Commercialization
Recipient
ENFOCOM International Corporation, Calgary, AB
Collaborators
Raytheon Canada
University of Calgary
Royal Canadian Mounted Police
Calgary Police Service
Edmonton Police Service
Check Point Software Technologies
InceptionU Educational Foundation Ltd.
University of Ottawa
Field Effect Software Inc.
IBM Canada
Committed Funds
$1,000,000
Project Description
This project addresses the escalating challenge of cybercrimes by enhancing the cybersecurity proficiency of law enforcement officers. Given the evolving nature and increasing sophistication of cyber threats, equipping officers with the requisite skills and knowledge is imperative for effective crime investigation and prevention in the digital realm. Recognizing the hurdles associated with accessing specialized cybersecurity training, particularly in terms of cost, time commitment, and geographical constraints, this project creates innovate training delivery methods. By leveraging online platforms and strategic partnerships with industry experts and educational institutions, this project democratizes access to high-quality cybersecurity training for law enforcement personnel. Through a systematic approach, this project will thoroughly assess officers’ training needs and analyze past cyber incidents to identify recurring challenges and areas for improvement. Based on these insights, tailored training programs will be developed to address specific skill gaps and operational difficulties law enforcement agencies face. Ultimately, the project empowers law enforcement officers across diverse jurisdictions with the advanced cybersecurity competencies necessary to combat cybercrimes effectively and safeguard communities against emerging digital threats.
Recipient
ezSec, Kitchener, ON
Collaborators
Siemens
Deloitte Samer
University of Windsor
University of New Brunswick
Committed Funds
$900,000
Project Description
This project commercializes a breakthrough data-science-based innovation solving a key problem in cyber-security-operations: the inadequacy and inefficiency of correlation and contextualization of security-events.
The approach allows defenders to find the needle (coordinated-attacks) in the haystack (false-positives, and lone-incidents) which causes frequent high-profile and high-impact breaches.
Augmenting today’s security-analytics-solutions (eg: SIEM, XDR, SOAR) which offer contextualization and correlation via unscalable narrow deterministic rules-and-playbooks, the innovation, Cypienta, scalably, probabilistically, and efficiently contextualizes and correlates seemingly disparate events, uncovering coordinated attacks that would otherwise go unnoticed until serious impacts are produced.
Cybersecurity operations experts depend on Cypienta to improve their security-event-analytics solutions’ contextualization and correlation quality, ease-of-use, efficiency, efficacy, flexibility, interoperability, adaptability, maintainability, and nuance comprehension, empowering their team with higher investigative-productivity and faster containment of coordinated attacks.
Recipient
Portage CyberTech Inc., Gatineau, QC
Collaborators
Converge
Centre for Research and Experimental Development in Informatics Libre
Université de Québec en Outaouais
McGill University
Zu
Flex Groups
Committed Funds
$1,000,000
Project Description
CitizenOne is a unique customer/citizen identity and access management solution designed for the public sector. It addresses the need for privacy, consent, and verifiable credentials. Canadian government bodies are currently leading the way in adopting digital identity/trusted data, but legislation is slow to appear and a lack of awareness around consent and privacy management hinders the adoption of reliable, citizen-centric solutions.
This project facilitates the digitalization of government services, reduces administrative burdens and costs, and builds trust between citizens and their governments. To achieve this, educational efforts are needed to promote the use of digital IDs and services in Canada and the USA. The project includes designing a migration process, with the help of applicable case studies and other training material produced with researchers and selected students from the Université du Québec en Outaouais and McGill University working collaboratively.
This project will promote Canada’s digital transformation leadership through Portage and its partners in the Ottawa/Gatineau region and have significant implications for Government agencies, Canadian citizens, and Canadian companies in the cybersecurity sector.
Research & Development – Standard
Recipient
ENFOCOM International Corporation, Calgary, AB
Collaborators
University of Calgary – CPSC
Field Effect Software Inc.
Raytheon Canada
Cybera
Royal Canadian Mounted Police
Calgary Police Services
Edmonton Police Services
IBM Canada
Université du Québec en Outaouais
Intlabs
Check Point Software Technologies
InceptionU Educational Foundation Ltd.
Raytheon Canada
University of New Brunswick
Toronto Metropolitan University – Rogers Cybersecure Catalyst
Committed Funds
$2,000,000
Project Description
This project addresses the challenge of attribution due to an escalating number of threats in digital systems. Cyber-attacks pose significant risks to nations, organizations, and individuals, with a growing number of incidents reported globally. Identifying and assigning responsibility for cyber-attacks remains a critical challenge. Without accurate attribution, responding to attacks and holding perpetrators accountable is difficult. This project develops efficient methods for cyber threat attribution, which will benefit government, law enforcement, and private organizations involved in cybersecurity.
This project seeks to contribute to the broader cybersecurity community by creating a curated Indicators of Compromise (IoCs) dataset. This dataset will offer valuable insights and solutions to enhance cyber defense strategies. Using a next-generation honeynet-based data collection environment, the project will explore techniques for creating simulated environments, which will further fostering innovation in cybersecurity.
