Mark Collins – Time For Canadian Government to Get Really Cyber Serious

The previous Conservative one certainly wasn’t:

Canadian Government’s Pathetic Cyber Security Funding Increase

Another US Effort to be Cyber-Serious–and Canada?

Canadian Federal Government (and others) Not Cyber Serious

I doubt the new Liberal one will be any better unless something really disastrous or super-embarrassing happens.  Nonetheless see these tough words from a top Canadian banker (buried in the Globe and Mail’s business section, natch):

Can business and government ensure Canada’s cybersecurity? 
Louis Vachon is chief executive officer of National Bank of Canada

Canadian businesses generally take this threat seriously and are investing significant resources to safeguard the integrity of their data. However, should we come under attack from foreign states, we expect our own government to have some role in protecting us against such attacks. It is imperative that Canada step up its game.

Prime Minister Justin Trudeau’s government has stated its intention to conduct an in-depth review of Canada’s defence strategy by the end of 2016 [more here]. In light of the growing number of geopolitically motivated cyberattacks around the world, this important policy exercise must include cybersecurity as an integral component of defence strategy.

Canada needs a clear cybersecurity strategy. And it has to be accompanied by adequate funding to achieve our national objectives. The strategy must provide for strong co-ordination between Canadian government and business – there has been significant progress on this front – and an effective structure for marshalling the efforts of government agencies. Taking a cue from many countries, including non-militaristic ones such as Denmark and the Netherlands, we must not only harden our defences for better protection but also build an offensive capability that gives our government the ability to deter potential intruders [emphasis added, quite a stretch for the current government one would think; see also: “Aussie Offensive Cyber War Capability–and Canada’s CSE?…“; “Souping Up US Cyber Command“]… 

The best cybersecurity strategy will protect Canadian interests only if supported by adequate means for execution, and this is admittedly a challenge in the current economic and budget environment. The defence review must, therefore, look at the allocation of funds between traditional defence systems and new threats. For example, hard questions need to be asked about whether the maintenance of a submarine fleet is still a judicious use of funds [good point!]. The government should also assess the role that military reserve units can play in cybersecurity by attracting cybertalent, a category of recruit that may not be considered an appropriate fit under traditional military organizational culture.

The bottom line is that cybersecurity must be a strategic priority for Canada and we have to build the necessary capability to repel and deter cyberattacks. For this reason, the defence policy review is also the right forum to debate a related fundamental question: Who will be responsible for overall cybersecurity strategy at the government level going forward – Public Safety Canada or the Department of National Defence?..

Right now Public Safety has the lead (but note the hodge-podge) and I can’t see this government switching it–though CSE, which is under the Minister of National Defence, might be given a greater role.  The Canadian Forces do have a “Director General, Cyber, a unit within Chief of Force Development tasked to develop the military’s future cyber capabilities.”; but that sure ain’t much to build on.

Mark Collins, a prolific Ottawa blogger, is a Fellow at the Canadian Global Affairs Institute; he tweets @Mark3Ds


11 thoughts on “Mark Collins – Time For Canadian Government to Get Really Cyber Serious”

  1. You can buy the best equipment in the world do all the planning in the world etc, but it is all meaningless if you either import temporary foreign workers and give them root access to the system or even worse off shore the support then give them the root passwords and then let them lose on your systems.

    Further is the farce of the FBI demanding the end of cell phone encryption because they want to see the call records on a terrorists phone. Like the phone companies haven’t already handed over the info for who they called. And it isn’t like the NSA isn’t capturing every ones phone calls already. But ooooooh terrorists!!! The only thing the US government is serious about when it comes to cyber security is making sure no one has any.

  2. One reason why US is so cyber-serious:

    French getting pretty serious themselves:

    Mark Collins

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s