Skip to main content

The Globe and Mail

Can business and government ensure Canada’s cybersecurity?

Louis Vachon is chief executive officer of National Bank of Canada.

Business finds itself on the front lines of global conflict these days like never before. Consider the high-tech assault on Turkey's banking system, which disrupted credit card transactions and online services last December in the midst of tensions with Russia. Or the computer systems breach at the Warsaw Stock Exchange in October, 2014, claimed by Islamic State. When there is geopolitical tension – it does not have to be a declared conflict – cyberattacks by state or state-sponsored organizations are now inevitable.

These attacks have two main purposes. The first is to inflict immediate damage, by disrupting services and stealing information. The second, more pernicious, is to intimidate. And enterprises are not the only targets. There have been countless intrusions into the systems of government defence organizations and other departments in Europe and the United States in recent years.

Story continues below advertisement

Canadian businesses generally take this threat seriously and are investing significant resources to safeguard the integrity of their data. However, should we come under attack from foreign states, we expect our own government to have some role in protecting us against such attacks. It is imperative that Canada step up its game.

Prime Minister Justin Trudeau's government has stated its intention to conduct an in-depth review of Canada's defence strategy by the end of 2016. In light of the growing number of geopolitically motivated cyberattacks around the world, this important policy exercise must include cybersecurity as an integral component of defence strategy.

Canada needs a clear cybersecurity strategy. And it has to be accompanied by adequate funding to achieve our national objectives. The strategy must provide for strong co-ordination between Canadian government and business – there has been significant progress on this front – and an effective structure for marshalling the efforts of government agencies. Taking a cue from many countries, including non-militaristic ones such as Denmark and the Netherlands, we must not only harden our defences for better protection but also build an offensive capability that gives our government the ability to deter potential intruders. We also need to work closely with allies and, if appropriate, create new cyberalliances, an area in which Canada can take a leadership role.

We must not use scarce defence resources to spy on allies or target our own citizens. A robust control and governance structure is needed to ensure that efforts are focused, money is well spent and citizens' privacy rights are respected.

The best cybersecurity strategy will protect Canadian interests only if supported by adequate means for execution, and this is admittedly a challenge in the current economic and budget environment. The defence review must, therefore, look at the allocation of funds between traditional defence systems and new threats. For example, hard questions need to be asked about whether the maintenance of a submarine fleet is still a judicious use of funds. The government should also assess the role that military reserve units can play in cybersecurity by attracting cybertalent, a category of recruit that may not be considered an appropriate fit under traditional military organizational culture.

The bottom line is that cybersecurity must be a strategic priority for Canada and we have to build the necessary capability to repel and deter cyberattacks. For this reason, the defence policy review is also the right forum to debate a related fundamental question: Who will be responsible for overall cybersecurity strategy at the government level going forward – Public Safety Canada or the Department of National Defence?

Historically, our geographic location has been a blessing, helping to keep Canada out of harm's way. But this natural barrier cannot keep us safe in a digital world. Our defence strategy for the 21st century must absolutely take this stark reality into account.

Story continues below advertisement

Report an error
As of December 20, 2017, we have temporarily removed commenting from our articles as we switch to a new provider. We are behind schedule, but we are still working hard to bring you a new commenting system as soon as possible. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to