New cybersecurity network aims to share data on emerging threats

Leaders of some of Canada's largest industries are creating a new network to help businesses and the public stay abreast of emerging cyberthreats from malware, hackers and online criminals.

• Canada 'failing' in fight against cybercrime, hacking
• Ransomware, bogus emails from your 'boss' mark growing skill of cyber-criminals
• New RCMP cyber unit to target global hackers, online scammers
• The Canadian Cyber Threat Exchange's website

"The threat is constantly evolving.The kinds of attacks, viruses and malware are rapidly changing. Nobody has the capability of staying ahead of it all the time," said John Manley, president of the Canadian Council of Chief Executives,which is spearheading the program.

Billed as the CCTXor the Canadian Cyber Threat Exchangeit is set to launch in early 2016.

It will be run as an independent, not-for-profit organization open tobusiness and institutions of all sizes. Its founding members include Air Canada, Bell Canada, CN Rail andHydroOne, as well as Royal Bank and TD.

Confidentiality around cyber breaches

A CBC News investigation into cybercrime this fall determined Canada lags behind other countries when it comes to tracking, policing and thwarting cybercrime. Until now,Canada has had no system to track cyber incidents and private companies are not required to alert the public or customers when there is a breach.

Manleysays most Canadian companies fear publicly acknowledging being a victim of acyberattackfor fear of losing business.

"In a world where everyone is being attacked, all the time, nobody wants to stick their hand up and say, 'They got in.'But they are willing to share,"Manleytold CBC News as he unveiled details of the newCCTX.

Manley says the CCTX won't require members to publicly admit to being targets of cyberattacks; rather, it will be a way to report new threats and share strategies to defend against them.

"It won't be to say, 'Oh look, Bell Canada was attacked and shut down for 30 minutes,'" Manley explained. "Instead it'll be a clearinghouse a way to share information about incidents of, for example, malware, the kind of characteristicswhen it infected a CCTX member. It had this impact. Here was their response. Maybe they'll even share code written to deal with it."

Program's cost to be member-funded

The CCTX will be member-funded, with large corporations charged an annual fee of $50,000. Medium and small business will be required to pay $20,000 and $5,000 respectively.

The initiative will also work with the federal government's Canadian Cyber Incident Response Centre run by the Ministry of Public Safety.

"We believe this will expand quickly across large enterprises," Manley says.

Imran Ahmad, a Toronto lawyer specializing in cybersecurity and member of the Canadian Advanced Technology Alliance, an innovation and IT advocacy group, calls the new made-in-Canada program "good news."

"I want to see what the timeline is on this thing," Ahmad said. "I think there is a real need right now where businesses and organizations government, universities, schools and all that they need to have this resource sooner than later."

He says there are other "cyber threat sharing" businesses run by the likes of IBM. But this not-for-profit approach, engaging many different sectors, will help reach a large swathof Canadian enterprises, which may not all be equipped or able to defend themselves against cyberattacks.

John Manley says ultimately the CCTX should help all Canadians.

"Cybersecurity is a major concern for the electricity sector, telecommunications services, government, banking and financial services," Manley said. "Your service providers are today being attacked be it by criminals, state-sponsored hackers, or others. If you lose those services you will care. This is for everybody."