BRAMPTON, Ont. — The public and private sectors in Canada and the U.S. have to work together to effectively fight cyber attacks, a U.S. expert recently told a Canadian business audience.
“We cannot solve cybersecurity unless we take a ‘whole-of-nation-plus’ framework,” Richard Harknett, head of the political science department at the University of Cincinnati and scholar in residence at the U.S. National Security Agency and the United States Cyber Command, told a conference here this week on cybersecurity and cross-border trade.
Cyber attacks are a “global and interconnected” problem, he said, so governments and the private sector can’t have separate strategies. “That means from local business to government intelligence agencies and everything in between” have to work together.
There has to be what he called a private-public alignment — not a partnership, he emphasized — including educating citizens in both countries. If only one nation does it that would leave “an open flank” to the other.
The one-day conference co-hosted by the U.S. and Ryerson University’s Cybersecure Catalyst security education and research centre, which is located in the Toronto suburb of Brampton, saw a number of speakers make the same argument.
Stratford, Ont. Mayor Dan Mathieson, whose city had to pay $75,000 earlier this year after suffering a ransomware attack, called for a “North America First” strategy to defend against cyber attacks.
“We need international standards that don’t look at the longest undefended international border, but look at us as one large trading block of citizens in small towns, rural towns, hospitals, education, businesses because we are ripe for the picking.”
There are North American standards on road, bridge and water safety, he argued. Why can’t there be one on cybersecurity protocols, he asked. He also said any approach has to recognize that businesses have different priorities, but “whether going across the border or going down the road they should have the same focus on the security of information and data.”
Mathieson called on the federal government to reward companies for investing in cyber security, perhaps through the National Reseach Centre’s Industrial Reseach Assistance Program (IRAP), which funds science research.
Going further, he suggested companies need to focus on securing products and services that matter most “and let the others fall off for now.”
In particular he complained about the “Internet of Useless” products, such as Bluetooth-enabled garbage cans.
“We need to grow up and start to think early,” said Kevin Magee, Microsoft’s director for Azure technologies and blockchain in the Americas. “Some of that’s going to involve regulation. We’re going to need to say, ‘You can’t put technology in a children’s toy or put it in a car until you do certain things to make sure that security is part of it.'”
The conference heard speakers describe a number of areas of cross-border trade where cyber security comes into play, many involving business-related data flows such as electronic invoices for goods and transport authorizations and even ID border checks. But it also could involve automated trucks guided by 5G networks.
Several speakers suggested blockchains could be a solution to some problems. One was Loudon Owen, chief executive of Toronto-based DLT Labs, which uses the technology to build solutions for business. This month the company announced it had created a distributed ledger freight and payment network for Walmart Canada and the 70 trucking company that move products to its 400 stores. The system tracks deliveries, verifies transactions and automates payments and reconciliations.
All transport firms are scheduled to be on the network by February 1.
In an interview Owen said many organizations have been trying to work to resolve the “morass” of paperwork in the transport industry. The problem is aggregating data stored in silos.
“Where we believe distributed ledger technology can provide a massive advantage is to synchronize the information, virtually in real-time, across all these different data silos. The net result is governance, auditability and transparency,” and, he added, blockchain helps regulators as well.
Owen admitted many businesses are cautious about blockchain — rightly so, he added, because it’s new — so only successful implementations will let them see it can be a competitive advantage.
In an interview Harknett said business and political leaders can’t think about cross border trade without understanding the digital space. Both the U.S. and Canada at the federal levels are moving in the right direction in changing their approach to cybersecurity, he said. Both, for example, are more willing to be active rather than reactive to threat actors.
Harknett noted the Canadian Communications Security Establishment (CSE), the country’s electronic spy agency, was recently given the power to launch cyber attacks under ministerial authorization.