A defence system comprising of the new digital components and the fifth dimension of warfare is one that will better serve the security of the people of Canada.
The Slow, Emerging Threat of Cyber
International incidents like the events of September 11, 2001, create an indelible impression on the world. As we now know, this tragedy has had reverberating effects on almost every sector causing ripple effects in how governments around the world re-think safety and the future of security. September 11th was in many ways one of the most egregious events in recent memory losing thousands of lives and producing a mass dislocation of the global economy. This led to the disruption of one of the greatest economic generating areas of real estate in the world. And as difficult as it was to absorb that moment, people around the world suddenly had available to them a broad catalogue of images and videos on a still-nascent Internet. That aspect of technology shaping societies continues to this day. But now, it is on a scale that affects every aspect of our personal and professional lives as delivered through mobile computing and data analytics, along with sharp platform and infrastructure improvements such as cloud technology.
For practitioners in the defence, security, and intelligence sectors, this post-9/11 environment became a new “adversarial dilemma” within a rapidly emerging “digital battle space.” Moving towards 2021, we can see a new type of threat conveyed in the context of the weaponization of a broadly applied science that touches every aspect of our lives. The innovation is called data, and the threat itself is clearly identified as “cyber.”
The Offensive Approach to Security – Skills Development and New Technologies
With data as the enabler for this new digital reality, implementing cybersecurity best practices has become a top priority for industry and governments around the world, where data sensitivity is at the highest level. Maintaining a proactive cybersecurity approach is now deemed essential to mitigating both short- and long-term risks, particularly for operational organizations. As challenging as the mission has become over almost 20 years, COVID-19 has accelerated the need for digital transformation in all areas, including defence. Almost without exclusion, organizations find themselves working remotely. For operational organizations, such as the Department of National Defence (DND) and the Canadian Armed Forces (CAF), this significantly increases risk, with likely impacts upon operational effectiveness and security. The focus, therefore, shifts towards people and their need for ongoing security training to keep the organization safe.
In 2019, the University of Ottawa announced the launch of a uOttawa hub for cybersecurity and cyber safety. Together, IBM and the university are addressing critical government, public and private sector needs for advanced cybersecurity, specializing in research, solutions, skills, and services. One of the fastest-growing fields in Canada is cybersecurity, but with that, comes a growing skills gap. As we consider how DND and CAF will remain strong and able to deliver resources in the digital age, there is an increasing need to grow Canada’s cybersecurity workforce and apply new approaches to protect the public and their institutions from cyber threats and attacks. In addition to a demonstrated cultural adaptability to circumstances and the recognition of a skills gap, the fundamentals of military operations have always included innovation. Traditionally that has included methods to enhance intelligence collection and analysis, along with new weapon types and defensive technologies. However, and now in a digital age, what has evolved extremely rapidly from that core requirement is the importance of “data” both for offensive operations and defensive measures.
In this new world of data, change occurs in ever-increasing cycles of speed and complexity. Given that exponentially more data is created daily, that concern is well placed. The world generates 2.5 quintillion bytes of data a day. And according to Forbes, 90 per cent of all the data was generated in the past two years. For military operations, this is both an opportunity and a threat, particularly when one considers rapidly emerging technologies that will amplify these effects. Consider quantum computing. The first IBM Q Hub in Canada was established at the Université de Sherbrooke earlier this year. Quantum is forward-looking and is expected to shed light on processes of molecular and chemical interactions, address difficult optimization problems, and boost the power of artificial intelligence. Advances like these could open the door to new scientific discoveries, life-saving drugs, and improvements in supply chains, logistics, and the modelling of financial data. With regard to security, quantum-safe cryptography and lattice-based cryptography are being prepared for widespread use. These cryptography techniques will help protects against an important threat related to “code-breaking” that is still likely many years from being developed. However, practical applications with a quantum advantage will emerge and it is important to prepare systems now for the quantum era.
Digital Challenges and Digital Transformation
Defence plays an important role within the Government of Canada’s efforts, and there is a significant opportunity to pair innovation and strategic leadership. As the Canadian Defence Plan rightly states, “there is a requirement for leadership to promote a culture of innovation by actively encouraging fresh thinking, harnessing the Defence Team’s ideas and insights to identify and articulate new requirements, and creating opportunities for organizational learning and the exchange of ideas, including outreach activities with allies, partners, academia and industry.” The call for “leadership in innovation” is both timely and a reflection of current conditions around the world that challenges existing approaches. It reflects a reality of heightened adversarial prowess that requires fresh thinking and engagement with allies and partners in the private sector. The DND and CAF’s ability to meet future threats are increasingly the focus of both DND’s civilian information technology teams and unit commanders. This focus requires agility, aptitude, and a sense of urgency.
