CRTC launches consultation on framework to address malware within Canadian networks

'With the launch of this proceeding, we are aiming to better protect Canadian individuals, businesses and institutions against damaging botnet activity.'

CRTC launches consultation on framework to address malware within Canadian networks
The CRTC is seeking comments from Canadians.

The Canadian Radio-television and Telecommunications Commission (CRTC) has launched a consultation on its proposed framework to address botnets or harmful networks of malware-infected computers that are under the control of a malicious actor.

The CRTC is seeking comments from Canadians on the appropriateness and need to develop a new framework to address botnet activity within Canadian networks.

“Malicious botnet attacks are a serious and recurring concern. Almost every week, we see another organization victimized by ransomware or hear of a fellow citizen lured in by a phishing scam,” said Ian Scott, chairperson and CEO, CRTC. “With the launch of this proceeding, we are aiming to better protect Canadian individuals, businesses and institutions against damaging botnet activity.”

Canadians are invited to submit comments by March 15, 2021 using only one of the following methods:

  • Filling out the online form
  • Writing to the Secretary General, CRTC, Ottawa, Ontario K1A ON2 or
  • Sending a fax to 819-994-0218

Botnets facilitate some of the most damaging cyberattacks, including ransomware and identity theft. These attacks cause significant harm to Canadians, businesses and organizations that provide critical services such as hospitals, schools and government bodies.

The types of cyber-attacks enabled by botnets generally include spam distribution, distributed denial of service attacks, information theft and malware deployment, including ransomware.

The CRTC’s preliminary view is that a network-level blocking framework is a viable strategy to prevent the harm botnets cause to Canadians.

Measures to block botnet traffic could prevent attacks and help to protect Canadians. The Commission is seeking comments on the appropriateness and need for telecommunications service providers to adopt blocking techniques within their networks, including what safeguards would be necessary to ensure privacy, transparency and effectiveness.

Nearly all (97 per cent) of Canadian businesses say their cybersecurity strategies will shift as a result of the increased digitization during the COVID-19 pandemic, according to PwC Canada's Digital Trust Insights report in December 2020.

Under Canada’s Anti-Spam Legislation, the CRTC is responsible for ensuring compliance with provisions relating to spam distribution, malicious network traffic redirection and malware installation. It has the authority and mandate to address malicious activity facilitated by botnets under the Telecommunications Act.

Attacks on web applications rose by 800 per cent in the first six months of 2020 compared to the same period last year, according to a report from CDN and cloud security provider CDNetworks released in November.

Randstad suggests the following tech-based solutions to keep at-home working setup secure:

  1. Set up two-factor authentication
  2. Regulate VPN use
  3. Avoid public networks
  4. Only use company security-approved devices
  5. Ask employees to secure their router

RELATED STORIES