Calgary a leader in national cyber security
By Davor Curic, April 22 2022—
As we move towards an increasingly digital future, protecting ourselves online is becoming more and more important. That is why the University of Calgary, in collaboration with Concordia University, Ryerson University, the University of Waterloo and the University of New Brunswick, is leading a federally incorporated, not-for-profit national cybersecurity effort, aptly called the National Cybersecurity Consortium (NCC).
Cybersecurity is a broad set of technologies and techniques designed to protect data, information and computers from online threats. According to Dr. Ken Barker, an executive director of the NCC and professor of computer science at U of C, the motivation behind the consortium was to foster collaboration in enhancing Canadian cybersecurity.
Instead of the traditional model of researchers bitterly fighting each other for research grants, the NCC distributes the money according to where it is needed. But this isn’t limited to the five founding universities.
Not only have 140 researchers across 40 universities joined the effort, but the NCC is also working closely with industry and other not-for-profit partners. This is all to promote cybersecurity across the board — from initial conceptualization to commercial product, and from individuals working from home to critical infrastructures like health care, banking and energy. And yes, this includes university students who keep assignments or thesis work in the cloud without a backup.
For this to be feasible, however, the NCC needs to overcome what it sees as a shortage of expertise. This means an emphasis on training a new batch of cybersecurity experts. Part of this involves organizing collaborative training across the country — something only possible with a robust organizational network in place.
But if you think this just means more computer science majors, think again. Cybersecurity is not only a technological challenge, it is also a social policy challenge, a business challenge involving complicated intellectual property rights issues and much more.
Within the U of C, a group of multidisciplinary researchers are tackling cybersecurity on a local level under the banner of the Institute for Security, Privacy and Information Assurance (ISPIA). While many ISPIA members work on the technological side, many are also from outside the faculty of science. Researchers from law, mEdicine, the Haskayne School of Business and the Faculty of Arts are pooling their expertise with scientists and engineers.
“I think what the University of Calgary has been able to do around ISPIA is to create a culture of multidisciplinarity in a really meaningful way,” said Barker.
While recognizing a need for skilled students and workers is one thing, actually building the capacity to generate them in a meaningful way is a challenge. Existing programs can address this to some degree, but it is not enough, according to Barker.
“What we’re discovering is that information security — this whole privacy issue — it’s different than computer science,” said Barker. And while certainly taking a few specialty courses will get students out the door, “once they’re out the door, they’ve got an awful lot of things to learn yet because they’ve looked at it from a purely technological perspective.”
Instead, Barker suggests we should start looking at cybersecurity as an emerging discipline, one that may require an undergraduate degree in the future.
There is another source of workers that is less traditional, but almost completely untapped — a massive cohort of educated Albertans who are finding themselves at the mercy of an unprEdictable energy economy.
“We’re changing, our whole province is going through a transition, and it is painful […] we have to think about [Alberta’s economy] differently,” said Barker. “These are people who already have many of the technical abilities already in place.”
Programs such as U of C’s professional masters in information security and privacy, which work to retrain professionals within a year, are seen as an important step towards tapping this large pool of talent.
Barker also says that while students are not targeted per se, it is still important to be diligent. Standard practices to keep yourself safe include interacting only with trusted sources, being wary of phishing attacks (emails designed to trick an individual into disclosing private information) and of course, maintaining strong passwords.
The most common attacks however are simply random automated scripts designed to probe for potential weaknesses in software. Limiting the number of organizations with which individuals share their personal information online is an important aspect of digital security.
“If you think you’re safe because you’re not a target, you’re confused about how most of this works,” says Barker.
Unfortunately, sometimes cybersecurity is a game of chance, but that doesn’t mean that we, as individuals and as a country, can’t stack the deck in our own favour.