As COVID-19 quickly became a pandemic, Canadians were surprised to learn that our stockpiles of personal protective equipment covered just a fraction of what was required to weather the unfolding crisis.
All levels of government and businesses scrambled to secure PPE supplies to maintain some degree of essential services. Prices began to rise as other jurisdictions competed for the limited supply in global circulation.
The pandemic has also exposed the growing cyber-risk to Canadians given the acceleration of the adoption of digital technologies to maintain essential services such as payments from government, health care, education, the justice system and commerce. Those risks have been especially borne by vulnerable populations such as seniors and children.
In their recently released 2020 National Cyber Threat Assessment, the Canadian Centre for Cyber Security reports the number of cyberthreat actors and their sophistication is sharply rising, especially in the area of fraud targeting individuals and businesses.
The Royal Canadian Mounted Police report that online child sexual exploitation has soared through COVID-19 as abusers take advantage of children spending much more time online.
Cyberbreaches are also an emerging geopolitical threat. Non-government entities such as businesses and research organizations are often the targets of foreign governments. For example, the U.S., British and Canadian governments alleged that Russian hackers, linked to their government’s intelligence agency, have targeted research institutions that have been linked to COVID-19 vaccines with cyberattacks.
Canada is in a precarious position in upholding its digital security. Our greatest geopolitical asset in countering cyberthreats is our Five Eyes intelligence-sharing alliance with the United States, Britain, New Zealand and Australia. All our partners have now banned Chinese telecom hardware provider Huawei from their 5G digital infrastructure. The government of Canada has yet to even set a timeline for its decision.
Our Five Eyes partners have suggested Canada could be left out of critical intelligence sharing should we choose not to ban or restrict Huawei. Beyond the intelligence considerations, Canadians also have a right to question Huawei’s presence in Canada given the allegations in recent years that the company engaged in corporate espionage that may have contributed to the demise of Canadian telecom giant Nortel.
That concern should go well beyond Canada’s 5G infrastructure. Huawei has research partnerships with 13 Canadian universities related to 6G and artificial intelligence technologies. Despite calls from experts, the government does not have an explicit policy on intellectual property extraction from such research partnerships, even if they have security considerations.
The other Five Eyes governments have and will continue to question other critical technologies, especially cybersecurity tools, that are used by their security agencies and critical public and private sectors, including finance, energy and infrastructure – especially those originating with geopolitical rivals such as China and Russia. For example, the U.S. government banned its own use of tools developed by Russian cybersecurity provider Kaspersky Labs and imposed targeted sanctions on Chinese cyberforensics firm Meiya Pico.
Mitigating the risk by limiting the cyber supply chain alone is not a robust strategy. Unlike PPE, an industry creating critical cybersecurity tools can’t be quickly stood up when a crisis emerges.
Canada does have a nascent cybersecurity sector, research capacity at universities, and some capability and talent within government and the private sector. The Canadian Armed Forces has realized that such highly technical talent cannot be acquired and maintained within its general ranks at scale to deal with the magnitude of such threats. Identifying this talent and operationalizing it quickly is a strategic asset. In 2018, the CAF announced a pilot program to achieve this end called the Cyber Mission Task Pilot Project.
The government has also signalled its willingness to invest substantial funds to address the challenges related to security in the digital age. It created the Innovation for Defence Excellence and Security (IDEaS) program and provided $1.6-billion in funding over 20 years.
However, these piecemeal efforts lack a cohesive strategy. The Canadian government’s updated attempt at articulating a national cybersecurity plan in 2019 included laudable language. What’s missing is a concrete, risk-mitigating approach that spans all essential service providers including our broader public sector and the private sector.
Such a strategy must create space for all essential service providers to regularly identify potential vulnerabilities and risk-mitigation approaches that help prioritize where to invest scarce resources. Further, it must create the mechanisms that allow them to leverage our domestic innovators, universities and their talent to address potential holes in the cyberdefense of essential services.
Where Canada doesn’t have such capabilities, the government should look to address them by catalyzing strategic investments domestically and through our geopolitical alliances. Such an approach can take our immense national cyberliability and help balance it with the creation of assets that contribute to our national prosperity through exportable cybersecurity technologies.
One important lesson from COVID-19 is that we must be better at anticipating threats to our security and have mitigation approaches in place before they become crises. The cyberthreats to Canadians are real and growing. It’s the new security frontier for both geopolitical conflict and criminal activity. It affects our long-term prosperity, security and sovereignty. The question is, will the hard lessons we’ve absorbed on the lack of pandemic preparedness be applied to the existential threats to our cybersecurity?
Neil Desai is an executive with Magnet Forensics, a Canadian cybersecurity company. He serves as a senior fellow with the Centre for International Governance Innovation and the Munk School of Global Affairs and Public Policy at the University of Toronto. He formerly served in senior roles with the government of Canada
Your time is valuable. Have the Top Business Headlines newsletter conveniently delivered to your inbox in the morning or evening. Sign up today.