Canadian Centre for Cyber Security says it’s working on homomorphic encryption
Canadian cyber intelligence agencies said that work on what he calls the “Holy Grail” of data encryption to protect government information like the number of reports of violations of privacy, effort and hit ransomware malware continues to grow.
Encryption works primarily transit – which protects data while it is being shipped – or “at rest”, who guard the information when it is stored. But to be processed and understood, that the information needs to be decrypted, potentially putting at risk.
“We want encryption when it is being processed so you do not need to decrypt it to do so, and it was something called homomorphic encryption,” Scott Jones, head of the Communications Security Establishment’s (CSE) Canadian Cyber Security Center, told Brampton-News.
“It’s the Holy Grail of encryption that really gets us to the point where, ‘OK, now we will be safe even [while] information is being processed’ … It’s a relatively new phenomenon.”
The center is leading the government’s response to cybersecurity incidents, defends Ottawa virtual assets and provides advice to the Canadian industry, businesses, and residents on how to protect themselves online. CSE team can be viewed by two billion actions per day, including malicious intrusion attempts.
Jones said the CSE has been working with industry and academia to find out how the homomorphic encryption function in a Canadian setting.
“Encryption is really critical defense,” he said, noting the agency maybe five to ten years away from achieving that goal.
“One of the cybersecurity issues that we could block two billion things, but success is what we are talking about … We consider the failure of something that we have to address.”
Ransomware attacks increased
Brett Callow, the BC-based threat analyst with Emsisoft international cybersecurity company, said the homomorphic encryption can reduce the possibility of data obtained secretly in a form that is easy to use, but it was not a perfect defense against all attacks.
“To use an analogy, the data company will be in a deposit box that only has the key, but the threat actor can put in a lockbox that both that only they have the key,” he said.
“I’m not sure we’ll ever find a silver bullet. Security is likely to be a constant and sustained permanent game of whack-a-mole.”
More and more Canadian cities, provinces, government contractors and businesses have found themselves exposed ransomware attack – involving malicious software that is used to immobilize the target computer system to request payment in cash. Just last week, the provincial P.E.I. acknowledged that some personal information may have been compromised in the islands recently hit.
Callow said homomorphic encryption is not necessarily a perfect shield against sophisticated hackers.
“Ransomware attack typically involves harvesting the user and admin credentials. If an attacker is able to harvest the credentials that allow users to access data, they will also be able to access the data,” he said.
“In these circumstances, the actor may not necessarily be able to exfiltrate non-encrypted original data from, but they certainly can see and, perhaps, take screen grabs.”
There is also the problem of human error.
departments and federal agencies have recorded thousands of breaches of privacy over the last two years, according to the latest figures filed in the House of Commons – a lot for a slip-up or mistake.
Even that amount is likely to fall short because many departments reported they did not know how many people are exposed to violations of individual information, or how many were then contacted and warned.
To advertise with Brampton-News, please contact our advertising team here: Advertise with us.