Canada's computer security loopholes called threat to U.S.

[William Knowles <wk () C4I ORG>]

http://www.nationalpost.com/news/story.html?f=/stories/20001030/445647.html

David Akin
National Post
October 30, 2000

CAMDEN, Me. - Canada is unable to defend itself from sophisticated
attacks made against its vital telecommunications and computing
infrastructure, a senior advisor to the U.S. security establishment
said yesterday.

James Adams, who has worked with the U.S. National Security Agency and
the Central Intelligence Agency, told the National Post Canada's
vulnerability is a concern to security circles in Washington, D.C.
That's because so many major U.S. corporations have offices in Canada.

"Canada is essentially the back door into America," said Mr. Adams,
who is the chief executive of iDefense Inc., an intelligence and
security company that focuses on computing technologies. He said U.S.
defence establishment officials have been encouraging Ottawa to do
more to guard against threats from hackers, be they teens or foreign
states.

Ottawa has plans for a national centre to protect vital information
networks. As reported in the National Post this month, legal and
policy issues must be resolved prior to the establishment of such a
centre, including the question of balancing privacy rights against the
needs of security officers.

"Canada is still a long way behind," Mr. Adams said. "Canadian
intelligence is beginning to do a lot of work on it, but law
enforcement has a long, long way to go."

Mr. Adams said 30 countries -- the U.S. but not Canada among them --
are preparing to simulate information warfare, practising tactics to
combat attacks on their telecommunications networks.

Mr. Adams said because of the way Canada and the United States have
organized the relationship between public sector agencies and the
private sector, they face special security challenges.

"In Israel, France, China, Russia and India, there is frequently a
blurring between the public and private sector because there you have
a clearer definition of what is the national interest," Mr. Adams
said. "In the States, the intelligence community -- and government
agencies generally -- are legally proscribed from passing to the
private sector what they know. In Israel, France or other countries,
it's seen as a mutual benefit."

The private sector in Canada and the United States "doesn't have the
right to access the right information from security agencies [which
makes it] exceptionally vulnerable, and that is a problem."

Mr. Adams was speaking on the weekend at PopTech2000 in Camden, Me.,
an annual gathering of elites from business, academia and the arts, to
assess the social and political impacts of new communication
technologies.

Mr. Adams told the conference on Saturday he advises his corporate
clients not to buy hardware or software goods manufactured in Russia,
China, France or India.

"My company would never buy any hardware or software equipment
manufactured abroad," Mr. Adams said. "We know without any question
whatsoever that a lot of things that are sold in the United States, be
it a firewall or some software, are infected with implants from these
countries so that anything that goes across their networks or is
stored in their programs is sent back to the country of manufacture."


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".