Nov. 4, 2022

Partners team up to fight cybercrime

UCalgary brings expertise in network and software security to partnership with police and industry
Unique partnership that includes the University of Calgary aims to track down and nab cybercriminals
Shutterstock

Cybercrooks, beware!

A new public-private partnership between the Calgary Police Service, the University of Calgary, and local cybersecurity business ENFOCOM Corporation will create the infrastructure and processes needed to pursue cybercriminals, says a UCalgary cybersecurity expert.

“We’re learning right now how you would go about setting this up to actually try and catch some of the bad guys. That’s the goal,” says Dr. Ken Barker, PhD, scientific lead for the new partnership and professor in the Department of Computer Science in the Faculty of Science.

The first-of-its-kind partnership, launched in early October, which is Cyber Awareness Month, builds on UCalgary’s growing expertise and capability in information security. That includes the Canadian Cyber Assessment Training and Experimentation Centre (CATE) located on campus.

CATE is a comprehensive resource enabling safe experimentation and research for law enforcement, academia, innovators and cybersecurity professionals. The centre, established in April this year, is led by a consortium that includes UCalgary, Calgary-based Raytheon Canada and ENFOCOM.

CATE is equipped with a state-of-the-art, highly automated “cyber range” (an interactive technology environment), along with cyber assessment, experimentation and integration labs. The centre’s modular and scalable architecture can emulate complex real-world digital enterprises.

CATE can be structured as a virtual environment to carry out simulated cyberattacks that appear to be convincingly real, Barker says. “We can set CATE up to basically look like it is a completely independent site operating out of anywhere in the world.”

On the dark web, being able to carry out cyberattacks builds credibility among cybercriminals.

Establishing such credibility “basically allows police to get further up the criminal food chain, enabling them to identify and collect evidence on those who are masterminding cyberattacks,” Barker says.

Ken Barker

Ken Barker.

“Once we know how to do this, it could be operationalized in the future,” he says. “At this point, we’re still in the research stage. None of it has been operationalized yet.”

“Cybercrimes often result in complex investigations requiring the participation of multiple external agencies, which is why partnerships are essential to the advancement of investigations,” says Sgt. Kevin Paul, head of the Calgary Police Service’s cybercrime team.

“Each partner on this team brings unique skills, expertise, and capabilities to the table,” Paul adds.

This partnership is the first of its kind in Canada and we believe that this is the future of information security and law enforcement.

Herbert Fensury, CEO of ENFOCOM, says his company “has chosen to work with public, academic and corporate entities to address the skills gap within the community of cyber professionals and provide a safe super-lab to test current and future incident responses.”   

Partnership builds on 20 years of growing expertise

UCalgary’s expertise in information security got started in 2002, with the recruitment of an iCORE (Alberta Informatics Circle of Research Excellence) chair and associated faculty members focused on cryptography and primarily fundamental security issues. Another iCORE chair added in 2007, along with more faculty, expanded the effort into network security and software security.

Around the same time, the university established the Institute for Security, Privacy and Information Assurance (ISPIA), to pull together members of various faculties working in the area. ISPIA has since grown to about 40 faculty.

“The breadth of expertise runs from number theory — deep mathematical problems — to public policy in cybersecurity and privacy-related issues,” Barker says.

Barker, who became director of ISPIA in 2018, worked to establish the not-for-profit National Cybersecurity Consortium (NCC), to collaborate with public and private sectors and lead world-class cybersecurity innovation and talent development.

UCalgary is one of five Canadian university founding partners of the NCC. The others are Concordia University, Toronto Metropolitan University, University of New Brunswick, and University of Waterloo.

“The University of Calgary is one of the five leading institutions in the country in this space,” Barker notes.

 Earlier this year, the federal government appointed the NCC to lead Canada’s Cyber Security Innovation Network, with funding of up to $80 million over four years for projects that grow the cybersecurity ecosystem through industry-academia collaboration.

At UCalgary, the intent is to expand on cybersecurity partnerships like the one with the Calgary Police Service, Barker says. “We’re talking to people in the health sector, the energy sector, and some people in agriculture as well.”

Students learning cybersecurity skills

Barker says at least two or three courses will be run out of the CATE centre this academic year, for a cohort of 25 students taking the Master of Information Security and Privacy. The one-year professional program is targeted at people who already have a degree and want to specialize in information security.

Students will engage in agile, scenario-based cyber training; in-depth assessment of cyber solutions; and experimenting with new cyber resiliency concepts driven by emerging technologies.

For example, a course called Ethical Hacking involves a team of students hacking into virtual environments and another team defending such environments from cyberattacks.

CATE also offers innovators of cybersecurity products a test bed, where their devices can be challenged with different kinds of virtual scenarios, such as ransomware or virus attacks.

“The cybercriminals are going to keep making investments in this space, because it’s a lucrative criminal activity,” Barker says.

“So I think we need to be constantly vigilant and continuously investing in this space, so organizations and individuals can protect themselves.”