Back to news

April 9, 2019 | Local, C4ISR, Security

A cyber war has started and Canada isn't ready to fight it, says report

Murray Brewster · CBC News

Analysis says Canada lagging far behind its allies in responding to cyber warfare threat

A new report questions how well prepared the Canadian military and the federal government are to fight a cyber war that, for all intents and purposes, has started already.

The Canadian Association of Defence and Security Industries (CADSI), which represents major weapons and high-tech manufacturers, warns in a new report that, despite recent investments and policy papers, the country is lagging far behind its allies in preparing to fight a new kind of war.

"The cyber threat to the Canadian Armed Forces (CAF) permeates domestically through vulnerabilities in critical infrastructure, combat systems and equipment, and extends to where the military is deployed abroad," said the association's report, released Thursday.

"Russia have proven their ability to launch attacks that cripple critical systems in seconds or quietly collect intelligence for years. The CAF has only recently received approval to engage in active and offensive operations at scale (though specialized activity has been present for years)."

'A genuine sense of urgency'

To compile the report, researchers at CADSI conducted 70 interviews with government and military officials, as well as defence industry leaders.

Christyn Cianfarani, the association's president, said the feedback was frank.

"There's a genuine sense of urgency for Canada to advance in this space," she said. Even if the public doesn't feel the country is vulnerable, she added, "we could stand to be vulnerable by not moving forward very quickly."

The report comes just weeks after a House of Commons committee heard that online attacks on Canada's financial system and other key infrastructure could become far more destructive as more militaries around the globe get involved in cyber operations.

That testimony came from security expert and former CIA analyst Christopher Porter, an executive at the U.S. cyber security company Fireeye, Inc.

He said the west's imposition of sanctions on "some countries" has in the past been met with denial-of-service attacks on financial services websites, but those attacks have only been disruptive.

"In the future, they may respond with destructive attacks," he testified on Feb. 6.

Cianfarani echoed that warning.

"I think, if you look, other nations are attacking Canada," she said. "Other nations aren't just attacking Canada in a short-game play. They are attacking Canada and trying to influence things in our country in a long-game play."

The defence association report also took aim at the federal government's ponderous procurement system, noting that adversaries and allies have "demonstrated their ability to deploy new cyber capabilities in months or weeks, while the CAF remains burdened by a years-long and sometimes decades-long procurement cycle."

Time to 'blow up' the procurement system?

Cianfarani said the procurement system has to "be blown up" and "torn apart" when it comes to acquiring cyber equipment and services.

It should take six months, not 10 years, to get those kinds of products into the hands of cyber operators, she added.

Defence Minister Harjit Sajjan's office declined comment and referred CBC News to the Communications Security Establishment, which defends the federal government's networks.

While CSE spokesman Evan Koronewski did not address the specific criticisms in the industry association report, he pointed to the creation of the Canadian Centre for Cyber Security, which brings "operational security experts from across the Government of Canada under one roof" — something that is expected to deliver a more unified approach.

"Although we cannot speak specifically to the Cyber Centre's capabilities, we are confident our men and women have the tools they need to deliver on their mission," Koronewski said in an email.

The study found "government and industry lack the mutual trust required to effectively collaborate in the cyber defence of Canada" and proposed a series of remedies.

"This distrust has been sown over time through a history of unproductive engagements, limited communications and inadequate mutual understanding of each other's capabilities," said the analysis.

The Council of Canadian Innovators has delivered a similar message to the federal government on many occasions over the last two years, but Cianfarani said she believes that the upcoming federal election and the possibility of interference in it — foreign or otherwise — will focus the attention of both the public and decision-makers.

"I think around an election is probably when we have the loudest voice, and it's when we're probably, as a country, the most vulnerable," she said.

The report pointed to other countries, such as the United States, where cyber defence strategies are primarily driven by industry, supported by the academic community and funded by the government without bureaucratic limitations.

"A similar approach for Canada could mobilize a strong, sovereign line of defence against rapidly evolving cyber threats," the report said.

https://www.cbc.ca/news/politics/a-cyber-war-has-started-and-canada-isn-t-ready-to-fight-it-says-report-1.5045950

On the same subject

  • Pentagon push to boost cybersecurity could affect Canadian suppliers

    March 6, 2020 | Local, C4ISR, Security

    Pentagon push to boost cybersecurity could affect Canadian suppliers

    We're at cyberwar every day' - Ellen Lord, the U.S. undersecretary of defence for acquisition Murray Brewster · The Pentagon has been engaged in a quiet, deliberate effort to plug all of the cyber-holes in its high-tech systems and among its defence contractors — an operation that will soon spill across the border into Canada. Ellen Lord, the U.S. undersecretary of defence for acquisition and sustainment, said today cybersecurity has been one of her biggest concerns since being appointed by the Trump administration two and a half years ago. Increasingly, major defence contractors have found themselves targeted by hackers from China and Russia who have stolen troves of sensitive data on new and existing weapons systems. "Bottom line is, I don't think the average American citizen understands that we're at cyberwar every day," Lord told the Conference of Defence Associations Institute's annual meeting in Ottawa today. The burden of keeping data secure is being placed on the companies themselves, she added. After consulting with the National Security Agency (NSA), the U.S. electronic spy service and the military's Cyber Command, the Pentagon rolled out a new program in January aimed at forcing defence contractors to deal with points of vulnerability. "We have written new cyber security standards that we are putting in all of our new contracts," said Lord. "We are looking at the defence industrial base and how they need to address cyber security and how we as a government can hold them accountable." The initiative includes a cyber security "certification and accreditation" system, similar to the International Organization for Standardization. Lord said it's not a one-size fits all solution and that companies looking to do business with the Pentagon will have to meet one of five levels of certification, depending upon the contract. The defence industrial complexes of Canada, Britain and Australia are tightly stitched into the U.S. system. Lord said allies are looking at a similar measures which she hopes to see coordinated with American efforts. "This is something we're talking with Canada about, with allies and partners, because a lot of us are doing the same thing," she said. The problems with existing systems — software already in the field — is being dealt with aggressively. Contractors who are responsible for maintaining complex systems on warships and aircraft are being told by the Pentagon to close their potential security gaps. "We are going to start shutting equipment down if they are not brought up to standard because every day we see [intelligence], we see how much has been compromised," Lord said. Troy Crosby, head of the Canadian Department of National Defence's materiel branch, said Innovation, Science and Economic Development Canada has launched a "cyber secure program" and there's a hope that the two countries can find a way to align their efforts. Some analysts and critics in the U.S. have argued that contractors — even those that make cyber security a priority — will find the cost of meeting uniform standards prohibitive. Beyond that, many major contractors have complex supply chains with many smaller companies that also would be required to spend substantial sums of money to keep up with evolving threats. https://www.cbc.ca/news/politics/pentagon-contractors-cyber-security-1.5487452

  • Top Aces awarded contract for fast speed adversary air training - Skies Mag

    April 27, 2021 | Local, Aerospace

    Top Aces awarded contract for fast speed adversary air training - Skies Mag

    New Advanced Aggressor Mission System technology introduced by Top Aces will simulate modern-day opponents in adversary air training.

  • ACF Associates Named One of the “Top 10 Canada Defense Technology Providers” of 2022

    January 9, 2023 | Local, Aerospace

    ACF Associates Named One of the “Top 10 Canada Defense Technology Providers” of 2022

    ACF Associates, Defense Tech Canada Solutions/Service Company, Peterborough, ON - ACF Associates: Canadian Defense and Aerospace Industry's Partner For Growth - Leveraging...

All news