More candid threat sharing between companies and governments is needed to help protect critical infrastructure and residents from cyber attacks, said experts, including a senior official of the Bank of Canada, at a meeting on Tuesday with the Information Technology Association of Canada (ITAC).
Filipe Dinis, Bank of Canada.
“We need to urgently step up the spirit of collaboration throughout the Canadian economy,” Filipe Dinis, the bank’s chief operating officer said during the meeting. “We need to encourage regular exercises that present companies with complex scenarios to test their cyber defenses and response capabilities. Even the process of designing risk scenarios can help companies determine potential sources of risk.”
He also suggested that regulators who oversee various industries might create “trusted secure channels” so sensitive threat-related information from a victim can be exchanged while protecting them from being publicly shamed.
“Further, governments could also consider strengthening minimum requirements around cyber resilience and mandate industry-wide and cross-sectoral testing that requires institutions to fix problems identified by the tests.”
The Bank of Canada plans to hold “regular, realistic and stringent” tabletop tests with financial institutions.
“I don’t expect that we’ll design the perfect regulations here today,” he told the meeting. “But I would suggest that there is room to enhance our current regulatory frameworks that rely on financial penalties, albeit not exclusively. After all, if company management is unable to accurately gauge the risk of a systemic cyber event, it may well decide the fine for non-compliance is a cost that is worth paying.”
A number of sectors are doing some collaboration, he added, citing the work of ITAC — which represents some of the country’s biggest tech companies — and the CIO Strategy Council.
But significant challenges remain, he ad ..