This project’s significance lies in its ability to address the pressing issue of cyber-attacks by improved attribution methods and the provision of valuable resources for the cybersecurity community. Its objectives include enhancing response capabilities, fostering innovation, and ultimately bolstering defenses against cyber threats.
Recipient
Memorial University of Newfoundland, St. John’s, NL
Collaborators
Dalhousie University
Defense Research and Development Canada
Marine Institute
Transport Canada
Committed Funds
$759,073.18
Project Description
Canada’s economy and security is highly exposed to vulnerabilities in marine systems. Given the sector’s importance in both global trade (over 80% of trade is carried by sea), and in defense, not to mention its increasing exposure to fragile ecosystems such as the Northwest Passage, it is imperative that the floating towns/data centers that modern ships are becoming be protected from cyberattack. Cyberattack on a cargo ship in a narrow trade lane, or on a tanker in an ecologically-sensitive area, or on a naval support vessel supporting Canadian combatants, could have devastating consequences. Preventing such attacks will require a willingness to redesign and rebuild the most fundamental points of connection among marine systems.
This project investigates the fundamental constraints, limitations and requirements around critical control systems in the marine environment and design resilient, secure protocols and platforms for future marine systems. This project designs open protocols and hardened platforms, designed from the ground up for security, resilience and transparency, allowing seafarers to effectively understand and control their systems, detect anomalies and respond to cyberattack.
Recipient
Protexxa Inc., Aurora, ON
Collaborators
Toronto Metropolitan University
Core Centre Inc
Mila Montreal
Committed Funds
$1,701,280
Project Description
Protexxa’s cybersecurity platform, Defender, addresses cyber issues caused by employees and makes cybersecurity more accessible. Protexxa suite of solutions combining AI, gamification, and provides a better understanding of behavioural patterns.
Companies currently lack personalized cybersecurity solutions that can identify technology misuse and understand the impact of user experiences on behaviour. Traditional platforms use generic training or phishing exercises, resulting in a poor correlation between human assessment and actual threats.
This project connects personalized cybersecurity with organizational and community protection, by developing an all-in-one platform that aggregates capabilities and personalizes cybersecurity assessment, awareness, and protections.
Protexxa will deploy advanced AI and ML to predict vulnerabilities, improve cyber hygiene, and enhance user protection. Collaborations with TMU, Mila, and Felixa gaming will address the lack of datasets on user behaviour, enabling the design of future digital interactions and interfaces that improve behavioural patterns.
Recipient
Quantized Technologies Inc., Calgary, AB
Collaborator
University of Calgary
Committed Funds
$940,000
Project Description
Cryptographic algorithms form the basis of security in today’s digital world, underpinning virtually all online interactions. Current cryptographic infrastructure relies on classically ‘hard’ mathematical problems that can be efficiently solved using a quantum computer. Given the rapid progress in quantum technologies, there is an urgent need to develop cryptographic solutions that remain secure against quantum-enabled attackers.
Quantum Key Distribution (QKD) and Post-Quantum Cryptographic (PQC) algorithms provide two categories of cryptographic solutions that remain secure in the presence of a quantum attacker. QKD offers an elegant information-theoretic option, but it has traditionally faced feasibility challenges that have stymied widespread adoption. Quantized Technologies Inc. (QTi) is developing a hybrid solution that combines PQC with patent-pending next-gen QKD, which overcomes these feasibility challenges. The key issue of authentication, and the optimization of key consumption during authentication is addressed. QTi’s hybrid architecture represents a leap forward in practical post-quantum technology for securing networks in the quantum era.
Recipient
University of Calgary, Calgary, AB
Collaborators
Toronto Metropolitan University
University of Alberta
Telus
GuildOne
Committed Funds
$561,000
Project Description
Climate change presents an unprecedented global challenge that demands immediate action from everyone. Incentivizing individuals and corporations through credit systems, such as greenhouse gas offset credits for emission reduction and renewable energy tracking and credit systems, represents one of the most effective strategies for encouraging broader participation in sustainable ‘green’ behavior. Existing blockchain-based Green Credit Management Systems (GCMSs) aim to democratize green credit management by tokenizing credits and providing a transparent financial and trading infrastructure that allows everyone to purchase and exchange credits without intermediaries, relying solely on trusted smart contracts.
However, GCMSs are also attractive targets for attacks, fraud, and misuse. This project will:
(i) Analyze and investigate emerging threats, risks, insecurities, misuse, and fraud within an integrated blockchain-based GCMS ecosystem.
(ii) Develop essential technologies and expertise to enhance the trustworthiness, security, decentralization, and interoperability of GCMSs.
(iii) Identify social and legal requirements for secure green credit systems, and address adoption barriers related to trust, security, privacy, and cost.
A real-life prototype use case guides the research questions and demonstrates and evaluates the technologies.
