Canada is in “pretty good shape” to withstand a major attack on its infrastructure, Public Safety Minister Ralph Goodale has told a cyber security conference.
Speaking by video conference from Ottawa on Thursday to the CyberCanada Summit in Toronto, he noted the country has had a national cyber security strategy since 2010 (which identified 10 critical infrastructure sectors) and has “developed important capacity.”
Goodale said he wouldn’t go into “operational or classified details.”
However, he acknowledged the sophistication of “bad guys” is always increasing. “We’re pretty good,” he added, “but we need to get better.” That’s why the government’s new budget calls for spending $800 million to create a new centralized Canadian Cyber Security Centre to help advise the public and the private sector, and a new RCMP National Cybercrime Co-ordination Unit, to handle reports of cyber crime.
However, a conference speaker, Melissa Hathaway, president of Hathaway Global Strategies, former cyber security advisor to Presidents Barack Obama and George W Bush and a fellow at the Canadian Centre for International Governance Innovation, was less confident.
Goodale and the government say Canada wants to be a leading digital economy, she noted in an interview, but in the budget “there’s not an underlying ‘How do I make it resilient, secure and safe?’ You can’t have an economic vision taking the country in one direction and then security and resilience on the back burner. They have to be of equal importance.”
Later, on the TVOntario public affairs program The Agenda, she said “currently I believe the critical infrastructures and services of Canda are vulnerable, and a risk assessment needs to be done. And when you start to see the state of insecurity of Canada is I think it will be alarming and then people will be motivated to do more.”
In his remarks Goodale said the $800 million over five years “is a very good start” on beefing up the government’s national cyber security strategy. The creation of the new cyber centres is part of an updated strategy, of which Goodale said more details will be revealed “ over the course of next weeks and months.”
The strategy expands “very substantially” on the original strategy released by the Harper government in 2010, he said.
However, many want to see if the full updated cyber security strategy deals with issues such as help for the private sector, encouraging students to study cyber security and stimulus for the growth of cyber security companies here. Some have talked about making Canada a global cyber security powerhouse as Israel and Australia are doing in their countries.
Goodale said the creation of the new cyber crime and cyber security centres addresses two complaints the government heard during a public consultation last fall: End confusion of which department or agency take the lead in fighting cyber crime and where to report it, and where to go for advice on how to protect businesses.
Got to be all-Canadian fight
But Goodale made it clear Ottawa shouldn’t shoulder the entire burden of cyber security. Fighting cyber attacks “has got to be an all-of-Canada initiative that engages people and institutions and companies.” he said. “We’ve got to pool our resources.”
He also addressed possible concerns about the Canadian Cyber Security Centre, which will become part of the Canadian Security Establishment (CSE), the electronic spy agency that monitors and protects federal networks and advises departments on protection. The CSE is part of the defence department. Currently businesses turn to Public Safety Canada and the Canadian Cyber Incident Response Centre for resources. However those resources will be folded into the Cyber Security Centre.
“We’ve got to make sure the new national centre is not just serving the department of defence,” Goodale said, “but also is accessible to the entire Canadian community” including the business sector.
Asked by Ray Boisvert, Ontario’s security advisor and a deputy minister, if Canada can take a leading role in advocating global rules on cyber security, Goodale said the increased spending could give this country “gives us some stakes to come to the table.”
There will be an opportunity to raise governance at the G7 conference in Charlevoix, Que., in June, he said, and at the United Nations. However, he admitted “it won’t be easy.”
Last summer a United Nations Group of Government Experts failed for the first time to reach unanimity that some principles of current international law apply in cyberspace.
In an interview Boisvert explained his question: Canada and other countries face cyber attacks from well-financed nations and criminal groups — some of whom are protected by nation states, he said. “So we need to create an international consensus that nobody wins in this weaponization of cyber space, nobody wins in this race to steal intellectual property and financial instruments or rob people of their personal identity, because what goes around comes around.”
If there can’t be unanimity supporting the rule of law maybe we should back a group of counties in a treaty that share our values – such as our traditional allies, a certain number of the G20 countries –and build on that, he said.
CyberCanada Senior Leadership Summit was organized by the Council of Canadian Innovators, the Centre for International Governance and Innovation, the Boston Consulting Group Centre for Canada’s Future and the Globe and Mail.