One of Canada’s former top spies says that the damage done by economic espionage is now on par with the threat posed by al-Qaeda and other radical groups.
“It has become equal to the threat of terrorism. Why? It has such long-term repercussions. The future prosperity of Canadians,” says Ray Boisvert, who had served as the assistant director of intelligence for the Canadian Security Intelligence Service until his retirement six months ago.
Mr. Boisvert made his remarks to The Globe and Mail after Washington released a scathing report about the cyberespionage threat posed by China’s Huawei Technologies Co.
The expanding telcom giant simply “cannot be trusted to be free of foreign state influence,” according to the U.S. House Permanent Select Committee on Intelligence.
The report suggested Huawei and the billions of dollars worth of Internet-infrastructure equipment that it sells could facilitate “the ongoing onslaught of sophisticated computer network intrusions that originate in China.”
Citing classified and unclassified intelligence, the lawmakers – versed in Washington’s own clandestine hacking efforts – recommended that Huawei be kept far away from contracts to install sensitive U.S. government systems. Their fear? Chinese spies could prevail on Huawei to install backdoors that would allow for sneak peeks at propriety data – or worse, allow them to mess with U.S. infrastructure.
Huawei remains opaque about its ongoing ties to the one-party Communist state that nurtured it. So much so that the House intelligence committee is also telling private companies to give Huawei a wide berth.
The multibillion-dollar company counters that American fears are based purely on rumour and innuendo. Yet Australia and Great Britain, too, have also taken precautions to ensure their own networks are free of prying eyes where Huawei equipment is involved.
Such arrangements now threaten to leave Canada as the odd man out in the decades-old intelligence fraternity of major English-speaking powers – the only partner that hasn’t yet publicly grappled with the significance of selling its data pipelines to a multinational often seen to be aligned with a rival power.
How significant is this Huawei issue from Canada? Here, Mr. Boisvert, who left CSIS to start a risk-management consultancy known as I-Sec Integrated Strategies, reflects on how Ottawa has been grappling with the issue.
The Globe and Mail: The U.S. seems to be very proactive about the Huawei issue.
Ray Boisvert: In this country, it’s a lot more about doing business – Canada is a trading nation, we’re small, and we need to take greater risks.
When it comes down to the U.S. polity versus ours, there’s a lot more weight placed on security requirements.
There’s a made-in-U.S.A. factor, too, that can’t be ignored. In the U.S., there are a lot of telecommunications suppliers that could supplant Huawei’s deliverables.
Well, we used to have a pretty good telecom equipment company in Canada. A lot of people suggest Huawei ate – or stole – Nortel’s lunch ...
There was a bunch of stuff going on – a bunch of poor decisions were made. The Year 2000 high-tech collapse that played against Nortel.
But there have been enough stories including the head of IT [information technology] at Nortel who said that “We got done by cyber-attacks.”
And at the same time Huawei rose, Nortel fell. Coincidence? I don’t think so.
How well equipped is the Canadian government to address espionage?
At the end of the day, we’ve all been focused on the post-9/11 environment. The single most important threat has been the threat of terrorism.
That has distracted us from a very important national security threat that all of us in the business are very conscious of.
Espionage in the 21st Century is not spy-versus-spy but it’s really about gaining strategic economic advantage, globally. That means agencies facilitating the companies to gain strategic advantage to dominate economically.
In my view, it has become equal to the threat of terrorism. Why? It has such long term repercussions. The future prosperity of Canadians.
What should Canadian lawmakers think about U.S. counterparts sounding the alarm about Huawei?
It comes down to: Is our policy attuned at the right level?
There’s a two-part decision. One – Huawei, do you accept them as a legitimate player in the marketplace? If the answer to that is yes, then you are really hard-pressed not to allow them to compete for contracts in the private sector.
The second part is, are they a security threat? If they are should they be able to bid on shared [critical government] infrastructure?
It’s one thing to lay down the backbone of a really large set of pipes. If you had some malware embedded in the coding of the system, you’re fishing in a pond that’s billions and billions of litres deep.
Versus, if you’re sitting on a specific network where right away the fishing is pretty clear – you’re in a small pond of a hundred litres. It’s easier to identify which one of those data packages, which fish you want to spear.
But aren’t people getting a lot better at sifting the important stuff out of torrents and torrents of data?
There are limits.
If you’re asking me “Would you let them install hardware into the main telecommunications networks?,” my answer would be “Yeah you could, but you really want to put in a lot of checks and balances – initial verification of the code, and ongoing auditing of all of the mechanisms that Huawei would implement.”
Does this inform the Nexen Inc. takeover debate? Or are oil and telecom two different kettles of fish?
It’s not the same national-security concern. It’s one thing to look at the fact that here’s a huge investment in a strategic resource – oil – and ask “Is this in Canada’s best interest?”
But the Huawei one is very greatly debated. I think there is a preponderance of legitimate evidence, there is enough layman and specialist understanding, that an organization like Huawei could take incredible advantage of owning the network that all of your communications are crossing.
Have the security implications of Huawei been discussed in places like the Langevin Block? 24 Sussex? Your old shop at Blair and Ogilvie?
I’ll just say that I know, when I was at CSIS, these issues were raised. Whether they have an audience or not, I’ll leave that for others to comment on.
Canada has taken a look at those issues when the larger telecommunications companies [Telus, Bell, Rogers] wanted to buy Huawei equipment.
The role of CSIS is to give advice to Industry Canada.
So Industry Canada plays the middle man role – in terms of responding to concerns that industry may have [to government] or bringing those concerns the security community may have to industry.
Isn’t there always a tension between the security guys and the “Do Business” guys? Does it make any sense to put the cybersecurity issue within the “Do Business” Ministry?
There is certainly a tension. It’s a tension that an organization like CSIS is fully aware of.
This interview has been condensed and edited.