U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Defending the Electronic Frontier

NCJ Number
217440
Journal
Let's Talk Volume: 31 Issue: 2 Dated: December 2006 Pages: 14-16
Author(s)
Bill Rankin
Date Published
December 2006
Length
3 pages
Annotation
This article identifies some of the security threats to the Correctional Service of Canada's (CSC's) computerized data and operations as well as the countermeasures adopted and recommended by CSC's Information Management Services (IMS).
Abstract
External threats to computerized operations come mainly from the Internet. The Internet enables one or a number of computers to enter another computer from anywhere in the world. Most of these attacks are automated and aimed broadly at multiple computers. Of the 100,000 unsolicited electronic messages that reach CSC computers daily through the Internet, approximately 60,000 are spam, and approximately 350 contain viruses. IMS security staff has been successful in countering the dangerous attacks, but occasionally one manages to breach the CSC firewall; for example, the Sasser Worm 2 years ago disrupted workflow without actually accessing the CSC network. CSC IT (information technology) security staff is regularly involved in repairing vulnerabilities in software programs used by CSC. When one is detected, it is eliminated by applying a "patch," which is a corrective measure in the form of updated software. Another concern is inmate's use of a device smuggled into the prison that is capable of gaining access to wireless networks in homes and businesses near the prison. This enables inmates to communicate with the outside world without the knowledge of prison staff. This threat is countered by physical searches and electronic sweeps in order to detect such inmate devices. This article offers six security recommendations to CSC personnel who operate computers in their jobs. Some of the recommendations are to use strong passwords that are not shared with other employees, to lock the computer whenever the employee leaves the work station, and to refrain from installing personal hardware and software on CSC computers.