The next global war is not going to be fought with bombs and bullets. It will be a battle of electrons that will be fought over the internet in cyberworld. And guess what, the war has already started. Canada is not ready for World War III.
Canada is the number one target after the United States for cyber attacks as reported by the California software security firm, Symantec Corporation. Even the supposedly secure networks of key agencies of the federal government like the Department of Finance, Treasury Board, and the Defence Research Development Agency have been hit by such attacks and forced to go offline.
Just as worrisome, key Canadian firms like Telvent Canada Ltd., a major provider of software services for energy companies, have had their firewalls and security systems breeched by outside hackers. Even our Bay Street law firms, which deal with highly sensitive corporate files, have been attacked by super-sophisticated malware capable of stealing documents and destroying data in the process.
Our advanced technology, communications, electricity, and defence sectors are also high value targets because they open doors to those who want to attack the United States.
The Canadian Security and Intelligence Services (CSIS) has long been warning our government and Canadians about our vulnerabilities and the growing threat to our security from those who not only wish to steal our knowledge and ideas to gain an unfair global advantage, but also to do us direct harm. It is not clear that anyone at the top is really listening – in either the government or the private sector.
A cyber attack on our electricity grid could wreak havoc on both Canada and U.S. given the highly integrated nature of supply chains and the fact that key transmission lines run north-south not east-west. A major attack could be on such a scale that it would threaten lives and our economic security. Another key vulnerability lies with our air control management systems that manage the thousands of aircraft that crisscross the North American skies daily. A coordinated attack on these systems would not only disrupt travel but also endanger lives. Oil and gas pipelines are also lucrative targets. The list goes on.
Cybersecurity is not just a matter of public safety, it is vital to our national security and economic prosperity and survival. As a nation, we have to start making major investments to protect our communications networks and critical infrastructure while also taking proactive measures in close concert with our North American partners to protect and defend ourselves from attack.
Cybersecurity is a problem that not only crosses state boundaries it also crosses the boundary between the private and public sectors. Most of our communications and information networks are in private hands. The private sector does not want government to patrol or control its networks. But companies are under-investing in their own cybersecurity in what is a market failure of major national, if not global, proportions. The problem will not be addressed if it is business-as-usual and complacency is the norm.
A sound national policy on cybersecurity should begin with the following key steps.
First, we need a proper, integrated, joint assessment of threats to our critical infrastructure, including energy, finance, electricity, and transportation sectors. The private sector must necessarily be involved in helping develop this assessment.
Second, we need to develop proper standards of network hygiene and robustness that will make it more difficult for hackers and enemies to target our networks and communications systems.
Third, we need to be able to share information about threats and impending attacks at real time speed. This will not be easy. There are major regulatory challenges in this new terrain because of our legal systems, anti-trust and competition laws, and the need to preserve privacy and basic civil liberties.
Fourth, cybersecurity must be a key component of Canada’s recently announced “strategic dialogue” with the United States. Americans are committing billions of dollars in investments on technologies intended to provide maximum protection. Given the degree to which we share infrastructure – bridges, railways, pipelines and electricity grids – central to our economic prospects, no effort should be spared in finding mutual ways to sustain these shared linkages. NORAD and other bilateral security links need to be refocused, re-energized, and funded to deal more effectively with 21st Century threats.
9/11 demonstrated all too vividly just how vulnerable we are to individual terrorist attacks. But our openness in terms of values should never become a source of weakness in the form of attacks from those for whom such values are a form of heresy.