As a point of clarification, DND's original cyber operations were stood up fully in 1999, vis a vis the Information Protection Centre (IPC), comprising the DND Computer Incident Response Team (DND CIRT) and National Vulnerability Assessment Team (NVAT). I led the former at my retirement in 2001.
We were doing our own. You'd be, maybe, surprised that CSE's own capability in that regard was still pretty immature as well. We can have a chat about their attempts to grab data from the private sector during the early 2K's. I managed CGI's capability back then and had many run ins.
Very interesting to hear DND/CAF doing penetration testing back then as well. Earliest that I have for CSE penetration testing DND/CAF is October 2022, but the definitions and language they use here it could mean something else (https://nsicop-cpsnr.ca/reports/rp-2022-02-14/04-en-part-2.html). It suggests that DND/CAF was the first that CSE pen tested.
We definitely do need to have a chat. There's so little public information about DND/CAF cyber in 1990s and 2000s that It was a big win for me when I found an old unit Christmas letter that just a single sentence that was useful.
As a point of clarification, DND's original cyber operations were stood up fully in 1999, vis a vis the Information Protection Centre (IPC), comprising the DND Computer Incident Response Team (DND CIRT) and National Vulnerability Assessment Team (NVAT). I led the former at my retirement in 2001.
Thanks! I didn't have dates for those until now, definitely noting for future use.
In this article I was largely referring to when CSE began to do penetration testing of DND/CAF networks in the early 2000s, but will clarify that.
We were doing our own. You'd be, maybe, surprised that CSE's own capability in that regard was still pretty immature as well. We can have a chat about their attempts to grab data from the private sector during the early 2K's. I managed CGI's capability back then and had many run ins.
Very interesting to hear DND/CAF doing penetration testing back then as well. Earliest that I have for CSE penetration testing DND/CAF is October 2022, but the definitions and language they use here it could mean something else (https://nsicop-cpsnr.ca/reports/rp-2022-02-14/04-en-part-2.html). It suggests that DND/CAF was the first that CSE pen tested.
We definitely do need to have a chat. There's so little public information about DND/CAF cyber in 1990s and 2000s that It was a big win for me when I found an old unit Christmas letter that just a single sentence that was useful.