Mark Collins – Canada: “Time to get serious about cyber security”

A theme I have been stressing for quite some time–further to these posts,

Time For Canadian Government to Get Really Cyber Serious–But It’s Not

Offensive Cyber Capability for Canadian Forces? Is the New Government Cyber Serious?
[note links at start]

more on the sorry state of Canadian preparedness from those who know, at Vanguard magazine:

The upcoming Defence Policy Review is an excellent opportunity for Canada to address cybersecurity gaps that pose serious risks to our country’s military and government computer networks and infrastructure.

While the incidence of state-backed cyber attacks on national and commercial computer systems of our allies has increased in recent years, it is frightening to realize that Canada’s cyber defences appear to have been largely neglected, according to two former high-ranking officials of the Canadian Security Intelligence Services (CSIS) who spoke with Vanguard recently.

Duct tape approach

“I don’t see Canada spending enough on cyber defence…it’s still a hodge-podge, duct tape approach. There’s a definite need for a cyber-strategy review,” says Ray Boisvert, who built a 30-year career in both operational and executive roles with CSIS before retiring as its assistant director if intelligence in 2012. Since then, Boisvert has become the president and CEO of security firm I-Sec Integrated Strategies [see here] and more recently a senior associate at Hill and Knowlton Strategies Canada [see here–Mr Boisvert frequently appears on the CBC].

“The country’s cyber defence budget is very, very small compared to that of conventional warfare,” he laments.

Boisvert also says there’s a glaring lack of strategy and clarity of who is responsible for what when it comes to preventing and dealing with cyber attacks [emphasis added] leading to the impressions that Canada has been “a little complacent” and adopting a “stand by and watch other” posture on cyber…

In his recent essay on cyber security for the Canadian Global Affairs Institute, Major-General John Adams (Ret’d) [head of Canada’s SIGINT–and government communications security–agency, CSE, from 2005 to 2012] traces Canada’s cyber security gaps to the fact that “cyber attacks were not on the table” when the existing cyber strategy was being mapped out [the essay is here; Mr Adams is a  CGAI Fellow].

“The government of Canada has responded to cyber exploitations with its Cyber Security Strategy.11 Published in 2010, the strategy is noteworthy for the fact that it limits itself to strengthening the government’s capability to detect, deter and defend against cyber attacks while deploying cyber technology to advance Canada’s economic and national security interests [more here in late 2015 from the government on what it’s been doing–busy but effective?].” He wrote. “It did not militarize cyber security, it was limited to specifying that the Canadian Armed Forces were to strengthen their capacity to defend their own networks, work with other government departments to identify threats to their networks and possible responses, and continue to exchange information about cyber best practices with allied militaries [see the Germans: “Bundeswehr Getting Cyber Serious“].”

Canada’s cyber security deficit
Strategically responding to cyber threats

Adams also noted that a more aggressive approach “would have been ill-advised in 2010” because the concept of cyber war had not yet sufficiently matured.

However, he says, a lot has changed since 2010 and cyberspace have “become the centre of gravity for the globalize world” embracing economic, financial, diplomatic and military operations.

Today, he says, cyber war means disrupting or destroying information and communications systems in order to threaten a state’s sovereignty as well as gathering as much information about an adversary while keeping that adversary oblivious to the data gathering…

We have a whole lot of catching up to do. Meanwhile down south:

President Obama Issues Cyber Directive

Mark Collins, a prolific Ottawa blogger, is a Fellow at the Canadian Global Affairs Institute; he tweets @Mark3Ds


5 thoughts on “Mark Collins – Canada: “Time to get serious about cyber security””

  1. Russkie mole(s) in NSA? John Schindler weighs heavily in:

    Note RCN spy Jeffrey Delisle mentioned as key indicator of Russian success in US:

    Mark Collins

  2. Toronto Star story on former CSE head and cyber offensive capability:

    From the story:

    ‘…Communications Security Establishment simply said that they have no authority to conduct offensive cyber operations.

    “CSE does not have a mandate to conduct offensive cyber activities,” agency spokesperson Ryan Foreman wrote in a statement.

    “The government of Canada is currently engaged in a defence policy review, which includes consulting Canadians on defensive and offensive military cyber capabilities.”..’

    Mark Collins

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s