With total project values over $39.2 million, the NCC committed $11.2 million to projects that help foster a strong national cybersecurity ecosystem in Canada and position the country as a global leader in cybersecurity.
Commercialization
Recipient
Palitronica Inc.
Collaborators
Arcfield (AB), Continental (ON), Sera4 (ON), and University of Waterloo (ON)
Committed Funds
$1,000,000.00
Project Description
The Platform-Agnostic Scalable Cyber Assured Logistics (PASCAL) project aims to enhance critical industries’ ability to procure advanced electronics securely, mitigating risks associated with recycled, counterfeit, tampered, or backdoored parts. The duration of this project is 3 years, intending to establish a robust, repeatable, data-backed offering of the PASCAL solution system. By demonstrating product effectiveness to strategic partners, Palitronica will become the go-to technology solutions provider for supply chain cybersecurity for aerospace, defence, and other critical industries. The project will: Test and Validate with Short-Term (ST) Strategic Market, Adapt Solution for Long-Term (LT) Target Market, and Expand Commercial Solution to LT Target Market.
Research and Development
Recipient
Deloitte
Collaborators
Concordia University (QC), Prompt (QC), Groupe Desjardins (QC), Cybereco (QC), Pinq2 (QC)
Committed Funds
$1,000,000.00
Project Description
A custom cybersecurity tool designed for flexible managed security services which involves building a new detection engine using data lake, machine learning, and Artificial Intelligence (AI) to support any data added to the lake for potential correlation to a cyber event. Project Atlas resolves many limitations of cloud and off the shelf products that restrict our managed security services to match the capability of the platform. Current solutions are also designed for end users as opposed to managed service providers, further restricting our ability to provide end-to-end security services. Atlas also allows organizations to consolidate their security vendors into this solution which is financially beneficial. Project Atlas creates a more cost effective and comprehensive security service with less false-positives.
Recipient
University of Waterloo
Collaborator
École Polytechnique de Montréal (QC) and Acronis.
Committed Funds
$370,036.00
Project Description
Data backup systems use data deduplication techniques, to reduce the stored data size, support more users, and reduce service costs. Data deduplication is a widely used technique by modern cloud-based storage systems such as Acronis Cyber Protect and Dropbox. State-of-the-art techniques for deduplication require storing the data without encryption. Consequently, clients must have complete trust in the service provider and its cybersecurity protections. This trust model is unacceptable to clients and businesses with regulatory and privacy constraints. In this project, the research team will explore building Backup with Confidential Dedup (BCD), a backup system that performs data deduplication while keeping the data encrypted at the service provider.
Recipient
Concordia University
Collaborators
Ericsson (QC), University of Waterloo (ON), and University of Manitoba (MB)
Committed Funds
$1,000,000.00
Project Description
The shift towards 5G networks will be accompanied with the coexistence of previous generations (e.g., LTE 4G, whichexposes 5G networks to security risks related to vulnerabilities of its predecessors due to the inter-working modes and the threats related to the cross-protocol attacks. 5G adoption of new enabling technologies (such as NFV, SDN, and network slicing) increases its attack surface. This project studies 5G security concerns by developing intelligent anomaly detection, mitigation and prevention mechanisms using Machine Learning and Artificial Intelligence solutions. Thereby providing mobile operators with automated, closed-loop control security mechanisms that secure their network against attacks that hinders their network availability, and ensure 5G clients the services they desire.
Recipient
University of New Brunswick
Collaborators
Rogers (ON) and CIC (NB)
Committed Funds
$240,750.00
Project Description
The project involves the development and use of artificial intelligence in vulnerability management including the process of identifying and mitigating vulnerabilities in humans, computer systems and configurations, networks, and software applications. The traditional approach of vulnerability scanning, and management becomes inefficient because it overlooks risk factors that are usually indicators of complex attack vectors such as those user related weaknesses so the use of AI and machine learning systems and vulnerability management will not only make the process faster, but it will also make it more efficient. AI enabled vulnerability management can help facilitate the scoring and ranking of threats, which means less time spent looking for clues and less money spent on vulnerability scanning.
Recipient
University of Waterloo
Collaborator
Mastercard (BC) and University of New Brunswick (NB)
Committed Funds
$288,099.00
Project Description
Different people behave in different ways while visiting online websites or while engaging in the metaverse. This forms a user’s behavioural fingerprint, which can be used for benign or malicious purposes. This project collects various datasets with behavioural data from both real-world websites and the metaverse to determine which features of the collected data are useful for creating individual user fingerprints from these datasets. It will establish the potential of using these fingerprints for several purposes, including, user profiling, user impersonation, fraud detection, and fraud prevention. The goal is to detect and defend against fraudulent activities such as with credit cards.
