The federal government should loosen its secrecy rules and provide more information to companies about the threats of cyberattacks in order to help them improve their security systems, said Canada’s former national security adviser.
Speaking at a “disaster-proofing” conference in Ottawa, Richard Fadden said the government already has ways to share classified information as part of tendering processes, calling for these rules to be broadened to the fight against cyberthreats.
“One of the problems we have in Canada … is that we found it very, very hard to share classified information about cyberattacks with the private sector,” said Mr. Fadden, who is also the former head of the Canadian Security Intelligence Service. “We are starting to expand that kind of sharing, but it’s very hard for someone from [Communications Security Establishment Canada] or CSIS or somewhere else to have conversations with CEOs from major banks or major industries if they can’t share some classified information about the nature of the threat.”
Mr. Fadden said the practice is already in place in the United States, where the country’s national-security agencies are more open when large companies are the victims of cyberattacks.
Mr. Fadden shared a stage with the former head of the Central Intelligence Agency and the National Security Agency, Michael Hayden, to discuss the growing cyberthreats facing governments and companies. In terms of foreign entities that conduct cyberattacks, Mr. Hayden said he was impressed by the “scale” of the incidents involving Chinese hackers, and the “skills” of the Russians, pointing to last year’s attacks against the Democratic National Committee.
Mr. Hayden said the greatest danger facing North America is not a “digital Pearl Harbour,” but rather a series of continuous attacks that weaken key sectors of the economy. As such, he said it was up to various CEOs to ensure their companies are able to ward off hackers, whatever their motives.
“This thing requires such a fundamental rethinking that we, in society, should recognize the private sector is on the front, and the government should assume a supporting role,” Mr. Hayden said.
The pair spoke at Disaster Proofing Canada, a conference that looked at Canada’s ability to face disasters. The varied and unexpected consequences of climate change were top of mind among a number of participants who talked about the way they have dealt over the years with floods, ice storms or large-scale disasters such as the Fort McMurray forest fires.
Ginny Flood, vice-president of government relations with Suncor, said debates over areas of municipal, provincial or federal jurisdiction “got messy” during the 2015 fires, calling for greater co-ordination in the future.
Rear Admiral Bob Auchterlonie, who oversees the response to natural disasters with the Canadian Armed Forces, said there is a tendency in Canada to avoid discussions around worst-case scenarios.
“We are very Canadian; we don’t want to talk about difficult things,” he said, referring in particular to the possibility and the consequences of a major earthquake in British Columbia.
There are about 15 to 20 disasters that hit Canada in a given year, defined as events that have an impact of 0.2 per cent to 2 per cent on the country’s GDP, said Paul Kovacs, an expert on disasters at the University of Western Ontario. He said Canada has never had a catastrophe, as defined as an event that affects more than 2 per cent of the GDP, while cautioning that countries such as Japan are much more prepared for such eventualities.
“We need to do more on this side,” he said, pointing to the lack of new projects such as the Red River flood-way that has prevented billions of dollars in damages over the years.
Craig Stewart, vice-president of federal affairs at the Insurance Bureau of Canada, added: “The greatest risk continues to be severe weather driven by a changing climate aggregate and, individually, a moderate to severe earthquake proximal to Montreal or Vancouver.”Report Typo/Error