Mark Collins – Offensive Cyber Capability for Canadian Forces? Is the New Government Cyber Serious?

Further to these posts,

Canadian Forces Trying to Come to Grips With Cyber (plus government as a whole)

US Cyber: Defence and Now Offence?

Pentagon’s Cyber Strategy Names Threat Countries, Threatens Retaliation

US Cyber Seriousness (plus France…and Canada?)

Bundeswehr Getting Cyber Serious

Time For Canadian Government to Get Really Cyber Serious–But It’s Not

a most knowledgeable Canadian thinks our military needs to be able digitally to take it to enemies:

Former CSIS head says Canada should have its own cyber-warriors
Documents show Forces are struggling to develop even a defensive cyber capability

Canada’s former top spymaster says the country’s military should have the legal authority and capability to not only defend itself, but also to go on the attack in cyberspace as well.

Richard Fadden, the former director of the Canadian Security Intelligence Service and the ex-national security adviser to prime ministers Stephen Harper and Justin Trudeau [and a former Deputy Minister of National Defence], says he’s argued in the past that the threat in the online world is as serious as terrorism in the physical world.

– Canada’s electronic spy service to take more prominent role in ISIS fight
– …
– Cyberattacks on infrastructure a ‘major threat,’ says CSIS chief

At the moment, the Canadian military’s nascent cyber capability is restricted from going on the offensive to protect itself. Documents obtained by CBC News show that National Defence appears to be struggling to develop even a defensive stance.

“If we are going to allow that we’re going to have Canadian Forces abroad and they are facing cyberattacks, either communications or other, I think it’s totally reasonable to think seriously about whether or not we should give them the capacity to reach out and suppress before they are used against them,” Fadden told CBC Radio’s The Current on Wednesday [June 22–see here for audio and transcript].

The issue is partially framed in the Liberals’ defence policy review statement, which asks the public what sort of role the military should play in the online battle space [see 8. at p. 29 PDF here, more on the review here]…

Last winter, published reports in Britain said Moscow was prepared to invest the equivalent of $250 million US to improve an already formidable stable of hackers and software engineers so they can go on the offensive. The Russians argue their build-up is a deterrent, much like a nuclear arsenal, and meant as a response to U.S. plans to improve the National Security Administration and the Pentagon’s cyber command.

Fadden said Canadian troops currently deployed face the threat of cyberattack, not only from big players, such as Russia and potentially China, but also extremist groups, such as ISIS.

“You don’t send people in harm’s way without doing everything you possibly can to avoid that harm being done to them, and I think most militaries that we are facing, for example in Iraq, some of the forces they are opposing have cyber capacity,” said Fadden…

Wesley Wark, a University of Ottawa professor and one of the country’s leading experts on intelligence and cyberwarfare [more here], says Canada’s electronic spy service, the Communications Security Establishment, which operates independently from National Defence, has the ability to conduct offensive operations [see “Canadian Cyber: Communications Security Establishment–Defence and Now Offence?“].

He conceded that CSE’s time and attention are devoted to protecting civilian infrastructure and working with utilities and major corporations to help them protect their networks [but see: “Canadian Federal Government (and others) Not Cyber Serious“].

Wark said he believes the military should not put time and resources into developing an offensive posture when other allies, such as the U.S. and Britain, are already way out in front in that manner.

Fadden disagrees…

…a trail of documents obtained by CBC News under access to information shows the military has struggled to establish even a defensive cyber capability.

A briefing, dated Nov. 17, 2014, candidly acknowledged that Defence “needs to improve its posture to better anticipate, plan and conduct cyber operations.”

The report said establishing an effective military command structure for cyberspace “may require some resource investment [and] realignment” of the existing system, and maybe even a new organization within the Forces.

Another heavily redacted document, dated Dec. 11, 2012, shows that there was, at the time, no mechanism for the military’s operations command to reach out to CSE for timely help when commanders in the field needed it.

The briefing also suggests defence department policy advisers were only just beginning to wrap their heads around the emerging implications and that the military considered cyber to be more of a “technical issue” not directly related to the core business of bullets and battleships.

Time to up the Forces’ game one way or another–but will the government provide meaningful money?. Meanwhile the US military, and federal government, continues to try harder:

The US Military Can’t Train To Fend Off the Worst Cyber Attacks on Infrastructure — Yet
Digital wargames that ‘truly represent a realistic and relevant threat’ are coming in 2019.

The U.S. military can’t fully test its ability to respond to a catastrophic cyber attack on civilian infrastructure, and likely won’t be able to until 2019, representatives from Cyber Command and the Joint Chiefs told lawmakers on Wednesday.

Last Friday, Cyber Command wrapped up Cyber Guard, a major exercise that gathered 800 representatives from DOD, DHS, FBI, and industry to practice repelling a major network attack on U.S. infrastructure. The exercise took place on a joint information operation range in Suffolk, Va. — a kind of cyber firing range. The exercise, however didn’t fully emulate the full range of tactics and techniques that hackers might deploy against U.S. infrastructure.

“We don’t have the scale or the complexity to truly represent a realistic and relevant threat, the ones that we’re truly trying to train to,” Brig. Gen. Charles L. Moore Jr., the Joint Chiefs of Staff’s deputy director for global operations, told the House Armed Services Committee.

In the event of a massive cyber attack on the United States, Cyber Command would help fend it off or respond to it, as directed first by U.S. Northern Command [whose commander is double-hatted as head of NORAD] and, on top of them, DHS…

Nothing remotely similar seems to be taking place in dear old complacent Canada; the previous government for its part certainly did precious little.

Mark Collins, a prolific Ottawa blogger, is a Fellow at the Canadian Global Affairs Institute; he tweets @Mark3Ds


2 thoughts on “Mark Collins – Offensive Cyber Capability for Canadian Forces? Is the New Government Cyber Serious?”

  1. Bit of a “hmm” here:

    ‘US Still Has No Definition for Cyber Act of War

    Pentagon leaders are still working to determine when, exactly, a cyber-attack against the U.S. would constitute an act of war, and when, exactly, the Defense Department would respond to a cyber-attack on civilian infrastructure, a senior Defense Department official told lawmakers on Wednesday.

    A cyber strike as an act of war “has not been defined,” Acting Assistant Secretary of Defense for Homeland Defense and Global Security Thomas Atkin told the House Armed Services Committee. “We’re still working toward that definition.”..’

    Mark Collins

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s