Patrick Searle is an executive with the Council of Canadian Innovators.
Federal government's budget has proposed spending of more than half a billion dollars over the next five years to battle cybercrime and update Canada's aging digital-security strategy.
The strategy will aim to improve the security and resilience of computer systems and will put an emphasis on improving collaboration and leadership across the various levels of government. This new funding is also an opportunity to position Canada as a global leader in cyberinnovation.
The rising effects of cyberattacks, cybercrime and cyberterrorism are becoming top-of-mind for elected officials and private-sector leaders alike. Last fall, the Government of Canada revealed that its networks are the target of an average of 2,500 state-sponsored cyberactivities each year. A newly released report by Scalar Decisions Inc. found that nine in 10 Canadian companies suffered at least one cybersecurity breach in 2017.
These trends are a pressing concern for those tasked with securing and defending our critical public and private infrastructure, such as government agencies, power grids, academic institutions and private-sector entities, against the barrage of cyberattacks they face on a daily basis.
But it's not all doom and gloom when it comes to Canada's cyber-readiness. Canada has a little-known but formidable strength in the cybersecurity industry, as some of the world's best cybercompanies are located here. Annual global rankings regularly put Canadian cybercompanies in the lists of world-leading innovators. They provide their advanced, innovative technologies to public-safety agencies outside Canada, as well as large swaths of private-sector institutions around the world. For example, eSentire, a plucky cybersecurity scale-up from Cambridge, Ont., secures more than US$5.7-trillion of Wall Street financial assets.
Despite these potential hometown advantages, the tools being adopted by Canadian firms and our various levels of government are largely provided or enabled by foreign vendors. Our largest banks frequently use tools and services provided by foreign cyberfirms, even when their own customers, Canada's cybercompanies, provide the same or better solutions. Outdated and inflexible procurement processes, as well as a lack of public-private framework for domestic, innovative businesses, have made it difficult for Canadian cybersecurity firms to do business with their own government and large enterprises. This is a strategic miscalculation.
Recently, Canada's Chief Information Officer wrote in an internal memo that Canada's IT procurement processes "favour incumbents and don't foster enough new entrants into the process." This is especially true in the cybersecurity realm. Canada's current approaches lack strategy and have a direct impact on the economic opportunities for domestic innovators who wish to help their own governments defend their digital borders. This also has a negative impact for both our national prosperity and sovereignty.
Domestic capability in cyber is a key precondition for countries remaining safe and sovereign in the age of digital threats. If we are not suppliers of cyber solutions, Canada is wholly reliant on external actors – vendors and countries which have no public accountability to Canadian citizens – to design the systems that protect us.
Furthermore, the technology our government uses to keep its citizens safe should reflect our Canadian values of data privacy and protecting civil liberties. Technology is reflective of the values of the society that develops it, so if Canada is left to procure from countries that, for example, are more comfortable with constant surveillance on their own citizens, we need a different approach.
There is a strategic advantage for governments to work hand in hand with their domestic private sector to develop armaments for traditional warfare that meet their needs, as we see with the procurement and development of fighter jets.
For 21st-century cyberwarfare, the government should be as invested, if not more, in the domestic cybersecurity and offensive capabilities business. Canadian cybertechnology firms and our policymakers would benefit from closer and more strategic relationship because the nature of cybersecurity innovation hits at the core of a government's responsibility – to keep its citizens safe – and cuts across multiple sectors driving our prosperity and quality of life.
In light of Canada's current Group of Seven presidency, as well as the national cyber-review that Public Safety Canada is soon to release, two paths forward stand out. One practical solution that would help expand Canada's cybersecurity capacity would be to create more public-private partnerships between government and Canadian innovators. The government should introduce more opportunities for joint research and development projects between the public sector and private industry. By doing so, Canada's elite group of cyberinnovators would be able to work hand-in-glove with public-sector IT professionals, enabling our public defenders to understand the full abilities of the digital solutions they are deploying.
The Canadian Armed Forces are understood to be developing a nationwide cyber-reservist program that allows private-sector talent to flow through their cyberoperators force. Public-sector institutions across Canada should develop similar programs that would allow private- and public-sector talent to be shared across their respective domains. Both government and domestic, high-growth companies must invest in regular exchanges at the most senior levels to achieve these strategic outcomes.
Last Thursday at the CyberCanada Senior Leadership Summit, Public Safety Minister Ralph Goodale told an audience of Canadian cyber, government and business executives that shoring up Canada's cyber-readiness "cannot be a government-owned initiative, it has got to be an all-of-Canada initiative that engages people and institutions and companies."
By focusing on developing new technologies, and in parallel, marketplace frameworks that allow Canada's innovators to scale up globally, Canada will not only secure our digital future. We can also become a supplier of high-margin cyber solutions that our allies in the North Atlantic Treaty Organization, the G7 and other forums need to procure. Newly announced initiatives, including the Canadian Cyber Security Centre, which will become part of the Communications Security Establishment, and a new RCMP National Cybercrime Co-ordination Unit, present a big opportunity to deal with challenges that both the public and private sector have identified to date. These are the types of outcomes Mr. Goodale and his fellow cabinet members are aiming for, and Canadians need, in our interconnected world.