Cyber security and online threats are top of mind for many Canadians these days – especially for Public Safety Minister Vic Toews.
So it will be interesting to see if, given his experiences this past week, the government will move to do more to handle Internet threats, given recent high profile reports of cyber security failings – Nortel Networks being allegedly targeted by Chinese hackers and a breach at the Treasury Board, to give examples.
A number of experts from Queen’s University released a broad report Wednesday looking into security threats facing Canada over the coming years. The report – Evolving Transnational Threats and Border Security – from the Centre for International and Defence Policy, has one chapter devoted to cyber security concerns, written by The Canada Centre for Global Security Studies’ Ron Deibert. (He also heads up the Citizen Lab, which is worth checking out.)
Deibert notes cyberspace is still a new field of study, but the recognition of its importance, reach and influence – and the need to focus on security – is growing.
Cyberspace is emerging as a new domain of war fighting. Cyberspace is now explicitly recognized in United States strategic doctrine as equal in importance to land, air, sea, and space (U.S. Department of Defense, 2006), and a dedicated strategic command has been established in the United States military around cyberspace.
And he explains why we should care about it:
Cybercrime is connected to security issues in a variety of ways. Beyond the obvious impact on public and private institutions’ information and communications security, there is considerable evidence to suggest a blur- ring of cybercrime, cyber espionage, and even cyberwarfare is occurring. One feature of any of the numerous high-level breaches in recent years is that the techniques and tradecraft employed by the attackers were largely indistinguishable from those employed in conventional cybercrime.
And because the Internet has a global reach, it’s a serious issue for international relations. Modern wars, in fact, can be waged in part online Deibert notes, pointing to recent conflicts in Lebanon and Russia as examples. In both cases, one or both sides used cyber warfare to attain their goals.
Iran has also been a victim of cyber warfare related to its nuclear program.
The Stuxnet worm that in July 2010 targeted Iranian nuclear enrichment facilities showed how an “Frankenstein” of cybercrime tools and methods can be brought together to sabotage a state’s critical infrastructure (Farwell and Rohozinski, 2010). That case is seen by some as a watershed in the evolution of cyberwarfare. It is also noteworthy in this respect that the bot- nets used in the attacks against Georgian government websites during the August 2008 conflict were re-purposed from the world of cybercrime.
Given all that information, how’s Canada doing?
The Canadian government is late to the cybersecurity arena, and only recently released a cybersecurity strategy in the fall of 2010. It devotes relatively few resources to the problem, does not fully address the division of appropriate institutional responsibilities, and only barely nods at the importance of a foreign policy for cyberspace. Not surprisingly, Ottawa’s capacity to engage forcefully and strategically on these issues has been muted.
Canada is not a forceful presence in the international arenas where cyberspace governance is debated and territorialized controls are being normalized by China, Russia and other democratically challenged states. A recent investigation revealed our public sector infrastructure was so thoroughly infiltrated with malicious activity emanating from foreign jurisdictions that the entire Treasury Board Secretariat was taken offline for months. A recent security study ranked Canada third among countries for the hosting of malicious content (Deibert, 2011).
Along with other liberal democratic countries, Canada’s interests and values align with a secure and open commons of global information. How to ensure that the ecosystem of cyberspace evolves in that direction, in spite of major trends to the contrary, will be a major challenge.
Tags: cyber security, Internet
Not to sound rude, but does someone proof-read these columns before there published? There’s two obvious typos in two of the first four paragraphs that need fixing.
I think cyber security is a serious issue that needs to be addressed. Good luck getting the gov’t to address it after the reaction to the online predator bill.
Keep raising awareness on this important issue. It’s going to be a battle re educating lennin’s “useful idiots.” Canadians better wake up to the fact that not every country is a friend. Doesn’t mean we can’t do business or speak with them, we needn’t be so naive about cyber security.