Members of academia, governments and the corporate world agree with the idea that digital technology has the same disruptive power that the printing press and steam engine had in previous centuries. Digital networks that support digital platforms are open in nature, and barriers to entry are easily overcome, which puts these systems in a precarious situation. From the public’s viewpoint, governments and security-related international organizations have not always seen digital technology as the carrier of a new revolution. Indeed, during the past decade, NATO didn’t show signs of alertness with regard to cyberspace. In a 2014 NOAC Interview for instance, David Jones, CEO of Westgate Cyber Security, spoke on NATO’s cyber security preparedness status by stating the following: “NATO’s role [in the cyberwar] is to fall asleep and ignore it all. NATO [member states] are miles away, absolutely miles away.” Jones talked about the importance of understanding the reach of cyber-attacks as going beyond credit card theft. Indeed, with today’s challenges, our infosphere is increasingly hybrid; it knows no boundaries. Information is flowing in and out of our digital devices and our computer systems incessantly communicate with one another. These interactions imposed the need for a cyber defence strategy.
However, with the occurrence of major cyber-attacks such as that of January 2016 at Justice Department and the Department of Homeland Security, this viewpoint rapidly changed. It took the advent of the Cyber Defence Pledge in July of 2016 for the alliance to apply their expertise in unison towards offensive and defensive strategies in order to effectively deter any group or nation wishing to harm NATO member states. Before changing its gear, NATO was not responsible for domestic cybersecurity issues of its member states. After the pledge, it obliged each ally to develop a cyber defence strategy. During this process, member states are provided with supports such as the expertise of NATO School in Oberammergau and The NATO-accredited Cooperative Cyber Defence Centre of Excellence in Tallinn. More serious and crucial questions remained unanswered. How can one separate acts of cyber vandalism from that of cyber-attacks, which have the potential to be interpreted as declarations of war? International relations theories (IR) allow us to imagine different potential outcomes as a result of a lack of distinction between acts of cyber vandalism and that of cyber-attacks. In this view, realists would predict the advent of a cacophony of forces attacking one another due to a lack of an overarching entity, while rationalists would imagine a state of nature characterized by deterrence, and this based on the fear of repercussions. NATO consulted its member states and sought their participation in cyber-defence capacity-building activities. It is in this context that Canada has put its digital technology expertise at the service of the alliance.
Canada has been leading the way in the cyber defence sphere; the country is one of the first two NATO member states that have fully and successfully initiated and implemented a national cyber security strategy. Along with the United States, Canada has uninterruptedly positioned itself as a leader with respect to the protection of cyberspace. It has done this mainly through its participation in capacity-building activities. In 2013, in collaboration with four allies – Denmark, Netherlands, Norway and Romania – Canada led a Multinational Cyber Defence Capability Development Project that aimed at increasing NATO’s surveillance capabilities, ameliorating its cyber training learning objectives and curricula, and protecting the alliance’s defence capabilities.
Canada’s general approach in regard to its security model and in support of NATO’s Cyber Defence program is to generate evaluation and prevention measures for the purpose of protecting member states’ critical infrastructure. It does this by ensuring that education is put at the forefront of all activities related to the defence of cyberspace. In support of NATO’s growing needs in cyber security preparedness strategy, the Canadian Department of National Defence led an initiative that produced 2016 Cybersecurity: A Generic Reference Curriculum (RC), a document and approach aimed at providing guidance to allies on learning objectives and curriculum support. On October 1, 2018, Canada opened its state of the art cyber centre. The Canadian Centre for Cyber Security is a joint effort of three departments, namely, Public Safety Canada, Shared Services Canada and the Communications Security Establishment (CSE). Once again, much of its focus is on education surrounding cyber security threats. For instance, during this year’s Cyber Security Awareness Month, members of the public are invited to take part in different initiatives developed under the theme “Our internet: our cyber security.” Other members of the alliance follow this trend; earlier this month, the United Kingdom government issued a good practices booklet, Code of Practice for Consumer IoT Security, that aims at ensuring interoperability practices related to the use of information. Thus, with initiative such as the Get Cyber Safe awareness campaign, Canada understands that an educated population is a key part of securing its critical infrastructure; interoperability in the circulation of information is the strategy at the center of Canada’s relationship with the multinational cooperation, NATO.
Canada’s contribution to NATO’s cyber defence strategy is powered by its national cyber defence strategy. Canada’s first national cyber security strategy was launched in 2010. Eight years later, its third iteration, along with the creation of the National Cybercrime Coordination Unit were introduced to the public. Canada’s current national cyber strategy revolves around three themes: Security and Resilience, Cyber innovation and Leadership, and Collaboration. To face global cyber challenges, the federal government aims at securing government systems, creating and maintaining strong partnerships with owners and operators of Canada’s critical infrastructure as well as supporting Canadian citizens through cyber security awareness programs. It is in this context that the Government of Canada is able to gain the practical and tacit knowledge necessary to ensure the quality of its participation in NATO’s overarching cyber defence program.
NATO’s approach is to deter cyber criminals, nation states and state-sponsored hackers from launching attacks regardless of their level: cyber vandalism, cyber-crime, cyber espionage, etc. The coalition made it known that, as in the case of terrorism or nation state aggression, a cyber-attack can provoke reactions. Article five of the North Atlantic Treaty states that any armed attack on one of NATO’s members will be considered an attack on them all. This claim is supported by Article 51 of the Charter of the United Nations, which contains a provision that recognizes the right of a nation to self-defence. As of 2014, following the NATO Summit in Wales, international law, international humanitarian law and the UN Charter apply in cyberspace. This means that justified military responses can be unleashed following a cyber-attack. Knowing that damages can also be latent, as in the case of Stuxnet-like viruses, parasites that can spend years in computerized systems without manifesting themselves, awareness and better education is the best solution for the cyber security domain; it is the best defence. Interoperability in the circulation of information and communication with stakeholders, when tailored to each audience, allow domains of critical infrastructure to be immune to serious cyber-attacks.
Featured Image from Pixabay https://pixabay.com/en/binary-black-cyber-data-digits-2170630/
Disclaimer: Any views or opinions expressed in articles are solely those of the authors
and do not necessarily represent the views of the NATO Association of Canada.