Recipient
University of Waterloo
Collaborators
Blackberry (ON) and Rational Minds Innovation (QC)
Committed Funds
$270,470.00
Project Description
IoT device vulnerabilities are increasing. Recently the adoption of fuzzing techniques for automated vulnerability detection in IoT firmware has evolved but are limited because the need to obtain firmware for a particular device is hard. This project will address the challenge of *transfer fuzzing*. The idea is based on the observation that a device is expected to function similarly to its counterparts. As a result, if we can obtain firmware samples from the counterparts, we can fuzz test these samples and apply the fuzzing results to guide the testing of the target device. Solutions will benefit clients/customers who need to secure IoT devices for industrial and commercial usage.
Recipient
Queen’s University
Collaborator
Irdeto (ON), Western University (ON), and Royal Military College (ON)
Committed Funds
$300,000.00
Project Description
Emotional artificial intelligence (EAI) is effective to identify the negative mood and distraction level of drivers by observing drivers and monitoring their emotional and physical state. The monitoring of movement, facial expression, voice, gestures, and biofeedback; raises privacy and ethical concerns for drivers and passengers in vehicles, which have impeded the proliferation of EAI. This new project studies positive and negative impacts of EAI applications on vehicles and propose privacy principles and technical solutions to mitigate security, privacy, and ethical risks in automotive EAI systems for the proliferation of EAI-based ADAS. New societal and technical solutions will address key problems in transportation and be deployed to reduce collisions and improve road safety.
Recipient
University of Saskatchewan
Collaborators
Blackberry (ON), Amazon (ON), and McGill University (QC)
Committed Funds
$420,619.61
Project Description
In-vehicle infotainment (IVI) has evolved from CD players to heavily computerized interfaces vulnerable to attacks. Various car manufacturers have their own IVI systems, but the Android Automotive IVI system has gained popularity due to the widespread use of the Android operating system on mobile devices. Numerous studies conducted over the years have highlighted practically exploitable vulnerabilities in Android Automotive and consistently pointed out a widespread and systematic lack of security measures in IVI systems. This project will develop robust and practical defenses mechanisms for the security of Android-based IVI system during runtime.
Recipient
University of New Brunswick
Collaborator
Scotiabank (ON)
Committed Funds
$286,000.00
Project Description
This project will bolster the security of Hardware Security Modules (HSMs) that manage digital keys and perform cryptographic operations. The strategy is to transition these devices to a quantum-resistant model to confront potential threats from quantum computing advancements. As financial institutions handle vast amounts of sensitive data, the project addresses the risk of quantum computing breaking the cryptographic systems currently used by HSMs, which could leave this sensitive data vulnerable. Implementing a quantum-resistant model will future-proof institutions against threats, safeguarding their financial and reputational standing, and fostering customer trust. This project will strengthen data security in financial institutions in our rapidly advancing quantum computing era.
Recipient
Université du Québec en Outaouais
Collaborator
Portage Cybertech (QC), Laval University (QC), and Concordia University (QC)
Committed Funds
$90,000.00
Project Description
Digital identity systems play a crucial role in various sectors, including e-commerce, healthcare, finance and government services, so ensuring their security is paramount. This project studies the challenges and emerging threats in digital identity systems and propose effective solutions to improve their security. A formal framework is to be developed to allow the construction of secure digital identity systems based on a set of high-level requirements.
Recipient
Ontario Tech Institute
Collaborator
University of Texas at San Antonio (UTSA) and Durham Police service – Not confirmed
Committed Funds
$89,987.50
Project Description
Swarm technologies refer to the use of multiple coordinated and decentralized autonomous entities such as drones to complete a mission and/or achieve an objective. They work collectively to achieve a task that is otherwise hard to achieve with a single entity. Each entity in a swarm follows a specific algorithm/rule and communicates with other entities to exhibit a complex behavior to achieve a task. Drone-based swarm technologies are being used in security and surveillance, search and rescue, environmental monitoring and precision agriculture, infrastructure inspection, package delivery to list a few. Due to the nature of communication between drones in a swarm and the unpredictability of the swarm behavior, the threat landscape is different with major risks offering unique security issues when compared to a single drone.