Recipient
University of Waterloo, Waterloo, ON
Collaborators
Amazon AWS
Royal Bank of Canada
Airbus
Committed Funds
$295,000
Project Description
This project addresses the critical need for secure data storage in the cloud, which is especially pertinent given the widespread reliance on cloud services by businesses. This project overcomes the challenges of traditional encryption methods that may compromise data privacy. The goal is to design advanced data systems that address these concerns by enabling secure storage, efficient yet secure search capabilities, and protection against new forms of threats like access pattern attacks. Significantly, this work is relevant in the context of emerging technologies like Large Language Models (LLMs), which require sophisticated data storage solutions. The secure retrieval of data supported by LLMs is destined to become increasingly significant in the foreseeable future. By doing so, this project unlocks the economic benefits of cloud storage while safeguarding privacy. The outcomes include innovative data system designs, stronger industry partnerships, and significant cost savings for Canadian businesses. Ultimately, this project marks a pivotal step forward in data security and efficiency in the cloud era, bringing Canada’s position in cybersecurity and privacy research to the forefront.
Research & Development – Spearhead
Recipient
Carleton University, Ottawa, ON
Collaborator
None Identified
Committed Funds
$88,800
Project Description
Large Language Models (LLMs) are becoming increasingly important in Canadian organizations, especially in education, reshaping learning for children and youth. Outside schools, children interact with LLM-based applications, like games and AI characters, posing significant privacy risks due to potential sharing of their personal information. The lack of specific Canadian children privacy regulations exacerbates the issue, leaving children’s privacy vulnerable to exploitation by malicious actors. This project considers Canadian regulations such as PIPEDA, CPPA, and international best practices such as COPPA with the help of domain experts to identify applicable regulations for protecting children’s privacy in LLM-based applications.
This project introduces a new privacy-preserving software framework, integrating regulations into executable codes within LLM platforms using blockchain and smart contracts. This ensures active enforcement of children’s privacy regulations in real-time interactions. The framework integrates transparent consent mechanisms, enhances parental control, and automatically detects data breaches/misuse. At its core is a monitoring tool that tracks data operations in real-time, ensuring accountability and transparency. Integrated with a secure distributed file system and blockchain, the tool enables parents and trusted authorities such as OPC to regulate data access, thereby improving online safety for children.
Recipient
Concordia University, Montreal, QC
Collaborators
RMDS Innovation Inc.
University of New Brunswick
Committed Funds
$352,940
Project Description
Microgrids (MGs) have seen significant investments in modernization and renewables so enhancing the security and resilience of MGs is crucial. This project addresses their major operational issues, including susceptibility to cyber-physical attacks, and improving survivability and recovery following successful attacks. A co-simulation cyber-physical testbed is developed to generate key IT/OT data. Possible attack surfaces and vulnerabilities of MGs are identified, and their associated risks and impacts are investigated. To enhance the survivability of MGs, this project develops optimization-based frameworks for both the planning and operation phases. Attack detection and mitigation tools are then developed to counter threats. Finally, an optimization-based framework is developed, based on the security and operation constraints, to successfully recover from cyber-attacks. These envisioned designs, algorithms, and tools will enhance the quality of energy delivery, significantly reducing the risk of blackouts and brownouts. Moreover, MGs are ideal for electrifying over 170 remote communities in Canada, provided these systems are secure and resilient.
Recipient
Institut national de la recherche scientifique, Quebec City, QC
Collaborators
In Virtuo
Beam Me Up
Kaptics
MYND Therapeutics
University of Waterloo
ColAB Numerique
Digital Trust
Committed Funds
$500,000
Project Description
The metaverse will see real and virtual worlds come together, allowing individuals to socialize, play, work, transact, and visit healthcare professionals in the comfort of their homes without time, mobility, or space constraints. While the metaverse can revolutionize numerous domains, it faces severe challenges with user privacy, cybersecurity, and identity management. This project brings together experts with complementary expertise in AI, metaverse, identity management, and decentralized technologies, as well as several Canadian companies invested in the metaverse, to explore an early-stage idea of developing new access control and authentication methods based on data collected from sensors embedded in immersive reality headsets.
Leveraging expertise in edge computing and blockchain technologies, user privacy is preserved while making the metaverse safer for everyone. Real-world data is collected to help advance developments in metaverse security. The developed solutions are tested on the metaverse platform of the different partners, spanning applications in VR-based socialization, mental healthcare, dementia care, hyper-realistic human digital twin generation, and AR-based chronic disease management.
Recipient
Simon Fraser University, Burnaby, BC
Collaborators
No Collaborators Identified
Committed Funds
$500,000
Project Description
This project develops a novel system that fully automates the discovery and repair of vulnerabilities in large-scale codebases such as those of Linux or Firefox. By integrating advanced technologies from multiple fields including static and dynamic program analysis, program synthesis, and machine learning, particularly Large Language Models like GPT-4, the system identifies and fixes coding vulnerabilities without human intervention. Initially focusing on C/C++ and memory safety issues, other programming languages and types of vulnerabilities will be investigated as well.
