Good reporting by Colin Freeze at the Globe and Mail:
Canada, China to discuss accord on cybersecurity
Prime Minister Justin Trudeau has directed his top security officials to discuss a cyber accord with China to help protect Canadian corporations from hackers.
The Prime Minister’s national-security adviser, Daniel Jean, was sent to China earlier this month to co-chair the first in a series of meetings between the two countries’ public-safety officials. These talks have become the focus of controversy because they include a possible extradition treaty.
Now The Globe and Mail has learned the discussions will also be a forum for Canada and China to iron out their differences on cybersecurity.
“The U.S. and U.K. recently concluded agreements with China not to engage in, or support, the theft of intellectual property and trade secrets to gain economic advantage,” said Scott Bardsley, a spokesman for Public Safety Minister Ralph Goodale. “A similar agreement is a possible outcome.”
Such a dialogue has profound implications for Canada’s business community, given that Chinese government hackers are frequently seen as adversaries with a voracious appetite for corporate intellectual property as well as state secrets. Past victims of Chinese hacking campaigns include the federal government’s National Research Council [see “Dragon Hack Attack on Canadian Government Research: Report“] and, allegedly, the former telecom giant Nortel Networks [see “Huawei, Nortel and Dirty Work at the Network“] …
In September, 2015, U.S. President Barack Obama and Chinese President Xi Jinping announced a cyberaccord. Former British prime minister David Cameron unveiled a similar agreement when he met Mr. Xi one month later.
In April, a U.S. private-sector cybersecurity expert noted “a material downtick in what can be considered cyberespionage” after the U.S.-China accord. But U.S. government security officials have said they are unsure China is complying [see from February: “US Director of National Intelligence Dubious about Dragon Ceasing Commercial Cyber Spookery“–would that Canadian officials could be so frank]…
“If there is a general feeling, an assessment on the part of some hackers, there are no rules, that this is the law of the jungle, then that is a very destabilizing thing,” Michael Walma, a senior Global Affairs Canada official [more here], said during a conference last week.
Billed as Ottawa’s “cyber foreign policy co-ordinator,” he was one of several high-level civil servants who spoke at the Canadian Association of Security and Intelligence Studies (CASIS [website here]) symposium. Last Friday’s discussion focused on cybersecurity and took place at Ottawa’s War Museum.
Calling the discussion “timely,” Mr. Walma told the gathering that Canadian diplomats are joining their counterparts in trying to iron out cybersecurity issues in bilateral and multilateral forums.
He specifically mentioned the U.S.-China accord as an example of what dialogue can achieve. But, he added, diplomatic agreements need to be backed up with deterrents, and pointed out that the United States is targeting state-sponsored hackers with criminal prosecutions, travel bans and financial sanctions.
“They are starting to equip themselves with a toolbox that allows them to respond with something between a diplomatic note and a nuclear strike,” Mr. Walma quipped. “I think that kind of points to the way we should all be working.”
In the summer of 2014, the U.S. government charged five officers of China’s People’s Liberation Army with hacking U.S. solar, steel and manufacturing companies [see “Cyber Security: US Legal Hammer Trying to Nail Dragon“]. Shortly after, the United States launched a separate case against Vancouver-based Chinese national Su Bin, accusing him of helping PLA-affiliated hackers target aviation companies [latest: “Canadian-Based Cyber Chispy Sentenced in US“].
At that time, Canada’s Conservative government publicly called out China for hacking into the computer networks of the National Research Council, the federal government’s repository of secrets about emerging technology.
Whether “naming and shaming” foreign hackers accomplishes much was debated at the CASIS conference [a post on the symposium: “Quantum Computing Coming: Canadian SIGINT Chief Warns of Threat to Encryption“]…
Follow Colin Freeze on Twitter: @colinfreeze
What “deterrents” might the Canadian government have in its “toolbox” versus the Chicoms?