Training
Recipient
Field Effect Software
Collaborators
Cyberquebec (QC), Algonquin College (ON), and University of Calgary (AB)
Committed Funds
$ 900,000.00
Project Description
Developing, delivering and managing hands on training for cybersecurity curriculum is an ecosystem gap for colleges and universities. The current situation is ad hoc. For the majority of universities, labs are developed by a teaching assistant and require students to download virtual machines and run labs on their own laptops. This approach introduces technical challenges for students getting environments configured, challenges tracking results and challenges maintaining labs through staff turnover. An alternative approach is for institutions to provide a lab infrastructure for students. With a managed infrastructure that challenge shifts to managing the infrastructure and resourcing the development of labs.
Recipient
École Polytechnique de Montréal
Collaborators
Desjardins (QC), Cybereco (QC), HEC Montréal (QC), and Université de Montréal (QC)
Committed Funds
$ 999,900.00
Project Description
We propose a pan-Canadian program, focused on cybersecurity professions and adaptable to innovation cycles. The three components are: (1) innovative cyberstart-up, (2) evolving training oriented towards entrepreneurship, and (3) learning through realistic simulation modules.
Deliverables: (1) train students in entrepreneurship and help participants launch cybersecurity businesses; (2) will provide training at all levels, geared toward priority cybersecurity professions and technological developments; and (3) develop cyber technical skills through concrete learning. This program will prepare current and future cybersecurity workforces and accelerate innovation to help Canada be a leader in the field.
Recipient
University of Calgary
Collaborators
No external collaborators
Committed Funds
$ 915,838.15
Project Description
This project will train future lawyers, legal academics, and policy experts, to advise on law and policy issues pertaining to, and shaped by, cybersecurity concerns. Artificial intelligence, financial technologies, and the digitization of society pose significant conceptual and regulatory challenges, especially in the increasingly complex global geopolitical environment. Businesses, universities, governments, non-profit organizations and other enterprises grapple with addressing cybersecurity and how well technologies address regulatory compliance. This training program will equip legal experts with the tools to address these challenges.
Recipient
University of Waterloo
Collaborator
Brandon University (MB), University of Alberta (AB), and eSentire (ON)
Committed Funds
$402,691.43
Project Description
A joint initiative between three universities and a cybersecurity company. A comprehensive, multidisciplinary cybersecurity training initiative that is designed to significantly enhance the scope, extent, and depth of cybersecurity education and training in Canada. The project will significantly expand cybersecurity course offerings in degree-based programs across different disciplines, adapt selected courses for workforce training, and acknowledge the need for specialized cybersecurity training for indigenous communities.
Recipient
McGill University
Collaborators
Blackberry (ON), Ericsson (QC), and Samsung (QC)
Committed Funds
$1,000,000.00
Project Description
A project to alleviate the national workforce shortage in cybersecurity by developing a new master’s degree in cyber security analytics. With the rapid advancement of technology, attackers can easily access sophisticated tools, leading to a surge in automated, AI-powered cyber-attacks. The volume of cyber data and network traffic is growing exponentially, making manual analysis all but impossible. There is an urgent need to train a new generation of cybersecurity professionals equipped with strong technical and managerial knowledge and systems protection, as well as hands on skills in advanced data analytics. This master’s degree will be comprised of three stackable graduate certificates an internship or research project.
Recipient
University of New Brunswick
Collaborators
No external collaborators
Committed Funds
$998,538.00
Project Description
A master’s degree program in cybersecurity management. A joint proposal by the faculties of management, law, computer science and the Canadian institute for Cybersecurity. Its uniqueness in Canada is that it is offering an interdisciplinary curriculum with focus on managing risk in critical elements of cyber security identified by the NIST.
Recipient
McGill University
Collaborator
FX Innovation (QC)
Committed Funds
$666,941.00
Project Description
Building on the expertise of the school of continuing studies in offering cloud computing and applied cyber security certificate programs, the school proposes to develop a bilingual training program in cloud security consisting of stackable micro-credential modules. This flexible noncredit program would provide both reskilling (when taken in its entirety) and upskilling (when taking by module) opportunities for professionals in both English and French. It will address the shortage of qualified bilingual cloud security professionals with target job role profiles of cloud security specialist/engineer/analyst etc. As a noncredit program delivered in a blended format, it will be more accessible to a variety of professionals since traditional credit program requirements of language proficiency, educational background will not apply.