network and systems. Day-to-day requests to run software are examined, and only approved programs, will execute, while all others are blocked. This prevents unknown and untrusted third party applications, which may contain malicious software, from being introduced into your environment.

( The title Whitelist Applications appears along the top of the screen. 3 icons representing different software programs appear. A computer cursor hovers over the first icon for “Word Processing Application”, and the icon is scanned with a red flash over the icon. It is safe and a green check mark appears under it. The icon indicating “Free Productivity Program” is scanned but is not safe. A red x mark appears under it. The third icon is for “Corp Finance Program” .)

As software manufacturers generate patches for known vulnerabilities in applications and operating systems, it is vital that you act quickly and install them as soon as possible. Once a patch is released, details about the vulnerability are publically broadcasted.

The race begins as threat actors look for ways to take advantage of the revealed weakness and the department works to patch it.

( The computer shows a flashing pop-up indicating that there is a new patch available. Another pop-up appears indicating that the critical patch is downloading .)

Administrative privileges are often assigned freely to many users to increase productivity, empowering employees. to make local system changes. But this practice can have adverse effects. Threat actors seek to target those with admin privileges to gain east access to valuable network assets. Limit privileges to a select group of users who require them for their job functions.

( A list of names of people with administrative privileges appears on screen with pictures of keys beside each name. Each name gets highlighted in red to indicate the potential threat. All but two of the names and key images disappear, indicating the importance of limited administrative privileges.)

The cyber challenge is never static. Your IT security program needs to keep pace and you must be diligent about continually updating and refining your defences.

( Publications and top 35 mitigations measures are shown on screen .)

Please go to our website at www.cse-cst.gc.ca to learn more about the IT Security steps you should be taking, and our role in helping guide you.

( CSE logo is shown along with the CSE website .)

A message from the Government of Canada

( Government of Canada logo is shown .)