The project outcomes include a fully automated software framework capable of integrating various vulnerability detection and repair tools, and the development of new methods for the integration of such tools as well as automated vulnerability management. The project creates a robust system that not only addresses current gaps in security practices but also sets the stage for future innovations in automated cybersecurity solutions.
Our project will significantly boost the security of vital software, reduce the risk of security breaches and data theft, thereby protecting organizations and their users. Additionally, this project will contribute to advancements in machine learning applications in cybersecurity and provide valuable opportunities for education and training.
Recipient
Simon Fraser University, Burnaby, BC
Collaborators
No Collaborators Identified
Committed Funds
$500,000
Project Description
Significant research on sharing data in large networks that mitigates user privacy concerns has largely focused on the properties of individual data points, or simple relationships between those individual points. This is insufficient, as recent advances in graph mining permits learning complex and intricate relationships between entities within these large data sets. Thus, users cannot know whether nefarious actors can infer data about them and their relationships from these larger graphs.
This system will enable privacy at the level of relationships, and users can themselves describe which relationships they wish to keep private. The system would then model these requirements and capture the interdependence between the individual data points and the relationships in their broader neighbourhood and across the entire network. These models will then be leveraged to prevent relationships users consider sensitive from being leaked. The research opens pathways to building privacy solutions that consider complex interrelationships from a privacy perspective.
Recipient
University of Calgary, Calgary, AB
Collaborators
No Collaborators Identified
Committed Funds
$500,000
Project Description
Digital privacy and legal compliance pose increasing challenges, so this project proposes a groundbreaking solution: leveraging secure multiparty computation (MPC) technology to empower organizations to address intricate legal obligations. Secure MPC enables multiple parties to perform collaborative computations over their joint inputs while preserving privacy. This interdisciplinary initiative merges expertise in cryptography, law, and business, and aims to democratize this potent yet underutilized technology for practical, real-world use.
This project bridges the gap between stringent data privacy laws and operational efficiency by building MPC tools and crafting innovative legal theories. This endeavour promises to streamline regulatory compliance across jurisdictions, bolstering the security and productivity of the Canadian economy and positioning Canada as a global leader in privacy-preserving technologies. Our objectives encompass identifying pivotal scenarios where MPC can resolve legal quandaries, designing efficient MPC protocols, and furnishing a comprehensive toolkit for seamless organizational integration. This endeavour is poised to revolutionize how businesses uphold legal and privacy standards, fostering innovation while safeguarding individual rights in the digital sphere.
Recipient
University of Calgary, Calgary, AB
Collaborators
No Collaborators Identified
Committed Funds
$500,000
Project Description
This project provides a comprehensive and current understanding of the role, influence and impact of human factors on the cybersecurity of democratic elections in Canada. Cyber threats include threats to election infrastructure, voters, and parties; the creation of misinformation, disinformation, and deepfakes, and their spread through social media platforms.
Research is rooted in the rule of law, and based upon robust, evidence-based, technologically-informed, transdisciplinary, and human-centered methods. Critical to the project is the analysis of evidence from the ongoing Canadian Foreign Interference Commission. The project aims to utilize its knowledge of human factors to improve human responses to cyber threats and to develop a technological concept or application to help protect against attacks on human epistemic cognition, democratic deliberation and voting decisions by empowering and incentivizing individual electors to access and properly evaluate information relevant to elections.
Recipient
University of Calgary, Calgary, AB
Collaborators
University of Guelph
Laval University
CyberPatterns Inc.
Waterfall Security Solutions
Committed Funds
$496,800
Project Description
This project develops an Adaptive Decision Defense System (ADDS) to bolster the cybersecurity of Critical Infrastructures (CI) against sophisticated and evolving threats. At its core, ADDS utilizes cutting-edge artificial intelligence (AI) and behavioral analytics to identify and neutralize Dual Denial of Decision (DDoD) attacks. These attacks target the crucial decision-making junctures of infrastructural systems and are a significant risk to the continuity and reliability of services critical to our daily lives, including electricity and transportation.
Through a synergistic Human-AI collaboration, ADDS enhances decision-making processes and streamlines incident responses, even under severe pressure. The project delivers several key advancements, including the establishment of a comprehensive security framework to significantly reduce false alarms, strengthen defenses against complex adversarial strategies, and incorporate adaptive mechanisms for ongoing threat assessment and response. By prioritizing the human element within cyber defense and fostering a dynamic, learning-oriented approach to cybersecurity, ADDS aims to substantially increase overall security of CI, safeguarding the foundation of modern society against cyberattacks.
Recipient
University of British Columbia, Vancouver, BC
Collaborators
No Collaborators Identified
Committed Funds
$500,000
Project Description
The increasing integration of Operational Technology (OT) networks of industrial control systems (ICSs) with the public Internet has exposed critical OT communications to remote adversaries. Preliminary research produced ICS-Sniper, the first known encrypted traffic analysis-based targeted blackhole attack on Internet-connected OT networks. This attack showcases how remote adversaries can disrupt operations without infiltrating the ICSs while bypassing state-of-the-art detectors. The attack was demonstrated on an in-house testbed simulating a multi-stage distributed water treatment plant, equipped with state-of-the-art security measures. Building on these findings, investigate this new threat and build defense strategies for ICSs.
