A theme I have been stressing for quite some time–further to these posts,
Offensive Cyber Capability for Canadian Forces? Is the New Government Cyber Serious?
[note links at start]
more on the sorry state of Canadian preparedness from those who know, at Vanguard magazine:
The upcoming Defence Policy Review is an excellent opportunity for Canada to address cybersecurity gaps that pose serious risks to our country’s military and government computer networks and infrastructure.
While the incidence of state-backed cyber attacks on national and commercial computer systems of our allies has increased in recent years, it is frightening to realize that Canada’s cyber defences appear to have been largely neglected, according to two former high-ranking officials of the Canadian Security Intelligence Services (CSIS) who spoke with Vanguard recently.
Duct tape approach
“I don’t see Canada spending enough on cyber defence…it’s still a hodge-podge, duct tape approach. There’s a definite need for a cyber-strategy review,” says Ray Boisvert, who built a 30-year career in both operational and executive roles with CSIS before retiring as its assistant director if intelligence in 2012. Since then, Boisvert has become the president and CEO of security firm I-Sec Integrated Strategies [see here] and more recently a senior associate at Hill and Knowlton Strategies Canada [see here–Mr Boisvert frequently appears on the CBC].
“The country’s cyber defence budget is very, very small compared to that of conventional warfare,” he laments.
Boisvert also says there’s a glaring lack of strategy and clarity of who is responsible for what when it comes to preventing and dealing with cyber attacks [emphasis added] leading to the impressions that Canada has been “a little complacent” and adopting a “stand by and watch other” posture on cyber…
In his recent essay on cyber security for the Canadian Global Affairs Institute, Major-General John Adams (Ret’d) [head of Canada’s SIGINT–and government communications security–agency, CSE, from 2005 to 2012] traces Canada’s cyber security gaps to the fact that “cyber attacks were not on the table” when the existing cyber strategy was being mapped out [the essay is here; Mr Adams is a CGAI Fellow].
“The government of Canada has responded to cyber exploitations with its Cyber Security Strategy.11 Published in 2010, the strategy is noteworthy for the fact that it limits itself to strengthening the government’s capability to detect, deter and defend against cyber attacks while deploying cyber technology to advance Canada’s economic and national security interests [more here in late 2015 from the government on what it’s been doing–busy but effective?].” He wrote. “It did not militarize cyber security, it was limited to specifying that the Canadian Armed Forces were to strengthen their capacity to defend their own networks, work with other government departments to identify threats to their networks and possible responses, and continue to exchange information about cyber best practices with allied militaries [see the Germans: “Bundeswehr Getting Cyber Serious“].”
Adams also noted that a more aggressive approach “would have been ill-advised in 2010” because the concept of cyber war had not yet sufficiently matured.
However, he says, a lot has changed since 2010 and cyberspace have “become the centre of gravity for the globalize world” embracing economic, financial, diplomatic and military operations.
Today, he says, cyber war means disrupting or destroying information and communications systems in order to threaten a state’s sovereignty as well as gathering as much information about an adversary while keeping that adversary oblivious to the data gathering…
We have a whole lot of catching up to do. Meanwhile down south: