Stay Ahead of Cyber Threats



CSE GTEC 2014 - HTML5 Transcript/Captions

(Hexagon icon with a shield in the middle symbolizing cyber security appears in the middle of the screen. Below it text reads “Stay Ahead of Cyber Threats”.)

You can't see them. You can't feel or touch them but they are there.

( A computer cursor clicks “Stay Ahead”.)

Threats to your data, your computer, your networks.

( Bottom half of screen pixelates and transitions to an animated cityscape. Slow zoom in on the city. The cyber security icon transitions away, leaving just the city .)

To be strong and safe online you need to stay ahead of cyber threats.

(Zoom in on city building on the left hand side. Slow pan from left to right of buildings and street. Boxes with text appear stating the different types of threat actors. The first box says Foreign states, the second box says hacktivists, the third box says criminals, the fourth box says terrorists.)

Threats that include foreign states, hacktivists, criminals and terrorists.

These threat actors continually probe government systems

( Boxes pixelate and transition to a “threat actor”. It appears as a pixelated alien, and is more cartoonish than threatening .)

looking for vulnerabilities in order to gain access and take control.

( The threat actor hovers near different buildings in the city, infecting them. This is shown by dropping red pixels into the building.)

Once they have control threat actors can steal information,

( Network of GC buildings with threat actors hovering above then transform into server towers. The threat actor infects the servers .)

corrupt it's operations, or program it to infect other computers. Government networks are an attractive target to threat actors

( Zoom into a computer circuit board where one of the threat actors has managed to take control. It continues to drop infections onto the circuit board. Ambiguous pixelated threat actor spreads infection in circuit board and causes sensitive information to become fragmented to show theft .)

for many reasons. They house information about

the ways in which our Government operates. They hold trade secrets, intellectual property,

( Zoom out and show city scape from medium point of view focusing on a few key Government of Canada buildings overrun by various stylized threat actors. Four threat actors are lurking close by attempting to target the sensitive information icons .)

and valuable data related to our economy. They are crucial in protecting the operations and sometimes the very lives of our foreign service, military, and law enforcement personnel. Government networks contain the personal information of Canadians, information that must be protected. …pause… To help protect Government of Canada networks

( Zoom into peace tower and use circular element to transition to the threat wheel. The wheel is depicted as a vault door, with the threats listed around the interior in different segments .)

against these threats, departments and agencies must be aware of the various inroads to government information. The distinct threat surfaces are: the electronic threat,

( The wheel spins and locks the vault of GC sensitive information. Depiction of the 5 threats on the wheel. Highlight of electronic threat on wheel, highlight of electromagnetic threat on wheel, highlight of physical threat on wheel, highlight of personnel threat on wheel, highlight of supply chain threat on wheel. Once all are shown on screen they animate together to form the Threat Environment Wheel. The wheel spins .)

the electromagnetic threat, the physical threat, the personnel threat, the supply chain threat.

( The Threat Environment wheel animates to create a wipe that reveals the first scenario, the Electronic Threat .)

The electronic threat is a popular way into government systems. Exploitation of a system can be done without a physical presence

( At a conference, a USB stick is passed from one hand to another. Back at the office, the USB is inserted into a computer and infects it. The camera pans from one desk to another, showing an email attachment being opened. Transition back to the Threat Environment Wheel, its highlights the Electromagnetic Threats and transition to the second scenario .)

making tracking the source of the compromise challenging.A threat actor may try to gain access to a Government of Canada system by way of an infected USB stick distributed to an employee or through a malicious attachment in an email. …pause….

( Zoom in to a car. It pulls up and parks in front of an office building. Electromagnetic signals are emanating from a building. The car reveals a satellite dish receiving and emanating signals. Different communication icons appear over the signals indicating an exchange of information. A laptop inside the office building becomes infected with threat actors. Zoom back out to the threat wheel .)

All electronics radiate electromagnetic signals which can contain sensitive data. The electromagnetic threat, consists of exposures that allow a threat actor to connect or interact with these emissions. Greater dependence on wireless networks makes this type of intentional interference easier and potentially more damaging.

In some cases, electromagnetic exploits have even been shown to destroy equipment. ...pause...

( Physical threat is highlighted on the wheel. Zoom in to reveal third scenario. A bus drives past and zoom into the interior of the bus. The top of a laptop can be seen from the top of an open backpack. A hand comes into frame and grabs the laptop .)

A physical threat can involve destroying, stealing or modifying physical devices. ...pause... As physical media storage capacity can be extremely large the theft of a single device can result in the compromise of millions of records at once. ...pause...

( Zoom out to threat wheel. Personnel threat is highlighted. Zoom in to reveal fourth scenario. A desktop computer receives an email. The camera pans across the spear phishing email, showing the sender’s address, an email attachment and body of the email which contains spelling errors. The errors are highlighted, indicating the email is a fraud. The cursor moves across the screen to open the attachment. The computer becomes infected, this is depicted by the computer screen turning red. Pan to a second screen showing a social networking sight. The user’s personal information is highlighted in red to depict a threat actor stealing the information in order to send personalized phishing emails.)

The personnel threat can take many forms, such as espionage, coercion, and social engineering. These approaches often require little or no technical expertise. However, they allow threat actors to effectively access and steal from information systems.

Power users, such as system administrators must be especially careful. Their ability to access many parts of a network makes them prime targets. Social media can provide an additional avenue for threat actors to gather personal and identity information which can be used to facilitate online exploitation or coercion of a government employee

( Zoom out to threat wheel. Zoom in to supply chain threat. Zoom in to fifth scenario .)

...pause...

( Zoom in reveals a smart phone factory. A phone is being built by robotic arms. One arm removes a safe file from the phone’s screen and another arm places an infected file on the screen. This is a depiction of a supply chain threat. The infected phone is placed on the back of a transport truck and delivered to a government worker. The worker turns the phone on and the threat actor is displayed on the phone’s screen. The worker tries to download an update on the phone to block the threat actor but the update was also infected. The phone’s screen turns red indicating the virus .)

In order to gain access to information systems that are particularly well secured a threat actor may choose to compromise a vulnerable element of a supply chain that supports these systems.

Malware could be embedded in a device at the manufacturer prior to purchase. Seemingly new hardware could have been tampered with before it is even installed on government networks. If not properly verified software updates and vendor patches, could also be compromised, giving threat actors a way in after installation.

( Zoom in transition to the threat wheel. Threat wheel begins to transition into a clock. Zoom out to reveal the Peace Tower of the Canadian Parliament Buildings. The animated city surrounding the Peace Tower is infected with threat actors but they fade out of the shot. Zoom out, hexagon shape icon with a shield on it appears behind the Parliament Buildings. This symbolizes cyber security. Buildings fade out so only icon remains.)

By being aware of these threats and the continuous monitoring of the networks departments and agencies can assess the possible impacts of security breaches.They can prioritize mitigation activities based on the risks to systems and data. For more information related to securing government networks visit our website to see the training opportunities available

( Fade to text and hexagon cyber security icon on screen. The text says http://www.cse-cst.gc.ca and itsclientservices@cse-cst-gc.ca.)

at the CSE ITS Learning Centre or contact CSE's ITS client services team for advice. Together we can make sure our government's networks are among the most secure in the world. ...music...

( Fade to white.)