October is a month of preparation, as we can see in the natural world around us. Likewise, October has been a month of national preparation for an improved cybersecurity strategy. The Government of Canada calls October the CyberSecurity Awareness Month, full of initiatives to get policy and practice into the place it needs to be, seeking input from Canadians, and even providing a digital toolkit for citizens and organizations to leverage.
In the same spirit of preparation, ORION submitted counsel and recommendations to the Government of Canada’s open call for cybersecurity insight. In fact, the overarching concern we heard from our 2014 Advanced Computing Transforming Innovation in Ontario (ACTION) report and my recent meetings with Ontario’s research, education and innovation community, is security. Cybersecurity is thus at the front of our minds when it comes to improving digital infrastructure that keeps Ontario’s research, education and innovation community strong.
As an organization who prides ourselves in being in tune with our community, we submitted counsel and recommendations in order to advocate for your digital needs. As we continue to advocate on your behalf, here’s a summary of our submissions to the Government of Canada.
Barriers to protecting critical infrastructure
Even within institutions and sectors, siloed approaches to security exist, as many still view cybersecurity solely as an IT department responsibility. In reality, today’s threats come from email phishing, devices, and are carried in from the user community, unbeknownst to them. In this modern day and age of sophisticated threats, the lack of education of both the scale and severity of threats become a sector’s greatest barrier. Risk mitigation investment is not always prioritized, which can protect the institution and its sensitive data.
In ORION’s 2014 ACTION report, we were already reporting on increased data generation, and therefore a demand for storage capacity. This creates a need for new investment that not every institution is able to properly address. The SSHRC, CIHR, NSERC and CFI warn that the sheer volume of data from Canadian research is causing a data deluge, which poses a challenge to the management and dissemination of post-project research data. Institutions cannot effectively manage this vast amount without secure data transfer, analysis and standards. Most research data disappears shortly after a research project has been completed. There are limited long-term data repositories in Canada for most disciplines, and post-project data cannot be re-used by future researchers, creating a deleterious knowledge gap or duplication in effort, wasting precious resources.
Constraints to data sharing and engagement related to protecting critical infrastructure
As institutions across sectors gather and analyze more data sets, we’re seeing a lack of coordinated data infrastructure. To try and cope with this reality, resources are spread too thin across institutions. When sharing data, security is paramount to ensure that sensitive data remains protected. This entails greater expertise and better infrastructure to effectively support the work of modern, collaborative research and analysis.
Looking more broadly across geographies, the lack of Northern access to modern digital infrastructure, including last-mile provisioning, is a barrier to both sharing data and protecting cyber systems. Not only does the North have reduced access to digital infrastructure, they have even less access to secure infrastructure. This means that researchers, educators and innovators serving in Northern communities cannot participate in the innovation economy with the same degree of protection as in the South. As a result, many Northern researchers, educators and innovators currently duplicate data or use collaboration methods that can compromise their security and/or budgets, such as mailing hard drives or being limited by very expensive connectivity solutions.
Cyber innovation initiatives that allow Canada to remain on the leading edge in cybersecurity
Many security problems would be alleviated by employing a security officer who understands and mitigates risks. However, such a mandate can be problematic for small or underprivileged institutions. Understanding these needs in the research, education and innovation community, ORION is working on a pilot for a shared Chief of Information Security Officer (CISO) role to improve our community’s cybersecurity. This security officer, shared between institutions, can help ensure that all organizations can gain the benefits of dedicated, non-partisan security expertise in a cost-effective way. Such personnel could act as a model for other Canadian institutions.
To remain on the leading edge of innovation, organizations need to continually test new processes and technologies. In the current environment, we’re seeing too great a fear of failure, which discourages this kind of experimentation. On the other hand, properly planned and contained tests can mean leaps forward for the province. For example, ORION is partnering on a pilot to monitor and analyze parking and traffic. By leveraging a private network like ORION for critical and secure IoT infrastructure to protect data as it travels to experts for analysis, the potential results of this pilot would mean the municipality’s ability to improve economic growth and planning, research and development, as well as living conditions for citizens.
Finally, as we wish to continually consider new security policies and services, community consultations will be critical. Through consultations, Canadian institutions can be attuned to the ever-changing cybersecurity landscape and best practices, and adapt. As a non-profit dedicated to supporting Ontario’s contribution to Canadian research – which is nearly 50% – ORION is uniquely positioned to understand the research community and their needs. In our community consultations, we hear time and again that privacy and security are of top concern to the community. As such, we are considering how we can help address their top security concerns. We also encourage institutions to cultivate a culture of security and provide educational opportunities to explore strategies, in which institutions can be more aware of threats and are able to do their part in reducing threats from entering.
Today, Ontario’s innovation community stands on the threshold of improved, agile critical infrastructure. We have the opportunity to better protect one of our greatest assets – Ontario’s research, education and innovation talent – and ORION is eager and ready to work with the Government to facilitate this pivotal transition. Our knowledge economy is too important not to.