On the offensive front, this project explores ICS-Sniper’s adaptability and scalability across diverse OT network configurations and communication protocols. Defensively, this project develops robust countermeasures against ICS-Sniper, incorporating attack detection and mitigation techniques, while adhering to the operational constraints of both legacy and future ICSs. This project also builds a configurable physical testbed to evaluate these offensive and defensive strategies.
Recipient
University of British Columbia, Vancouver, BC
Collaborators
No Collaborators Identified
Committed Funds
$495,000
Project Description
Machine learning models memorize privacy-sensitive information about the data used to train them. Once these models are deployed, this privacy-sensitive information might leak, causing economic loss and violating the privacy rights of data providers. Existing research efforts towards auditing the privacy leakage of machine learning models critically rely on the assumption that data samples used to build the model are statistically independent of each other. Recent research has shown that, when this assumption does not hold, as it is common in practice, existing tools overestimate privacy, which can have dire consequences in practice.
This project bridges this gap by extending theoretical analyses and empirical studies of privacy-preserving machine learning to the realistic case of non-independent training samples. The project: 1) develops datasets, statistical models, and synthetic data generators that exhibit realistic non-independent behavior; 2) adapts existing theoretical notions of privacy to this setting; 3) develops empirical auditing tools to quantify the privacy of machine learning models in these realistic settings; 4) designs defenses to limit this leakage; and 5) consults external partners to explore real-world applications of the research.
Recipient
University of New Brunswick, Fredericton, NB
Collaborators
University of Ottawa
Bell Canada
EzSec
Committed Funds
$79,500
Project Description
Ransomware attacks are on the rise and pose a serious threat to organizations/individuals. Detecting these attacks early is challenging due to their stealthy nature. This project develops an early detection method for ransomware using machine learning, behavioral analysis, and heuristic algorithms to enhance cybersecurity solutions. The outcomes of this research project will aid Canadian organizations in mitigating the significant impact (economical/social) caused by these attacks.
Recipient
University of New Brunswick, Fredericton, NB
Collaborators
No Collaborators Identified
Committed Funds
$90,390
This project addresses smart metering data privacy issues by developing a zero-trust privacy-enhancing platform offering in-transit, at-rest, and in-use end-to-end security and privacy. The technology developed: (i) enables securely collecting energy consumption data from smart metering using a PET-suite; (ii) secures storage of metering data controlled by the customers; (iii) enables the electricity utility provider (EUP) to smart grid operational related tasks on metering data without learning individual customers’ data; (iv) provides a dashboard with customers’ metering data analytics services while providing privacy; and (v) provides robustness in terms of performance, scalability, and security that are necessary to support privacy-enhancing innovation in AMI.
The key technical innovations include software packages, technical research publications, and potentially new commercialization opportunities. The platform enables residential and commercial customers to manage and share their metering data, while assuring data protection compliance, thus enabling both trust and the creation of valuable new insights from shared data.
Recipient
University of Western Ontario, London, ON
Collaborators
Syngen AI Lab
University of Waterloo
Committed Funds
$500,000
Project Description
The Adaptive AI Firewall (AAF) project fortifies the AI systems that are becoming crucial to our daily lives and national infrastructure against cyberattacks. These include autonomous self-driving vehicles, real-time control systems, and mission critical systems. Traditional security measures are proving inadequate because they cannot evolve to counter new, unknown attacks; and the complexity of AI systems such as large language models make them impossible to secure using traditional application security methods. AAF is a smart, learning firewall designed to adapt and respond to threats as they evolve. Imagine a guardian that learns from every attack, becoming smarter and stronger over time, ensuring our AI systems are always protected from malicious input.
By focusing on continuous adaptation and smaller security focused AI models, the AAF project aims to revolutionize how we protect critical AI infrastructure, making it resilient against both today’s and tomorrow’s cyber threats. This project is not just about safeguarding technology; it is about ensuring the safety, reliability, and trustworthiness of the services that keep our society running.
Recipient
University of Ottawa, Ottawa, ON
Collaborators
Royal Canadian Mounted Police
Committed Funds
$373,500
Project Description
Social engineering attacks (i.e. attacks against people, leveraging their psychological tendencies) are on the rise and something must be done. This project investigates the most basic form of defense against social engineering attacks – the education of the potential victims. Social engineering attacks are the most common type of attack and the most successful. This project produces practical and useful educational tools, in the form of “serious” learning games that make a measurable difference. The key to this approach is to use peer-based, interactive and collaborative learning, which makes online learning “live”, rather than being difficult and passive asynchronous learning material that people do not want to use.
Given that children are a principal target of many of these attacks (e.g. sextortion, fake abduction, fake kidnapping), the project includes measurement of educational effectiveness for the vulnerable secondary school demographic. For this, this project leverages uOttawa’s unique advantage of also being an accredited Ontario high school and are partnering with the RCMP to make a real difference in the safety of Canadians.
