CSE GTEC 2014 - HTML5 Transcript/Captions
(Hexagon icon with a shield in the middle symbolizing cyber security appears in the middle of the screen. Below it text reads “Stay Ahead of Cyber Threats”.)
You can't see them. You can't feel or touch them
but they are there.
( A computer cursor clicks “Stay Ahead”.)
Threats to your data, your computer, your networks.
( Bottom half of screen pixelates and transitions to an animated cityscape. Slow zoom in on the city. The cyber security icon transitions away, leaving just the city .)
To be strong and safe online you need
to stay ahead of cyber threats.
(Zoom in on city building on the left hand side. Slow pan from left to right of buildings and street. Boxes with text appear stating the different types of threat actors. The first box says Foreign states, the second box says hacktivists, the third box says criminals, the fourth box says terrorists.)
Threats that include foreign states, hacktivists, criminals
These threat actors continually probe government systems
( Boxes pixelate and transition to a “threat actor”. It appears as a pixelated alien, and is more cartoonish than threatening .)
looking for vulnerabilities in order to gain access and take control.
( The threat actor hovers near different buildings in the city, infecting them. This is shown by dropping red pixels into the building.)
Once they have control threat actors can steal information,
( Network of GC buildings with threat actors hovering above then transform into server towers. The threat actor infects the servers .)
corrupt it's operations, or program it
to infect other computers.
Government networks are an attractive target to threat actors
( Zoom into a computer circuit board where one of the threat actors has managed to take control. It continues to drop infections onto the circuit board. Ambiguous pixelated threat actor spreads infection in circuit board and causes sensitive information to become fragmented to show theft .)
for many reasons. They house information about
the ways in which our Government operates.
They hold trade secrets, intellectual property,
( Zoom out and show city scape from medium point of view focusing on a few key Government of Canada buildings overrun by various stylized threat actors. Four threat actors are lurking close by attempting to target the sensitive information icons .)
and valuable data related to our economy.
They are crucial in protecting the operations
and sometimes the very lives of our foreign service, military,
and law enforcement personnel.
Government networks contain the personal information of Canadians,
information that must be protected.
To help protect Government of Canada networks
( Zoom into peace tower and use circular element to transition to the threat wheel. The wheel is depicted as a vault door, with the threats listed around the interior in different segments .)
against these threats, departments and agencies
must be aware of the various inroads to government information.
The distinct threat surfaces are: the electronic threat,
( The wheel spins and locks the vault of GC sensitive information. Depiction of the 5 threats on the wheel. Highlight of electronic threat on wheel, highlight of electromagnetic threat on wheel, highlight of physical threat on wheel, highlight of personnel threat on wheel, highlight of supply chain threat on wheel. Once all are shown on screen they animate together to form the Threat Environment Wheel. The wheel spins .)
the electromagnetic threat,
the physical threat,
the personnel threat,
the supply chain threat.
( The Threat Environment wheel animates to create a wipe that reveals the first scenario, the Electronic Threat .)
The electronic threat is a popular way into
Exploitation of a system can be done without a physical presence
( At a conference, a USB stick is passed from one hand to another. Back at the office, the USB is inserted into a computer and infects it. The camera pans from one desk to another, showing an email attachment being opened. Transition back to the Threat Environment Wheel, its highlights the Electromagnetic Threats and transition to the second scenario .)
making tracking the source of the compromise challenging.—
A threat actor may try to gain access to a Government of Canada system
by way of an infected USB stick distributed to an employee
or through a malicious attachment in an email.
( Zoom in to a car. It pulls up and parks in front of an office building. Electromagnetic signals are emanating from a building. The car reveals a satellite dish receiving and emanating signals. Different communication icons appear over the signals indicating an exchange of information. A laptop inside the office building becomes infected with threat actors. Zoom back out to the threat wheel .)
All electronics radiate electromagnetic signals
which can contain sensitive data.
The electromagnetic threat, consists of
exposures that allow a threat actor
to connect or interact with these emissions.
Greater dependence on wireless networks makes
this type of intentional interference easier
and potentially more damaging.
In some cases, electromagnetic exploits
have even been shown to destroy equipment.
( Physical threat is highlighted on the wheel. Zoom in to reveal third scenario. A bus drives past and zoom into the interior of the bus. The top of a laptop can be seen from the top of an open backpack. A hand comes into frame and grabs the laptop .)
A physical threat can involve destroying, stealing
or modifying physical devices.
As physical media storage capacity can be extremely large
the theft of a single device
can result in the compromise of millions of records at once.
( Zoom out to threat wheel. Personnel threat is highlighted. Zoom in to reveal fourth scenario. A desktop computer receives an email. The camera pans across the spear phishing email, showing the sender’s address, an email attachment and body of the email which contains spelling errors. The errors are highlighted, indicating the email is a fraud. The cursor moves across the screen to open the attachment. The computer becomes infected, this is depicted by the computer screen turning red. Pan to a second screen showing a social networking sight. The user’s personal information is highlighted in red to depict a threat actor stealing the information in order to send personalized phishing emails.)
The personnel threat can take many forms,
such as espionage, coercion, and social engineering.
These approaches often require little
or no technical expertise.
However, they allow threat actors to
effectively access and steal from information systems.
Power users, such as system administrators
must be especially careful.
Their ability to access many parts of a network
makes them prime targets.
Social media can provide an additional avenue
for threat actors to gather personal
and identity information
which can be used to facilitate online exploitation
or coercion of a government employee
( Zoom out to threat wheel. Zoom in to supply chain threat. Zoom in to fifth scenario .)
( Zoom in reveals a smart phone factory. A phone is being built by robotic arms. One arm removes a safe file from the phone’s screen and another arm places an infected file on the screen. This is a depiction of a supply chain threat. The infected phone is placed on the back of a transport truck and delivered to a government worker. The worker turns the phone on and the threat actor is displayed on the phone’s screen. The worker tries to download an update on the phone to block the threat actor but the update was also infected. The phone’s screen turns red indicating the virus .)
In order to gain access to information systems that
are particularly well secured a threat actor
may choose to compromise a vulnerable element of
a supply chain that
supports these systems.
Malware could be embedded in a device
at the manufacturer
prior to purchase.
Seemingly new hardware could have been tampered with
before it is even installed on government networks.
If not properly verified
software updates and vendor patches,
could also be compromised,
giving threat actors a way in
( Zoom in transition to the threat wheel. Threat wheel begins to transition into a clock. Zoom out to reveal the Peace Tower of the Canadian Parliament Buildings. The animated city surrounding the Peace Tower is infected with threat actors but they fade out of the shot. Zoom out, hexagon shape icon with a shield on it appears behind the Parliament Buildings. This symbolizes cyber security. Buildings fade out so only icon remains.)
By being aware of these threats
and the continuous monitoring of the networks
departments and agencies can assess
the possible impacts of security breaches.—
They can prioritize mitigation activities
based on the risks to systems and data.
For more information related to securing government networks
visit our website to see the training opportunities available
( Fade to text and hexagon cyber security icon on screen. The text says http://www.cse-cst.gc.ca and email@example.com.)
at the CSE ITS Learning Centre
or contact CSE's ITS client services team for advice.
Together we can make sure our government's networks
are among the most secure in the world.
( Fade to white.)