Telecom - Staff Letter addressed to the Distribution List

Ottawa, 8 January 2024

Our reference: 1011-NOC2021-0009

By EMAIL

Distribution List

Subject: Compliance and Enforcement and Telecom - Follow-up to Compliance and Enforcement and Telecom Decision CRTC 2022-170 – Comments on CISC Report NTRE080

This letter sets out a process to provide interested parties an opportunity to comment on the CRTC Interconnection Steering Committee (CISC) Report NTRE080. The deadline to file comments is 22 January 2024 and parties may submit reply comments by 30 January 2024.

Background

Following a public consultation on the development of a network-level blocking framework to limit botnet traffic and strengthen Canadians’ online safety,^Footnote1 the Commission issued Compliance and Enforcement and Telecom Decision 2022-170 (the Decision) on 23 June 2022, in which the Commission set out its conclusions, as follows:

Botnet traffic constitutes a significant issue for cyber security, both in terms of volume and severity of harm.
Regulatory action is necessary to ensure that the network-level botnet blocking provided by Canadian carriers provides a baseline level of protection.
When carriers provide cyber security network-level blocking, they must comply with five overarching principles: (i) necessity, (ii) accuracy, (iii) transparency, (iv) customer privacy, and (v) accountability, as set out in Appendix 1 to the Decision.

In addition, the Commission requested CISC to examine a number of technical issues regarding the technical parameters for the blocking mechanism and to file a report. The issues to be examined were listed in Appendix 2 to the Decision (i.e., who will determine what is blocked, what precisely is to be blocked, and other technical details).

In order to guide CISC’s work, the Commission also included the following findings in its Decision:

As a matter of policy, the framework should apply to the blocking of all cyberthreats and not just to botnets.^Footnote2
The framework must be technologically neutral and must not be limited to a particular type of blocking.^Footnote3
A centralized blocklist would be the most efficient and effective option. As a supplement to a centralized blocklist or in place of a centralized blocklist if that is not a viable option, telecommunications service providers (TSPs) may use other blocking solutions to ensure cyber security in order to maintain flexibility and foster innovation. These solutions include the use of commercial blocklist providers, as long as they are accredited to meet certain requirements, and other cyber security blocking initiatives (e.g., TSPs’ proprietary systems, practices such as standard service port blocking, and other recommended best practices).
Network-level blocking should be applied by default so that customers do not have the option to either opt-in or opt-out, since this would undermine the cybersecurity purpose of the framework.

In the Decision, the Commission indicated that, following public comment on the CISC report, it would impose as minimum standards the guiding principles set out in Appendix 1 to the Decision, as well as certain other basic parameters, as conditions of its approval of a network-level blocking framework under section 36 of the Telecommunications Act.

In response to the Commission’s request, the CISC Network Working Group, Task NTTF042, filed Report NTRE080. Interested parties are invited to submit comments on the Report, including any issue addressed to CISC by the Commission in Appendix 2 of Compliance and Enforcement and Telecom Decision 2022-170. Comments are to be filed with the Commission by 22 January 2024. Parties who file comments may, by 30 January 2024, also file reply comments specifically responding to any comments filed by other parties. All documents filed with the Commission must also be served on all other persons on the Distribution List by the dates indicated.

Commission staff encourages comments particularly from parties that did not contribute to the CISC report.

Sincerely,

Steven Harroun
Chief Compliance and Enforcement Officer

Distribution List:

ar6136128372@gmail.com
francois.roukoz@gmail.com
philiasvezina@gmail.com
graemesmith1551@gmail.com
ksales0617@outlook.com
bjames@snetworks.com
email@email.ca
benoit.dupont@umontreal.ca
buell@isoc.org
chris.lynam@rcmp-grc.gc.ca
vittorio.bertola@open-xchange.com
info@diacc.ca
Karine.uqo@gmail.com
slavoie3r@gmail.com
sxmpxr@gmail.com
don.mcdonald@superchannel.ca
m_nanni@hushmail.com
michalopulos@electricity.ca
amy@m3aawg.org
mike.mckeon@nokia.com
regulatory@cira.ca
scott.seab@lumen.com
fenwick.mckelvey@concordia.ca
document.control@sasktel.com
gloria@cacmanitoba.ca
Joe.LoBianco@CIBC.com
ksurette@telus.net
Jcurtis11@gmail.com
regulatory.matters@corp.eastlink.ca
regulatory@sjrb.ca
regulatory@teksavvy.ca
christopher.hickey@distributel.ca
carl.macquarrie@corp.xplornet.com
jonathan.holmes@itpa.ca
regulatory@rci.rogers.com
jlawford@piac.ca
bell.regulatory@bell.ca
leonard.eichel@cogeco.com
regaffairs@quebecor.com
regulatory.affairs@telus.com
jfmezei@vaxination.ca
tisrael@cippic.ca
info@infosecsw.ca
media@cse-cst.gc.ca

Footnotes

Footnote 1

Compliance and Enforcement and Telecom Notice of Consultation 2021-9, 13 January 2021.

Return to footnote 1 referrer

Footnote 2

In paragraph 131 of the Decision, the Commission noted that botnets, malware, and computer intrusions are intertwined, making it impractical and inefficient to block only botnet traffic and not block other types of IOCs [Indicators of Compromise]. In fact, telecommunications service providers currently filter IOCs based on blocklists regardless of their source (botnets or not). Moreover, the policy justification for blocking botnet traffic (i.e., the harm caused to Canadians by cyber threats) applies equally to other IOCs.

Return to footnote 2 referrer

Footnote 3

In paragraphs 86 to 88 of the Decision, the Commission mentioned that it has reviewed the different blocking techniques mentioned by the parties, including blocking methods based on domain, URL [Uniform Resource Locators], IP, signature, and communication protocol and/or service port, as well as other methods. The Commission found that each of these techniques has different advantages and drawbacks in terms of effectiveness, accuracy, implementation and maintenance costs, and network performance. The Commission considered that the record did not demonstrate that any one method clearly outweighs the others, but rather suggested that these methods are complementary and that carriers may wish to implement more than one to achieve the best result in a given situation. This will allow telecommunications service providers to adapt to technological changes and techniques employed by botmasters since the nature of the threats posed by botnets is such that they will continually outpace any attempt to prescriptively regulate solutions.

Return to footnote 3 referrer

Date modified:: 2024-01-08

Language selection

Search and menus

Search

Telecom - Staff Letter addressed to the Distribution List

Background