Skip to main content

Ontario advisory cyber panel to urge public sector bodies to focus on risk-based strategies

Ontario’s new advisory panel on improving cybersecurity maturity of municipalities, school boards, hospitals and other provincially-funded agencies has agreed as a first step that its final report will encourage organizations to take a risk-based approach to their efforts.

However, how the panel will recommend the government put teeth into that has yet to be determined.

In an interview Wednesday shortly after the panel’s first meeting, chairman Robert Wong — executive vice-president and chief information officer of Toronto Hydro — said a risk-based approach is what the Ontario Energy Board (OEB) mandated the 65 local electric distribution companies like Toronto Hydro to do starting in 2018.

Each company has to fill out an annual Readiness Report on its cyber and privacy risk status.

The self-assessment uses the Ontario Cybersecurity Framework’s security controls. It’s a framework similar to the U.S. National Institute of Standards and Technology’s (NIST) cyber framework for measuring an organization’s risk level. The Readiness Report shows each distribution company has established cybersecurity objectives and assessed its current capability in meeting those objectives.

Asked if his panel might recommend the same for the broader public sector, Wong said it’s possible, but he didn’t want to presume what the panel would decide.

Related:

Ontario electric utilities have to report on their cyber readiness

 

Financially-strapped public agencies would welcome cash to help hire infosec pros and buy equipment. On that topic, there was some hope from panel member Marc Coyle, IT manager for the City of Belleville. He spoke Wednesday briefly during a session of the annual cybersecurity conference of the Municipal Information Systems Association (MISA) of Ontario.

At Wednesday’s panel meeting, he recalled government officials saying, “funding cyberinfrastructure is a priority.”

Asked about that statement, Wong was cautious. “I didn’t hear it specifically in those terms. I think they acknowledged funding will be a consideration, but there are no specifics about that.”

What publicly-funded organizations don’t want, Wong suggested, is “a list of best practices.” Rather, he said, they want a roadmap to becoming more cyber mature. Many smaller organizations “are struggling to understand what their risks are.”

The advisory panel’s final report is due in two years, although Wong said it might issue interim reports.

Known as the expert panel on cybersecurity in the broader public sector (BPS), it was announced on Oct. 25 by Minister of Government and Consumer Services Lisa Thompson.

Wong said that at Wednesday’s meeting, Thompson asked the panel to assess and identify common and sector-specific cybersecurity challenges faced by BPS organizations and make recommendations on a provincial cybersecurity strategy.

“Our government is committed to strengthening our cybersecurity infrastructure,” Thompson said when the panel was announced. “As the threats of cyberattacks and hacking become more frequent globally, it’s imperative that we take action now to improve our defences within the broader public sector. Leveraging the skills and expertise of our panel members will allow us to strengthen the resiliency of our digital infrastructure as we collectively move more government programs and services online.”

The province has a number of tools at its disposal, including making grants or tax deductions to agencies for hiring more staff or buying cybersecurity software and hardware. It could also encourage sectors to follow the lead of Ontario’s universities and colleges, which share a CISO. The position could be supported by provincial funding.

The panel appointment comes as cyberattacks, particularly ransomware, are increasingly victimizing hospitals, universities, and schools.

In addition to Wong, the panel includes:

  • Derek Bowers, chief information technology officer of the Town of Wasaga Beach;
  • Marc Coyle, manager of information technology at the City of Belleville;
  • Scott Currie, chief information officer at Toronto’s Hospital for Sick Children;
  • Adam Evans, vice-president of cyber operations and CISO at the Royal Bank;
  • Helene Fournier, executive director of Valoris for Children and Adults of Prescott-Russell;
  • Antoine Haroun, CIO of Chief Information Officer of the Peel District School Board;
  • Andrew Kirsch, founder of Kirsch Consulting Group;
  • Carolyn Glaser, information technology services manager for the Thames Valley District School Board;
  • Isaac Straley, CISO of the University of Toronto.

Wong said the invitation to be on the panel came suddenly in an email a few months ago.

Due to the COVID pandemic, Wednesday’s first-panel meeting was held online, and Wong expects much of the panel’s work will also be held virtually. The next session is scheduled for February. In between then, the panel will liaise with a working group of bureaucrats who will gather the requested information.

The post Ontario advisory cyber panel to urge public sector bodies to focus on risk-based strategies first appeared on IT World Canada.



Udimi - Buy Solo Ads from IT World CanadaIT World Canada https://ift.tt/3e8n1N0
via IFTTT

Comments

Popular posts from this blog

9 VCs in Madrid and Barcelona discuss the COVID-19 era and look to the future

Spain’s startup ecosystem has two main hubs: Madrid and Barcelona. Most observers place Barcelona first and Madrid second, but the gap appears to close every year. Barcelona has benefitted from attracting expats in search of sun, beach and lifestyle who tend to produce more internationally minded startups. Madrid’s startups have predominantly been Spain or Latin America-focused, but have become increasingly international in nature. Although not part of this survey, we expect Valencia to join next year, as city authorities have been going all-out to attract entrepreneurs and investors. The overall Spanish ecosystem is generally less mature than those in the U.K., France, Sweden and Germany, but it has been improving at a fast clip. More recently, entrepreneurs in Spain have moved away from emulating success in pursuit of innovative technologies. Following the financial crisis, the Spanish government supported the creation of startups with the launch of FOND-ICO GLOBAL, a €1.5 billi...

How to Stay Creative and Keep SEO in Mind

Information Technology Blog - - How to Stay Creative and Keep SEO in Mind - Information Technology Blog Search engine optimization (SEO) refers to customizing your website’s content to ensure that web browsers give your website a high SEO score. The sites with the highest SEO scores are featured on the search engine’s first page of search results for relevant searches.  71%  of the click-throughs happen with articles listed on the first page of results on the search engine. This means that if your website’s article is the second (or third, or fourth page), it’s less likely the search user will even see your article. You want your article to be ranking as close to the top of the first page of results as possible. In order to have a good SEO score your site’s content needs to feature keywords and relevant phrases. It must be optimized for easy navigation between pages. It also needs to be referenced via external links that drive traffic to your site. Incorporating all of t...

Everything we know about HHS Protect, a secretive government project with Peter Thiel's Palantir that helps brief Trump's coronavirus task force

A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus .  Dubbed "HHS Protect," the effort tracks information from around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  HHS uses Palantir Technologies , a data firm cofounded by Peter Thiel, to distill that information for the White House coronavirus task force. Visit Business Insider's homepage for more stories . A secretive project at the US Department of Health and Human Services is working with technology companies to collect and analyze data related to the novel coronavirus.  Dubbed "HHS Protect," the effort includes roughly 2.5 billion pieces of data from healthcare providers, government officials, and labs around the country about coronavirus case numbers, hospital capacity, and even supply chain issues.  The goal is learn about the progress...