Key to cyber strategy is individual behaviour
With 1.7 million Canadians the victims of identity theft in 2008 and some suggesting the proceeds of cyber crime now exceed the drug trade, a national cyber strategy was long overdue.
But for the government’s new strategy – announced in October on the eve of GTEC 2010 in Ottawa – to be a success, much is riding on human behaviour.
The strategy, which will cost $90-million over five years, rests on three pillars: securing government systems; partnering to secure vital cyber systems outside the federal government; and helping Canadians to be secure online while strengthening the ability of law enforcement agencies.
“Cyber security is as much about user behaviour as it is about technology,” said Toni Moffa, deputy chief/ADM of the IT security program at Communications Security Establishment Canada.
Speaking at GTEC, Moffa said the agency will be helping to define the government’s IT standards, but she urged departments to know “your own network and how it connects to the Internet, and have measures to not allow new gateways without your knowledge.” More importantly, though, she said departments must “foster a cyber security culture.”
BGen Steven Noonan, DND’s director general of information management operations, emphasized the “human in the loop,” noting recent comments by U.S. Deputy Secretary of Defense William Lynn suggesting 80-90 percent of cyber security is about “ordinary hygiene” – keeping systems and software up to date – and establishing a sound perimeter so you know when and where you are being attacked and how to respond.
Knowing the connections within your own systems was driven home in a recent three-day exercise, Cyber Storm III, involving Canada, Australia, New Zealand, the United Kingdom, and the United States. You can’t simple shut down one system without affecting others in government, said Pierre Boucher, acting deputy chief information officer of the Treasury Board of Canada Secretariat.
As such, education is a central piece of the strategy. TBS is in the process of revisiting all IT standards, clarifying the roles and responsibilities, especially of lead agencies, and consolidating Internet access points. “The more commonality we can get, the better it [will be] to figure out how to protect [it],” Boucher said.
Surveying for data on hearts and minds
The shift to a focus on counterinsurgency in Afghanistan has meant a greater emphasis on development and population protection.
However, the U.S. military’s COIN manual guiding that shift is built on some strong and problematic assumptions, says Fotini Christia, a professor with the Massachusetts Institute of Technology and the co-principal investigator of a randomized study of the Afghan National Solidarity Program (NSP).
Much in the manual, she notes, is pinned on the need for a strong government in Kabul and the notion that development aid will help win hearts and minds.
Is it? The Canadian government’s ninth quarterly report to Parliament on it’s efforts in Afghanistan, released in September, suggests progress is being made on its six priorities and three signature projects. But it’s not clear whether that effort is improving the public’s perception of Kabul or garnering the international coalition significant support.
The $1.3 billion NSP, of which Canada has been one of the largest donors, may be a notable success story. It is Afghanistan’s largest development program, involving some 25,000 villages. Village councils determine and implement projects, but must contribute 10 percent of the cost.
Christia has conducted a randomized trial of 15000 respondents in 500 rural communities across 10 districts in six provinces across all but the volatile southern region to see whether the NSP has made a positive contribution to levels of trust, better social and economic well being, more accountable governance, and greater female participation in the communities. A baseline survey was conducted in 2007, with a follow up in 2009; the final survey will be conducted in early 2011.
Interim data, presented at a workshop hosted by the Canadian Foreign Policy Journal in September, suggests that increased meetings are creating a layer of bureaucracy and a willingness to express dissatisfaction with leaders. There has been “a range of improvement in attitudes toward elites,” except the Afghan police which are still seen as predatory. “We do see an enhanced perception of economic well-being and increased support of local governance and improved attitude to central government,” Christia said.
Increasing Canada’s pace in space
With the Minister of Defence currently reviewing a new space policy, Col Andre Dupuis had to choose his words carefully. But the director of space development for the Canadian Forces provided a Defsec Atlantic audience in September with a comprehensive review of Canada’s current military space activities. The lack of persistence of today’s single Radarsat 2 satellite will in great measure be remedied by the launch of three more satellites to complete the Radarsat constellation, he said.
In the push to deliver information to the frontline user, satellite services are very much in a competition with other data streams. In the future, Dupuis noted, that challenge will only grow as the torrent of information from platforms like the F-35 and UAVs begins to fill the pipe.
The satellite group is looking at what war fighters need to do their jobs. When the systems can scan a specific area and plot many variables, Dupuis said, “we can tell you what the best times are to drop a bomb, for example.” A challenge is to give users easier ways to access that data.
The CF has already pushed satellite services close to the frontline in Afghanistan and become a leader in such areas as search and rescue technology. “In those areas where we are leading, we are way ahead,” he said.
New concept requires NATO reform
On November 20 in Lisbon, NATO will adopt a new Strategic Concept. Many Canadians have weighed in (see http://www.natoconcept.ca for one example). However, in a recent speech in Brussels, Secretary General Anders Fogh Rasmussen gave some indication of where the Alliance is heading.
While state conflict remains a real threat, cyber attacks, international terrorism and energy security pose equal concern. Rasmussen outlined three areas NATO must change if it is to stay relevant: modernizing defence and deterrence capability, including cyber and missile defence; updating crisis management through a comprehensive approach in which political, civilian and military efforts are coordinated and share common goals; and developing “deeper, wider political and practical partnerships with countries around the globe” to build cooperative security.
He said the new Concept will be “the blueprint for an Alliance even more actively engaged in building international security and upgraded for modern defence.” But without reform, NATO will struggle to pay for any new capability.
