Derek Burney was Canada’s ambassador to the U.S. from 1989-1993. He led the Canadian delegation in concluding negotiations of the Canada-U.S. Free Trade Agreement.
Indications that the government is analyzing the cyberthreats to Canada from equipment made by foreign telecommunication companies is welcome enough but the scope for review should be broader and lines of accountability need to be streamlined.
In his recent book, The Perfect Weapon: War, Sabotage and Fear in the Cyber Age, New York Times columnist David Sanger asserts that threats from cyberattacks are more serious than those from terrorists or nuclear proliferation. He focuses on cyberwarfare – the methods and techniques deployed to sabotage or disrupt the electronic and physical assets of an adversary. Sanger documents his thesis meticulously with examples such as the U.S.-Israeli attack against Iran’s centrifuges, the North Korean attack on Sony, Russia’s attack on Ukraine’s power grid and, most notably, Russian interference in the 2016 U.S. elections, a topic that continues to resonate in America.
Canada may be less vulnerable to cyberattacks but the question is how well are we prepared? As very little is made public about security and intelligence generally in Canada, how well we are organized (and funded) to meet the threat is difficult to know. Responsibility is scattered across various government agencies and it is no secret that our capabilities for secure voice and data transmission are outdated. Because technology is advancing at warp speed, the scope for offense is almost always ahead of defense capabilities.
Furthermore, countries such as the U.S. are unwilling to reveal as much as they know, as it would only tip off attackers to look for new methods of penetration. Once used, a weapon is more readily available for others to emulate.
There is also a real concern that attacks and counterattacks could rapidly spiral into actions that would cripple the internet, financial systems and power grids with devastating impact on the global economy.
The Obama administration was aware the Russians were hacking during the 2016 election but refrained from overt counteraction, lest they be charged with seeking to influence the election outcome. There are also privacy concerns that circumscribe surveillance skills of democracies, as opposed to those in authoritarian states – an imbalance that is difficult to reconcile.
The U.S. is mobilizing its extensive security and intelligence facilities to meet the threat. Overall supervision rests nominally with General Paul Nakasone, who is both Director of the National Security Agency and Commander of Cyber Command. Inexplicably, the White House recently jettisoned the position of its own cybersecurity co-ordinator. U.S. President Donald Trump’s reluctance to openly acknowledge Russian hacking efforts in 2016, ostensibly for fear that it may undercut the legitimacy of his elections, only intensifies the problem of formulating a U.S. national strategy on cybersecurity. The U.S. agencies involved in offensive and defensive operations work together uneasily. Turf wars are, after all, the oxygen of bureaucracies. Sanger complains that the paranoia of U.S. intelligence agencies about “protecting sources and methods” undermines the ability to deploy a concerted strategy or doctrine on cyberspace. It is not a problem unique to America.
The power of the U.S., including its massive nuclear arsenal, does help as a deterrent, but given the burgeoning technological potential of China and the relative ease with which individual bad actors can be disruptive, the threat from cyberattacks will undoubtedly become more daunting in the future.
At a recent seminar at Stanford University involving the the Five Eyes – U.S., Australia, Britain, Canada and New Zealand – former prime minister Stephen Harper lauded the value of their intelligence-sharing effort. However, he asserted bluntly that all were falling behind and not adequately funding the challenges from cyberspace. He noted as well that some members have introduced Chinese technology into their systems, thereby limiting the potential for full-scale co-operation. Additional restraints stem from the fact that each of the Five Eyes has distinct criteria for reviewing foreign investment in critical technology fields with different security safeguards as well. There is a need for greater coherence.
Canada will rely heavily on the U.S. to safeguard vital and often shared infrastructure such as electricity grids and transportation links. But in a multipolar world that is moving away from conventional partnerships and alliance linkages to one with overt “America First” inclinations, that customary reliance may not be sufficient. Are we satisfied being a fast follower of U.S. technology or confident that the U.S. will continue to share its technology with alacrity as economic competitiveness intensifies?
Mr. Sanger’s book is a timely primer for a much-broader review of Canadian readiness in terms of capabilities, commitments and responsibilities.