Recipient
University of Ottawa, Ottawa, ON
Collaborators
Quanser
Concordia University
Committed Funds
$499,100
Project Description
Unmanned Aerial Vehicles (UAVs) have become increasingly common and are transforming various sectors such as delivery services, infrastructure monitoring, and healthcare. Unfortunately, security remains a significant concern, especially in critical missions like search and rescue or surveillance.
This project addresses this gap by focusing on the security of networks of UAVs in critical environments. The project’s objectives are: 1. Model-Based Attack Detection and Identification: develop algorithms to detect denial-of-service attacks within drone networks, considering the attacker’s capabilities and strategies. 2. Data-Driven Attack Intention Detection: using data-driven techniques to infer attackers’ intentions, understand their objectives and develop effective defense mechanisms. 3. Attack Mitigation Techniques: maintain safe drone operation during attacks. 4. Security-Performance Trade-off Analysis: evaluate the trade-offs between security and performance.
These objectives are achieved by combining modelling, learning-based approaches, and experimentation in simulation and laboratory settings. By addressing these challenges, the project will enhance the security and reliability of UAV networks in critical missions, ensuring their effectiveness in real-world scenarios.
Recipient
Université de Sherbrooke
Collaborators
Centris Technologies
Neverhack
Productique Québec
Committed Funds
$480,000
Project Description
Simulation research prior to the deployment of industrial control systems (ICS) is crucial to identify and mitigate cybersecurity vulnerabilities. This proactive measure is of great value, as it protects critical infrastructure from potential cyber threats that could have disastrous consequences for security, the environment and the economy. Current shortcomings include difficulty in accurately simulating complex and unique ICS environments and the challenge of keeping pace with technical advances. In addition, cooperation between ICS operators, ICS integrators and cybersecurity researchers needs to be strengthened. The outcome of this research project will provide a global roadmap for vulnerability remediation, which will strengthen ICS protection against cyberattacks and contribute to a better understanding and development of cybersecurity best practices within the industry. Ultimately, this research will contribute to developing more comprehensive standards and greater awareness of cybersecurity, resulting in more robust industrial systems.
Recipient
Université Laval, Quebec City, QC
Collaborators
McGill University
University of Manitoba
Committed Funds
$485,875
Project Description
In the current tense geopolitical world, foreign governments and state-sponsored actors are increasingly using cyber influence operations on social media to spread disinformation, often with the aim of gaining geopolitical, economic, military, and strategic advantages. Their ability to inflict substantial disruption on democratic societies and governments are understood. With the recent advancements in AI and the development of powerful content generation and amplification capabilities, the sophistication, scope, and scale of cyber influence operations will further increase, making current detection tools ineffective. This project tackles this challenge by developing innovative and robust solutions for detecting cyber influence operations. The approach relies not only on analyzing social media content, but also user behaviors using the latest AI and network analysis technologies. These solutions will equip social media platforms as well as end-users with effective tools to identify influence campaigns and mitigate their effects, thereby contributing to safeguarding Canada’s online ecosystem and democratic society.
Recipient
University of Ontario Institute of Technology, Oshawa, ON
Collaborator
University of Western Ontario
Committed Funds
$175,294.10
Project Description
The rapid expansion of Electric Vehicles (EVs) demands robust security for Electric Vehicle Charging Stations (EVCSs). EVCSs, integrated with renewable energy and electricity networks, face significant cybersecurity challenges. Traditional Intrusion Detection Systems (IDSs) are not fully equipped to address these issues due to their limited adaptability, high energy demands, and centralized architectures, which raise performance and privacy concerns.
This project develops autonomous, optimized, adaptable, reliable, privacy-enhanced, and sustainable IDSs for EVCSs by extending and integrating advanced AI/ML technologies, including Automated Machine Learning (AutoML), Tiny Machine Learning (TinyML), and Federated Learning (FL). AutoML automates and optimizes the IDS development process, ensuring systems are effectively adaptable to the EVCS environment. TinyML allows for efficient intrusion detection directly on devices, reducing energy consumption and improving privacy. FL protects data privacy by decentralizing the intrusion detection process.
By securing the EVCS network, this project bolsters sustainable smart city development and aids the global shift towards electric mobility. This will foster innovation and offer economic, social, and technological benefits.
Recipient
University of Ontario Institute of Technology, Oshawa, ON
Collaborators
No Collaborators Identified
Committed Funds
$382,352.94
Project Description
This project explores the utilization of Generative Pretrained Transformers (GPTs) in the development of code mutation engines that will be used in next-generation metamorphic malware development. Code metamorphism refers to a computer programming exercise wherein a program modifies its own code (partial or entire) consistently and automatically while retaining its core functionality. This technique is often used for online performance optimization and automated crash recovery in certain mission-critical applications. However, the technique has been misappropriated by malware creators to bypass signature-based detection measures instituted by malware detection engines.
