When Empty Promises are Literally Empty: Canadian Cyber-Defence Policy by Ad-Hoc

20.500.12592/qkpkpr

When Empty Promises are Literally Empty: Canadian Cyber-Defence Policy by Ad-Hoc

1 Jul 2022

Table of Contents Introduction Why Does It Seem the Government Does Not Care? Where is Canada Now? Cyber-Diplomacy Intelligence and Cyber-Intelligence Cyber-Defence Direction and Prioritization Funding Needs Policy Conclusion End Notes About the Author Canadian Global Affairs Institute Introduction On March 8, 2022, Prime Minister Justin Trudeau committed Canada to confront Russia not just over its invasion of Ukraine, but over its cyber-attacks as well. This declaration included a larger thrust from the West to address the cyber-aspects of Russia’s invasion of Ukraine. Notable examples are the G7 leaders’ commitment to improving co-ordinated cyber-defence and cyber-threat intelligence sharing to support holding bad actors accountable for conducting “destructive, disruptive, and destabilizing activities in cyberspace,” as well as the Statement by NATO Heads of State and Government, which committed to improving cyber-capabilities, defences and “impos[ing] costs on those who harm us in cyberspace.” Each step of the way, Trudeau has voiced Canada’s support, standing together with NATO and its allies with Canada’s cyber-capabilities and responding. But how much can Canada really do? Canada can say it has the cyber-capabilities to defend itself and its interests abroad. However, when each ministry or institution is taken individually, Canada has a very incomplete, fractured and shallow approach to cyber-defence and foreign policy. The Canadian government should be commended for its progress in building up its e-government services. However, with increased online presence and activity comes a greater exposure to online threats. The federal government has learned this the hard way over the past couple of years with attacks on the Royal Military College, Office of the Secretary to the Governor General, Global Affairs Canada (GAC) and the National Research Council. Provinces do not have it any easier either, with recent attacks including the Saskatchewan Liquor and Gaming Authority, Newfoundland and Labrador’s health-care system and the city of Saint John, New Brunswick. However, the crisis is even more rampant in the private sector, with the Communications Security Establishment (CSE) estimating that at least 235 ransomware incidents occurred in 2021 alone, with the average cost of a data breach being $6.35 million. These are the incidents we know about. TOP OF PAGE Why Does It Seem the Government Does Not Care? Public disclosures of such incidents by the federal and provincial governments over the past few years correspond with the increase in cyber-attacks since the COVID-19 pandemic began. Of particular concern is the rapidly increasing use of ransomware as a tool of extortion against organizations and governments, which has proven much more nefarious for the private sector. In 2021, a Canadian Internet Registration Authority survey found that a concerning 69 per cent of Canadian organizations paid the ransom. CSE’s 2021 Cyber Threat Bulletin about ransomware noted that in Canada, 2/3 of organizations targeted are small or medium-sized enterprises. In CSE’s own words, “the impact of ransomware can be devastating” and the financial consequences can be “profound.” Thus, it should be no surprise that there is a small but growing sentiment in the Canadian information security sector that they have a right to self-defence and should be able to conduct active defence operations of their own with “cyber letters of marque.”1 Regardless of one’s view about such a policy and potential for such actions to make conditions unfathomably more precarious, it should be considered a warning to the Canadian government. Those who want to conduct offensive operations against criminals, state-supported actors or state actors are resorting to a policy choice of desperation
canada defence policy western hemisphere defence policy perspective u.s. canadian armed forces cyber & tech alexander rudolph cyber-defence

Authors

Alexander Rudolph

Published in
Canada

Related Topics

All