Cybersecurity Awareness

Sensitive information related to human pathogens and toxins is often stored electronically on internal computer networks and cloud storage solutions. You should routinely review and update cybersecurity measures in your biosecurity plan based on Canadian Centre for Cyber Security (the Cyber Centre) alerts to ensure access to this information remains restricted to authorized individuals (Canadian Biosafety Standard 4.10.12).

In June 2022, the Cyber Centre issued an alert update on previously reported Log4j-related vulnerabilities. This alert update highlighted that malicious, state-sponsored advanced persistent threat actors routinely exploit Log4Shell vulnerabilities in VMware products. In one confirmed compromise, these advanced persistent threat actors were able to collect and extract sensitive data.

The Cyber Centre and its partners recommend the following actions:

•         review the Joint Cybersecurity Advisory on mitigating Log4Shell released in December 2021, and the guidance material
•         review the most recent Cybersecurity and Infrastructure Security Agency and United States Coast Guard Cyber Command Alert for more information
•         update all affected systems to the latest version
•         use tactics, techniques and procedures to examine and fix affected systems

You can also contact Public Safety at ps.rrap-perr.sp@canada.ca to test your information technology systems for vulnerabilities and identify improvements. They offer optional assessments and free Review and Analysis Tools. If a private company assesses your information technology system, please ensure they have the appropriate security clearance to have access to information about your access control methods.

The Cyber Centre is Canada's national authority for cybersecurity. If you have a question about your systems, the Cyber Centre is your first point of contact. For more information, please contact health-par-sante@cyber.gc.ca or refer to The Canadian Centre for Cyber Security.