This project develops an LLM-based code mutation engine that can be used as a generative model to synthesize infinitely many mutated examples of known malicious code bases. These examples of malicious code variations can then serve as a rich dataset for training advanced malware detection systems and furthering our understanding and ability to build mutable, robust software systems.
Recipient
University of Waterloo, Waterloo, ON
Collaborators
No Collaborators Identified
Committed Funds
$164,622.50
Project Description
As advanced driver-assistance (ADA) systems and autonomous-driving (AD) systems continue to transform the automotive ecosystem, connectivity emerges as a fundamental aspect. Connectivity offers numerous advantages but also exposes smart vehicles to cyberattacks that could pose threats, including the potential loss of human life. To defend against such attacks, moving target defense (MTD) is an effective tool. MTD proactively switches system configurations to impede attackers’ probing processes, thereby increasing system resilience. Finding optimal MTD strategies is challenging due to the complexity of interactions between attackers and the system. One approach to modeling such interactions is leveraging security games from game theory. Despite extensive study, the realistic application of security games for ADA/AD systems remains largely unexplored.
This project explores the applications of security games for ADA/AD systems focusing in three main directions: (i) the applicability of different solution techniques; (ii) the incorporation of real-time information to achieve sequentially adaptive policies; and (iii) the robustness of defense policies to counter-adaptive, AI-assisted attackers.
Recipient
University of Waterloo, Waterloo, ON
Collaborator
Independent genomics researcher
Committed Funds
$129,900
Project Description
Technological advancements, including companies like 23andMe and Ancestry, have transformed accessing health care and ancestry-related information. Despite promising advances in personalized medicine using genetic data, these genetic services pose significant privacy risks due to the sensitive nature of genomic data, with breaches leading to irreversible privacy violations. Existing methods, including anonymization and access control, fail to protect the confidentiality of individuals who share their genomic data. While encrypting genomic data helps address these concerns, it limits the data’s utility because existing bioinformatics pipelines cannot handle encrypted data.
This project ensures the privacy and confidentiality of genomic data while retaining its utility by leveraging trusted execution environments (TEEs). By storing the data encrypted at rest and by processing it within secure hardware enclaves, this project removes any trusted entity with capabilities to view individuals’ genomic data in plaintext. In the short term, this project provides a secure infrastructure to store and process genomic data by automating the conversion of existing genome-processing libraries to TEE-executable programs and mitigating side-channel attacks on those programs. The project ultimately contributes to advancing innovations in disease detection methods and drug discoveries, while safeguarding the confidentiality of individuals.
Recipient
York University, Toronto, ON
Collaborators
Cistel Technology
Siemens Inc.
IESO
Dalhousie University
Carleton University
Committed Funds
$300,000
Project Description
Climate change concerns have spurred a proliferation of independent power producers (renewables) in the electric grid, along with significant increase in power demands due to the electrification of fossil-fuel based technologies (e.g. transportation). Grid communications are critical for effectively coordinating the evolving grid. However, as these utilize open protocols, traverse the public domain (e.g. internet) and utilize easily accessible physical medium (e.g. wireless), stealthy cyber attacks can leverage on existing vulnerabilities in these to infiltrate and destabilize grid operations.
This project develops an end-to-end cyber security solution that leverages on the interdependencies of the cyber and physical domains of the electric grid to actively secure, detect and mitigate natural and adversarial perturbations in grid communications. Specifically, lightweight encryption protocols tailored for the unique attributes of grid communications and optional embedded systems-based interfaces is designed so that common grid computations can be performed in the cipher domain. Data-driven and physics-based approaches are then leveraged to detect anomalies in grid communications that will be actively corrected via generative techniques.
Training
Recipient
ENFOCOM International Corporation, Calgary, AB
Collaborators
Field Effect Software Inc.
Toronto Metropolitan University – Rogers Cybersecure Catalyst
Royal Canadian Mounted Police
Calgary Police Services
Edmonton Police Services
University of Calgary – Cont. Ed.
InceptionU Educational Foundation Ltd.
Intlabs
Université du Québec en Outaouais
Savvy Knowledge Corporation
Raytheon Canada
IBM Canada
Check Point Software Technologies
Committed Funds
$1,000,000
Project Description
This project facilitates collaboration between private organizations and law enforcement agencies for cyber incident investigations. Currently, differences in how they handle these situations, there is often confusion and delays during post-incident investigations. Initially private organizations and law enforcement are empowered by creating a unified and comprehensive set of clear policies and procedures to follow when a cyber incident occurs. This will help guide their actions and enhance their communication, ensuring everyone knows what to do and how to do it. A training program will be developed to teach those in different organizations and law enforcement agencies how to apply the developed framework effectively. This will mean all parties will have the necessary skills and knowledge to effectively and efficiently handle cyber incidents. By doing this, it will be faster and easier for companies and law enforcement agencies to minimize the damage incurred from cyber attacks and to catch cybercriminals.
