Celebrating 3 million Canadian users for CIRA DNS Firewall

CIRA Cybersecurity Services recently passed a significant milestone – that being having over 3 million users protected by the CIRA DNS Firewall.

If you didn’t know, then the CIRA DNS Firewall is a layer of malware and phishing filtering with unique threat blocking to compliment other security. It lives outside the organization, requires no management, and refuses users (and botnets) access to malicious content. CIRA launched this service because it provides significant benefits to Canadian organizations that rely on the internet while keeping costs low and their data more private and sovereign.

3 million is a lot of Canadians. What helped to get CIRA there was a strong focus on those organizations with lots of users that needed protecting. This included schools, hospitals, universities, and municipalities – but also some for-profit commercial organizations along the way. Often these organizations offer free or public wifi or internet access to a disparate user base over which they don’t necessarily have control over the devices on the network.

Marketing a service like this to only Canadians is truly unique in the global marketplace. DNS is very much a commodity kind of service, often delivered by multinational organizations and targeting IT buyers very generically. In otherwords, we don’t go to Vegas tradeshows but work closely with Canadian partners like the Canadian Center for Cybersecuriy, the Canadian Municipal Information Systems Association, CANARIE and ITWorld Canada.  

Why is 3 million so exciting? Well, it also happens to be a milestone we just passed for .CA registrations as well. These are two very different services and sold very differently – but both help us to continue to do good for the internet in Canada through grant programs, community projects (like Internet Exchange Points and the Internet Performance Test), and through involvement with internet governance. By being part of this milestone you are all part of helping every Canadian.

Lets look at a few fast facts on what it means to have over 3 million users:

• We are averaging 6,000+ QPS.  In kilometers, this would be more per second than a flight from Cape Spear in Newfoundland and Labrador to the Yukon/Alaska boundary – the longest distance east-to-west across Canada.

• 7.3%  of queries are IPv6 and 92.7% are IPv4.  While our CTO, an avid lover of IPv6 would disagree, IPv4 must be the polite choice. 93% also happens to be the same number of Canadians who embrace the fact that we are polite.

• Our median response time is 18 ms or about the length of a shutter speed. Gotta keep them pages loading fast with no DNS delays. If you say “cheese curds” when you click it will already be too late by the time we answer!

• The CIRA DNS Firewall answers 1,810 terabytes worth of DNS queries per month at an average packet size of only 137 bytes. That is enough to store 452,000 HD movies every month. And you thought DNS was tiny? Not at scale!

Okay – so big query numbers are certainly neat, but at its core this is a cybersecurity service. So, let’s look at what we are blocking:

• 14.5 million blocks per month – or about 5 blocks per user per month. That is a lot of potentially infected computers, stolen credentials, and ransomware that didn’t get through. And that is just from CIRA.  For comparison it is 40x more than the number of ALL Canadians injured per month. I am not sure how many real physical injuries occur banging your head against the desk or carrying your PC to the IT department for malware removal – but that is probably non-zero. 

• We also incorporate a threat feed from an organization called CANSSOC (available to only higher education customers) that is adding another 11.9 million blocks per month – bring the higher education total much higher.

Organizations that are using the service to filter inappropriate content or to add custom block lists to their total threat list are additionally blocking 429,394,377 domains per month. This helps organizations like school boards to keep inappropriate things off their networks. Now 429 million one was hard to Canadianize with fun math but here are a few tries: 

• If this was gallons then it would be 300 years’ worth of Canadian maple syrup production based on 2020 totals. Why gallons? I dunno, that is what the source material gave me but I think there is something like 2 human heads worth per gallon (and if you got that Kids in the Hall reference, the congrats – you are doubly Canadian).
• If it were cm then it would be over 2 million years worth of average snowfall in Canada’s cities.

• Honestly, it is kinda hard to provide good context on what 429 million blocks means to the day in the life of an average person.  So I’ll leave with this…if you tried to count that high it would take you 110 years with time allotted for eating and sleeping.

• If it were kg, then it would be 73 million servings of poutine that the Canadian winner of a 2010 eating contest consumed.

Honestly, it is kinda hard to provide good context on what 429 million blocks means to the day in the life of an average person.  So I’ll leave with this…if you tried to count that high it would take you 110 years with time allotted for eating and sleeping.

Let’s be serious for a moment, for cybersecurity professionals these are vanity numbers. When it comes to analysis and cyberthreat detection the details in our data are fed into analysis that provides real intelligence into the threat landscape for organizations and has a real impact into securing the internet in Canada. Remember that these are the places you work, where your kids and grandkids go to school, and infected machines infect other machines. This milestone is critical domestic capability in a world that, despite all our individual efforts, continues to see exponential growth in cybercrime. 

To conclude, it has been an amazing few years for CIRA Cybersecurity Services in helping to achieve our mission to help build a more trusted internet in Canada. And this is just the Canadian story. Did you know that for authoritative DNS we export our capabilities globally?  In addition to over 400 Canadian customers, we have over 750 top level domains around the world using our secondary DNS serviceand that includes 11% of the world’s country code TLDs (ccTLD). I apologize for bragging (because I am Canadian) but I am going to say that this is an impressive feat for a non-profit in a country that is less than 0.5% of the global population.

And as a postscript. We couldn’t do it without amazing partnerships and customers in Canada. There are so many individuals in so many organizations that helped us to get here. To try and mention them all would fill many pages – but you know who you are.  And so, thank you Canada for your support and for a cybersecure future built together.