The author of The Perfect Weapon, David E Sanger, noted that 35 countries have advanced cyber competencies. Comparatively speaking, only nine countries have a nuclear capability. Military engagements, from training missions to active combat, now face a newly persistent and growing threat. One capable of not simply crippling a nation’s critical infrastructure, but to “take off-line” a force deployment or a headquarters command and control centre. As such, this emerged age of asymmetrical warfare now motivates new and innovative concepts for the DND and the CAF.
The world ahead is opaque, but there is a way forward. It is achieved via a well-considered cybersecurity strategy and the application of leading intelligence exploitation technology. Not with solutions in development, but with real-world and ready to deploy capabilities. Smart applications that are used by allies or are capable of information fusion, including an ability to merge existing technologies. Of first-order importance is a framework that prizes Threat Management, Digital Trust, and the use of Artificial Intelligence (AI). In terms of AI, there are three important differentiators to consider. One, it augments human intelligence yet maintains a human in the loop. Two, organizational data remains their data, always. Third, organizations must know how the AI was trained and who trained it. Not all purveyors of AI meet these criteria. It is also critical to develop a strategy on the use of AI within an organization as well as how it will contribute to decision making. Critically applying AI to cybersecurity accelerates the analysis of data to speed response times. This in turn provides insights that would otherwise go undetected due to under-resourced security operations, as well as the sheer volume of risk data to be assessed.
As such the DND and CAF are advised to emulate private sector best practices in cybersecurity. Drawing on the lessons learned from financial institutions where high global stakes and incessant threats exist, what works is a combination of machine learning technology, the agility of secure hybrid-multi cloud, and zero-trust environments.
Why All This Matters
IBM serves clients in more than 170 countries around the world. With 27 consecutive years of patent leadership in technologies ranging from cloud and AI to Quantum, we are guided by principles of trust and transparency and a commitment to being a responsible technology innovator. Step one involves a collective organizational effort to deter and reverse any efforts that encourage complacency. It is a belief that excellence in cybersecurity ensures mission success. Such an approach starts with our people and training to help everyone understand their role in protecting our organization and our clients’ organizations. X-Force Red, for example, is an autonomous team of veteran hackers within IBM Security that are hired by clients to break into organizations and uncover risky vulnerabilities that attackers may use. These ‘hackers’ identify and remediate security flaws covering their entire digital and physical ecosystem. X-Force Red can do whatever malicious actors can do, including highly trained adversaries but with the goal of helping security leaders harden their defences and protect their most important assets.
Moving ahead, and against difficult challenges of the near term, a Canadian defence system well equipped for the new digital age and fifth dimension of warfare is one that will better serve the security of people. Working together, industry partners like IBM are aligned and keen to make important contributions to that mission for Canada and the world as a whole.
For more information, please contact:
Shannon McClure, Defence Partner, IBM Canada at mshannon@ca.ibm.com
About the Authors:
Ray Boisvert
Ray is the Associate Partner for the Canadian Public Sector within IBM Security. Given his deep background in national security, Ray is focused on assisting IBM clients to better identify and mitigate security risks in an integrated, strategic manner.
Previously, Ray was appointed as the first Security Advisor for the Province of Ontario. While reporting to the Secretary of Cabinet, Ray supported efforts to protect provincial assets and investments that are critical to Ontario’s economy, public safety, and security. Just prior, and during a five-year tenure as President of I-Sec Integrated Strategies, Ray delivered business intelligence solutions while guiding resilience building and opportunity pursuits with an emphasis on exploiting geo-strategic foresight. He also consulted on global business strategies such as M+A opportunities with potential National Security risks.
After five years in federal policing with the RCMP, Ray joined the Canadian Security Intelligence Service (CSIS) in 1984 and retired in 2012 as the Assistant Director responsible for the Intelligence Directorate. During his tenure, Ray was involved in broad facets of security intelligence operations such as leadership for Intelligence Assessments, the Counter-Terrorism Branch, as well as driving Operational Risk, Data Exploitation, and Covert Operations.
Shannon McClure
Shannon McClure is the IBM Canada Services Partner for Defence. She has 23 years of business experience with more than 15 years of experience working with Defence organizations.
As the Canadian representative on IBM’s Global Defence Board, she collaborates on innovation agendas including artificial intelligence. Shannon can be counted on to help in the most complex situations and is focused on helping to transform Canadian Defence, putting people and data first, and pivoting clients to the cognitive era. She is experienced in planning and managing complex organizational change projects combined with information technology business transformations and is focused on helping Defence organizations obtain value from artificial intelligence. She’s known for her deep industry experience, organizational change management skills, and for driving disruption and innovation to create value for clients.
Shannon is a founding executive member of the IBM Advancing Women in Global Business Services group and she is the Executive Sponsor of the IBM Veterans Business Resource Group. She has a Bachelor of Science from the University of Waterloo and a Master of Business Administration from the University of Ottawa.