The upcoming Defence Policy Review is an excellent opportunity for Canada to address cybersecurity gaps that pose serious risks to our country’s military and government computer networks and infrastructure.
While the incidence of state-backed cyber attacks on national and commercial computer systems of our allies has increased in recent years, it is frightening to realize that Canada’s cyber defences appear to have been largely neglected, according to two former high-ranking officials of the Canadian Security Intelligence Services (CSIS) who spoke with Vanguard recently.
Duct tape approach
“I don’t see Canada spending enough on cyber defence…it’s still a hodge-podge, duct tape approach. There’s a definite need for a cyber-strategy review,” says Ray Boisvert, who built a 30-year career in both operational and executive roles with CSIS before retiring as its assistant director if intelligence in 2012. Since then, Boisvert has become the president and CEO of security firm I-Sec Integrated Strategies and more recently a senior associate at Hill and Knowlton Strategies Canada.
“The country’s cyber defence budget is very, very small compared to that of conventional warfare,” he laments.
Boisvert also says there’s a glaring lack of strategy and clarity of who is responsible for what when it comes to preventing and dealing with cyber attacks leading to the impressions that Canada has been “a little complacent” and adopting a “stand by and watch other” posture on cyber.
There has never been a time in history as today, possession of information is so critical to the defence and survival of a nation and yet Canada’s ability to gather and analyze data which could help identify potential cyber threats remain in the “rudimentary stages” at best, warns Boisvert. “Right now, one gap is that many agencies still rely on fairly traditional resources (for gathering data).”
This is something that Sheldon Shaw agrees with. Shaw is currently a public safety and defence specialist with software company SAS Canada. Before that, Shaw held an executive position at the Communications Security Establishment of Canada and was also formerly an assistant director of intelligence at CSIS where he specialized in computer and weapons of mass destructions issues.
“I think there is a technological gap and a lack of awareness, not necessarily lack of understanding,” he says.
Cyber attacks not on the table back in 2010
Beyond “keeping the lights on,” the defence establishment needs a strategic re-think and a realization of what are the tools it needs to address cyber threats it will face for 2020 and beyond, he adds.
In his recent essay on cyber security for the Canadian Global Affairs Institute, Major-General John Adams (Ret’d) traces Canada’s cyber security gaps to the fact that “cyber attacks were not on the table” when the existing cyber strategy was being mapped out.
“The government of Canada has responded to cyber exploitations with its Cyber Security Strategy.11 Published in 2010, the strategy is noteworthy for the fact that it limits itself to strengthening the government’s capability to detect, deter and defend against cyber attacks while deploying cyber technology to advance Canada’s economic and national security interests.” He wrote. “It did not militarize cyber security, it was limited to specifying that the Canadian Armed Forces were to strengthen their capacity to defend their own networks, work with other government departments to identify threats to their networks and possible responses, and continue to exchange information about cyber best practices with allied militaries.”
Adams also noted that a more aggressive approach “would have been ill-advised in 2010” because the concept of cyber war had not yet sufficiently matured:
However, he says, a lot has changed since 2010 and cyberspace have “become the centre of gravity for the globalize world” embracing economic, financial, diplomatic and military operations.
Today, he says, cyber war means disrupting or destroying information and communications systems in order to threaten a state’s sovereignty as well as gathering as much information about an adversary while keeping that adversary oblivious to the data gathering.
This appears to have been the case with the recent controversy over the hacking by threat actors believed to be based in Russia of the Democratic National Convention computer systems in the U.S., according to Boisvert.
“They (hackers) were on the network for years and the investigators couldn’t find a trace of the APT (advanced persistent threat), he says. He says the latest trends in cyber security indicate that traditional cyber security tools such as firewalls are no longer enough.
This is where automation and advanced data analytics can help boost cybersecurity capabilities, according to Shaw.
“Analytics has been around for so long, but has not yet been extensively applied to security,” he says. “Now we have the data analytics tools that can help defence agencies crunch through the tons of data coming from various sources.”
(Click on the image below to open up the latest issue of the Vanguard)