Date of Graduation
Spring 2019
Degree
Master of Science in Defense and Strategic Studies
Department
Defense and Strategic Studies
Committee Chair
Brian Mazanec
Abstract
The aim of this thesis is to assess the unique technical and policy-based cybersecurity challenges facing Canada’s critical infrastructure environment and to analyze how current government and industry practices are not equipped to remediate or offset associated strategic risks to the country. Further, the thesis also provides cases and evidence demonstrating that Canada’s critical infrastructure has been specifically targeted by foreign and domestic cyber threat actors to pressure the country’s economic, safety and national security interests. Essential services that Canadians and Canadian businesses rely on daily are intricately linked to the availability and integrity of vital infrastructure sectors, such as the financial, water, healthcare, electricity, and transportation systems. These sectors continue to become increasingly connected to Information Technology (IT) assets and processes that are vulnerable to malicious computer activity. To assess these vulnerabilities, the technical components of this paper analyze the current cybersecurity challenges impacting critical infrastructure owners, operators, regulators and vendors with regard to legacy IT systems and new emerging technologies—such as cloud computing and 5G. This includes analysis on the integration of corporate Internet-linked networks with traditionally isolated Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) networks. It also includes a non-industrial sector case study focusing on the financial system, which discusses the cybersecurity challenges facing the national Large-Value Transfer System (LVTS). From a national security perspective, the thesis maps Canada’s cyber threat landscape and analyzes actors such as nation-state governments, Advanced Persistent Threat (APT) groups, terrorist organizations, malicious and negligent insiders, and hacktivists. As a recommendation, the thesis constructs a three-tiered public-private partnership that draws on a new Canadian-based cybersecurity assessment framework, the adoption of an Assumption of Compromise (AoC) security culture, and the improvement of cyber threat information-sharing programs.
Keywords
cybersecurity, critical infrastructure, national security, SCADA, ICS, Public Safety Canada, cyber attack, control networks, corporate networks, NIST framework
Subject Categories
Defense and Security Studies | Information Security | Infrastructure | Science and Technology Studies
Copyright
© Samuel A. Cohen
Recommended Citation
Cohen, Samuel A., "Cybersecurity for Critical Infrastructure: Addressing Threats and Vulnerabilities in Canada" (2019). MSU Graduate Theses/Dissertations. 3340.
https://bearworks.missouristate.edu/theses/3340
Open Access
Included in
Defense and Security Studies Commons, Information Security Commons, Infrastructure Commons, Science and Technology Studies Commons