The Harper government has been raked over the coals for not providing leadership on cyberthreats to Canadian enterprises and citizens by an academic who specializes in international security.
It is “increasingly baffling” that Ottawa continues to say terrorism is the greatest threat to the country when there is clear evidence that online threats are more important, Wesley Wark, visiting professor at the University of Ottawa’s graduate school of public affairs said Tuesday at the Technicity conference in Toronto. Technicity is co-sponsored by IT World Canada and the city of Toronto.
In 2010 the federal government issued a cybersecurity strategy paper, he said, but “it was one of the least effective, most boring government documents that I have ever read …. It reflects and inability to come to grips with the seriousness of this problem.”
He didn’t mention that just over a year ago the auditor general complained that while there was a strategy the government hadn’t implemented an action plan.
Another problem is that Ottawa hasn’t decided how much of the cybersecurity issue it will take the lead on apart from defending federal IT infrastructure and data.
“Public-private partnerships, regulation, establishment of norms, public education – we’re not doing a great job,” said Wark.
“We have the paternalistic suggestion from the federal government in its cybersecurity strategy that the public should get better at individual security and pay more attention. That’s clearly not going to get us very far.”
There is also sense that people will be “magically delivered with the tools at no cost … to allow them to enjoy complete cyber security. This is a total fantasy,” he said, because it depends on the private sector to deliver the tools in the face of inventive attackers, and as well as an agreement on an accepted definition of privacy.
Until we agree on the meaning of privacy and an accepted legal framework for expressing it we can’t download it on the private sector.
“We should demand that our federal government get much better at both conducting cybersecurity … and get much better at public education.”
Educating the public is a federal responsibility, he added, and suggested that the Obama administration in the U.S.—particularly, he said, in trying to hold talks with China on “dampening down the level of cyber aggression” — and governments in Britain and the European Union are doing a better job in public education.
The Harper government has created the Canadian Cyber Incidence Response Centre for sharing information on cyber threats with provinces, local governments and the private sector. But that effort “has not really go off the ground,” Wark said.
The auditor general complained that as of last fall the centre wasn’t even operating around the clock. The government replied at the time that it was upping the hours, but still not 24 hours a day.
In response, on Wednesday a Public Safety Canada spokesperson said in an email statement that the government has made “significant progress … to keep Canadians safe in cyberspace.” Ottawa has said it will spend $245 million to support the cybersecurity strategy.
“The protection of Canada’s cybersecurity is a shared responsibility” with the private sector and the provinces, the statement also said.
As for the cyber response centre, “all private sector partners can reach CCIRC to get a response and support 24 hours a day,” said Jean Paul Duval, a Public Safety Canada media relations spokesman. The centre now has a “cutting edge” malicious software analysis lab and an automated threat notification system, he added.
Wark also said the private sector needs to get better at delivering more useable security products.
Finally, Wark said one impediment is the lack of a public debate here on the meaning of privacy and security today. In the light of the revelations by former U.S. security contractor Edward Snowden about the electronic spying capabilities of Canada, the U.S. and Britain “we’re almost the only country that I can think of that hasn’t had a national debate on what this all means. And I think frankly we should be ashamed of ourselves for that.”