Canada’s Cybersecurity Conundrum

Information is of vital importance in diplomatic affairs, military decisions and the structure of power relationships. This simple notion is at the core of intelligence and why cybersecurity is a dominant subject in modern security studies. The drive to achieve an information advantage or ability to destabilize an adversary, are at the root of numerous headlines highlighting cyberattacks conducted by hackers representing foreign states, transnational organized crime or non-state actors. As a country with international relationships and a highly modernized infrastructure, Canada requires an up-to-date cybersecurity strategy.

Recently, the former head of the Canadian Security Intelligence Service (CSIS) Richard Fadden stated that Canada should be permitted the legal autonomy and general capabilities to engage in cybersecurity offensively. The timing of his contentions align with the current NATO debate on whether or not to engage in proactive cyber defence, to counter actors engaged in information warfare against member states. Conversely, it has been argued that such a development is unnecessary as the Communications Security Establishment (CSE) already possess the abilities to launch an offensive electronic attack. Further, Canada greatly relies on the extremely developed capabilities of its partners in the United States and the United Kingdom. It can be reasonably debated that establishing a Canadian cyber-army would be a mismanagement of resources, funds, and an overlap of responsibilities.

In order to comprehend the offensive versus defensive discussion at hand, it is vital to examine the three aspects of cybersecurity. These are technical, or the computer and anti-virus industries, law enforcement-espionâge, and military-civil defence. If actionable intelligence and legal restrictions permit it, the latter two would be fundamentally linked in engaging in an electronic first strike. In the Canadian case, law enforcement, spy agencies, and defense alliances are generally focused on defensively preventing any successful cyberattacks.

The CSE is an independent organization from the Department of National Defence, but is part of the Canadian intelligence apparatus. It devotes substantial time to protecting Canadian infrastructure and aiding intelligence, law enforcement and security agencies with their duties. A very important component of the current Canadian strategy is to identify and resolve any perceptible vulnerabilities as well as prevent any kind of system failures. However, a reliance on cyber-defence ignores the importance of other symbiotic countermeasures. If one studies Fadden’s perspective, it is apparent that cyber-offence is the natural progression and maturation of the current defence focused policy.

Questions of cyber-deterrence subsequently enter into the discussion of cybersecurity once defence and offence have been clearly distinguished. This notion of deterrence borrows from the military strategy that ultimately became popular during the Cold War. In the case of electronic warfare, cyber-deterrence refers to what available resources an entity will use in retaliation in case of an attack on its systems. Deterrence does not naturally adapt or fit into the realm of cyber security, as it is not utmost proof that an adversary will avoid an absolute attack in fear of reprisal. As well, those antagonists with better developed electronic systems and experts will generally feel secure enough to not fear a punitive offensive response. Nonetheless, states, law enforcement and intelligence agencies must develop the notion that a cyber attack on their systems comes with an extremely high price. If Canada chooses to forgo the development of its offensive capabilities, possible challengers would not worry about the consequences of infringing on Canadian systems. This would be a negative circumstance in the global perception of Canada’s information assurance practices for security and defence. Integral components of intelligence are to keep your competitors constantly guessing and dissuading them from taking their preferred modus operandi.

Furthermore, the reliance on the United States and United Kingdom’s expertise in this area may offer a cost-effective solution and stability, but Canada’s continual dependence on foreign entities is detrimental. In the case of an offensive attack, it will be disadvantageous for Canada to rely upon partners for reactionary solutions. Bureaucracy slows the efficacy of decision-making and there is a hierarchy of how threats are managed. It is not a badge of honour to be the economically developed country that makes it a point to rely on partners as a first course of action. Canada has bright minds and applicable resources to advance a specialized program that targets Canadian cybersecurity needs. As noted previously, the CSE already possesses the skills and the legal privileges to engage offensively if required. The spy agency continues to aid in the fight against terrorism by providing integral intelligence, so there is already a framework for Canada to further perfect its cyber offensive agenda. Developed nations with highly educated demographics should accept greater responsibilities in their intelligence and security.

Due to his former position and unique insight, Fadden’s positions require serious consideration. There is real reason and logic behind cybersecurity emerging as a dominant subject on security agendas. It is a great equalizer in asymmetric warfare and when used in the hands of non-state actors. States and their intelligence agencies must continually develop their cybersecurity strategies to ensure that their outlook is in line with 21st century security threats. Canada must frequently revaluate its security apparatus to ensure that it is shifting according to the changes in the international security environment. A simple understanding of defence and deterrence means weight must be placed on offensive actions as well.

 
Photo: Canadian Deputy Defense Minister Richard Fadden, second left, meets with US Deputy Defense Secretary Bob Work, second right, at the Pentagon (2014), by Department of Defense via Wikimedia Commons. Public Domain.


Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.

About Rejeanne Lacroix

Rejeanne Lacroix, is in the final stages of completing her Master of Arts in International Security Studies, University of Leicester. She holds a BA in Political Science from Laurentian University. Her graduate dissertation examined the symbiotic relationship between Russian political security and its relations with the Near Abroad. This builds upon her long term research interests in international relations and security, Eurasian political security, frozen conflicts and political developments in the post-Soviet space. She has undertaken roles with organizations that have a focus on human rights, international journalism and Eurasian politics. Outside of academia, Rejeanne enjoys learning about languages of the post-Soviet space, equestrian sports, gardening, and promoting the care of house rabbits.