Date of Graduation

Spring 2019

Degree

Master of Science in Defense and Strategic Studies

Department

Defense and Strategic Studies

Committee Chair

Brian Mazanec

Abstract

The aim of this thesis is to assess the unique technical and policy-based cybersecurity challenges facing Canada’s critical infrastructure environment and to analyze how current government and industry practices are not equipped to remediate or offset associated strategic risks to the country. Further, the thesis also provides cases and evidence demonstrating that Canada’s critical infrastructure has been specifically targeted by foreign and domestic cyber threat actors to pressure the country’s economic, safety and national security interests. Essential services that Canadians and Canadian businesses rely on daily are intricately linked to the availability and integrity of vital infrastructure sectors, such as the financial, water, healthcare, electricity, and transportation systems. These sectors continue to become increasingly connected to Information Technology (IT) assets and processes that are vulnerable to malicious computer activity. To assess these vulnerabilities, the technical components of this paper analyze the current cybersecurity challenges impacting critical infrastructure owners, operators, regulators and vendors with regard to legacy IT systems and new emerging technologies—such as cloud computing and 5G. This includes analysis on the integration of corporate Internet-linked networks with traditionally isolated Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) networks. It also includes a non-industrial sector case study focusing on the financial system, which discusses the cybersecurity challenges facing the national Large-Value Transfer System (LVTS). From a national security perspective, the thesis maps Canada’s cyber threat landscape and analyzes actors such as nation-state governments, Advanced Persistent Threat (APT) groups, terrorist organizations, malicious and negligent insiders, and hacktivists. As a recommendation, the thesis constructs a three-tiered public-private partnership that draws on a new Canadian-based cybersecurity assessment framework, the adoption of an Assumption of Compromise (AoC) security culture, and the improvement of cyber threat information-sharing programs.

Keywords

cybersecurity, critical infrastructure, national security, SCADA, ICS, Public Safety Canada, cyber attack, control networks, corporate networks, NIST framework

Subject Categories

Defense and Security Studies | Information Security | Infrastructure | Science and Technology Studies

Copyright

© Samuel A. Cohen

Download

Open Access

Share

COinS