Recipient
Memorial University of Newfoundland, St. John’s, NL
Collaborators
Thales
Committed Funds
$1,000,000
Project Description
Maritime transport is undergoing a transformation, enabled by the advantages of digital connectivity. This has introduced vulnerabilities that, if exploited, could have cascading impacts on vessels, ports, the economy, and everyday Canadians. Maritime cyberattacks are on the rise and this project will help to provide the same cybersecurity attention for marine environments that has been dedicated to other industries’ critical infrastructure.
Recipient
Quantum Algorithms Institute, Surrey, BC
Collaborators
Field Effect
Information and Communications Technology Council
Canadian Information Processing Society
Beauceron Security
Durham College
Committed Funds
$1,000,000
Project Description
The advent of commercial quantum computing has highlighted serious cybersecurity threats expected in the coming years. A fault-tolerant quantum computer could break the mathematical challenges that underlie current digital encryption protocols in a matter of hours or even seconds. The Canadian Centre for Cyber Security has noted that threat actors can steal encrypted information now and hold it until a sufficiently powerful quantum computer is available to decrypt, read, or access the information in the future. With significant investments being made into commercial quantum computing around the globe there is an urgency to help Canadian organizations prepare for these threats.
To address this urgent need, the Quantum Algorithms Institute (QAI) has created quantum cybersecurity and professional development teams. In partnership with industry, government, education, and non-profit organizations across Canada, QAI will deliver training for cybersecurity professionals and leaders from various sectors and help implement best practices. This project will drive training to ensure Canadian individuals and business are sufficiently protected from these emerging threats.
Recipient
University of Ottawa, Ottawa, ON
Collaborator
Université de Montréal
University of Calgary
ENFOCOM
Field Effect
IBM
Desjardin
BNC (to be confirmed)
Committed Funds
$961,400
Project Description
This project addresses the growing demand for cybersecurity professionals by training working professionals across Canada. It will use the uOttawa-IBM Cyber Range and the Canadian Cyber Assessment, Training and Experimentation Centre (CATE) to provide immersive training in cyberattack scenarios. While existing training often focuses on technical or crisis management aspects, this project will offer scenarios covering various cybersecurity threats, including their technological, organizational, social, and legal aspects.
The training is designed in collaboration with experts from diverse fields such as engineering, law, theatre, criminology, and education, along with industry partners specializing in cybersecurity. The target audience includes non-technical personnel from both public and private sectors, as well as small and medium-sized municipalities.
The scenarios will cover common and emerging cyberthreats, including AI-driven attacks, and will address legal implications under evolving frameworks such as Canada’s PIDEDA, Bill C-27, C-26, provincial legislation like Québec’s loi 25, and international regulations like Europe’s Data Protection Regulation and NIS2 Directive.
The outcomes will produce a catalog of vetted scenarios, trainer and trainee materials in both official languages, and infrastructure simulations. These resources will be made available to academic institutions across Canada.
Recipient
Université de Sherbrooke
Collaborators
Cybereco
Intact Financial Corporation
Committed Funds
$580,679
Project Description
Significant financial losses occur in Canada because of cybercrime, as small and medium enterprises (SME) are increasingly being targeted by cybercriminals. This project aims to develop an integrated French-language cybersecurity training course designed specifically for Canadian SMEs to boost their level of preparedness and resilience in the face of these growing cyber threats. The course targets three distinct learner profiles: managers, employees and, to a lesser extent, cybersecurity officers (already filled by several institutions). The learning path for each profile is designed to raise the level of cybersecurity competency and foster the development of a shared understanding of cybersecurity within an organization. Although these roles can be performed by the same person in an SME, skills are treated in a specific way according to the activities specific to each profile. By strengthening the personal cybersecurity skills of all SMEs, this training program will have a significant social and economic impact, boosting confidence in digital technologies and reducing the risk of cyberattacks for Canadian SMEs.
Recipient
University of Waterloo, Waterloo, ON
Collaborators
Cobionics
Labforge
Canadian Nuclear Labs
BTQ
Palitronica
Quanser
Alectra
Milton Hydro
Real Life Robotics
Committed Funds
$1,000,000
Project Description
This project addresses the growing need for professionals skilled in robotics cybersecurity combining knowledge in hardware, cybersecurity, and social aspects to protect against cyber threats. With robotics technology advancing rapidly, there is a gap in cybersecurity measures, especially due to the interdisciplinary nature of the required training. The project provides distinct training programs in Canada, including offensive and defensive cybersecurity courses, a cyber tabletop exercise, and a robotics cyber range. These courses offer practical, hands-on experience with robotics systems, aiming to equip participants with the skills to assess vulnerabilities, develop defenses, and respond to cyber threats effectively.
The offensive course focuses on ethical hacking techniques, while the defensive course teaches how to safeguard systems. The tabletop exercise discusses supply-chain risks, and the cyber range provides a realistic environment for practicing cybersecurity scenarios. Additionally, a cybersecurity hackathon will encourage innovation and skill development.
The project will foster partnerships between academia and industry, leading to commercialization opportunities and contributing to filling the labor market’s demand for skilled cybersecurity professionals.