COI Report – Part VII
Page 339 of 425
limitations. As cybersecurity is an evolving and dynamic area, the CII sectors should continually educate themselves on the latest technology, so that they can be implemented at the appropriate time, without undue delay.
984. While behavioural analytics is more suited as a long-term recommendation, there is an aspect of collective security that can be implemented in the medium-term. To enable governments and companies to learn how to fight in cyberspace as a cohesive whole, there should be promulgation of a common doctrine, system interoperability, information sharing, regular exercises, and trust. A common doctrine of cybersecurity
90
may include a) goals (e.g. the level of cybersecurity sought and the acceptable risks, costs, and trade-offs); and (b) means (e.g. protect, detect, respond, and recover. System interoperability will enable sharing and ready use of information securely and effectively. Information sharing may include sharing of threat intelligence and best practices, as we have elaborated on earlier in this section. We have elaborated on the need for regular exercises in in the context of improving incident response processes above.
985. Recommendation #7 will bring our cybersecurity posture to a higher level. Although it is the last of the Priority Recommendations, it is not the least important. CSA and relevant agencies should study this recommendation and consider how to implement measures to better achieve collective security, sharing of threat intelligence and networked defence. For more information on the scope of the doctrine for cybersecurity, see Deirdre K. Mulligan and Fred B. Schneider, Doctrine for Cybersecurity”.
COI Report – Part VII Page 340 of 425 43 RECOMMENDATION #8: IT SECURITY Share with your friends: |
