On November 17, the NATO Council of Canada (NCC) hosted its annual Fall Conference in Ottawa. This well-timed conference, titled Cybersecurity: The Big Challenge, brought together distinguished academics, policymakers and members of the Canadian Forces with the goal of shedding light on one of the most pressing yet little-understood issues facing the international security environment.
In delivering his opening address, NCC Chairman, the Hon. Bill Graham emphasized that while cyberspace was once monopolized by technocrats and the denizens of Silicon Valley, this domain has been significantly democratized as financial and technological barriers have all but vanished. While this realm was once exclusionary by nature, all that is needed to gain access today is a laptop and an internet connection. Although this has been of tremendous benefit the world over in terms of communication, information, ingenuity and entrepreneurialism, the world’s increasing reliance on the internet for business, governance and all other aspects of daily life has also created new vulnerabilities. Speaking to this point, Dr. Ron Deibert of the Munk Centre and Rafal Rohozinski of the SecDev Group, held that we have become deeply intertwined in a structure that is rich in both opportunity and insecurity – a silver cloud with a very dark lining. According to Deibert, the world of cybercrime and espionage has evolved alongside the internet like a hidden doppelganger: “[t]he market for the wares of the cybercriminal is expanding and broadening, moving from the dregs of identity theft and credit card fraud to the high-power politics of interstate competition.”
Cybersecurity encompasses a great variety of threats ranging from hackers, cyberterrorist, and foreign spies, to sophisticated attacks by hostile government against critical infrastructure. The grimmest scenarios include cyberattacks which trigger explosions at oil refineries; release chlorine gas from chemical plants; disable air traffic control centres; cause commuter trains to collide; delete critical data from government computers and major financial institutions; shut down power grids; sabotage water filtration plants, and cripple weapons defence systems. With such dire forecasts, governments around the world have begun assessing the vulnerability of critical infrastructure, testing attack scenarios and beefing up online defences. Briefing the audience on Canada’s position on cybersecurity, Rob Dick, Deputy Minister of Public Safety Canada, stated that cybercrime and the like represent a huge loss of revenue and a serious threat to public infrastructure: “The unfortunate reality is that cyberspace is not just a place where Canadians do business, socialize and access government services. Increasingly it is being exploited and used by those that would do us harm…Such threats are growing in number as well as in their level of sophistication.”
This reality has elevated the issue of cybersecurity to the top of the agendas of nation states and international organizations alike. Speaking on NATO’s approach to cybersecurity, MGen. A. Glynne Hines stated that although sharing information is critical to the success of any military alliance, ensuring that such information does not fall into the wrong hands requires a great deal of diligence given the complexity of NATO’s information systems. As such, the Alliance must continue to improve its cyber-defences by improving defensive infrastructure and harmonizing the policies of member states. However, despite the fact that cybersecurity has garnered a great deal of attention amongst policy makers at the national and international levels, this conference also demonstrated that a great number of questions remain regarding the nature of the cybersecurity threat, the likelihood of a large-scale attack, and the means by which such an attack should be addressed.
According to some analysts, the world has already entered the age of cyberwar. For instance, Dave McMahon, National Security Programs Bell Canada, argued that cyberspace is quickly becoming the fifth dimension of war as an increasing number of state-sponsored cyberattacks are subcontracted to criminal syndicates and the internet is widely used by terrorist groups as a covert means of communication, radicalization and recruitment. With rapid technological advancements combined with a public that is more computer savvy than previous generations, McMahon reiterated that the threat of cyberespionnage and other illicit activity is at an all time high: “Today, I have an elastic-supercomputer grid running in my basement that is more powerful than the best defence computers of the 1990s, and encryption stronger than what I first used in the army.” Echoing McMahon’s point, Deibert argued that in the coming years a growing number of educated yet disadvantaged youth in the developing world will look to the internet and the lure of cybercrime as a means of economic mobility.
However other participants were less convinced of these looming cyberthreats. For instance, Dr. Wesley Wark of the University of Toronto argued that while cyberespionage is an issue that must be addressed by both federal and provincial governments, the rise of cyberespionnage does not represent a sea change in the realm of national security. Cyberespionnage, Wark argued, is really just a reincarnation of the classic ‘black-bag-job’ inherent to the world of espionnage. John C. Thompson of the Mackenzie Institute also questioned the likelihood a large-scale cyberattack being perpetrated by a terrorist organization. While groups such as al Qaeda may have the capability to launch cyberattacks, their intention to do so might be overstated in recent discourse. Does al Qaeda have an interest in damaging your credit score? Would the casualties and physical damage of a suicide-attack or car-bomb not provide more satisfaction to terrorist groups than a computer virus or denial of service? While all participants seemed to agree that governments ought to be prepared for the worst, Thompson and Wark cautioned that the current hype surrounding cybersecurity might be somewhat exaggerated.
Underscoring the ‘big challenge’ of enhanced cybersecurity, this conference also highlighted many of the complications that will arise in addressing the many threats emanating from cyberspace. For instance, Dr. Rex Hughes of Chatham House pointed out that while many support the idea of a cybersecurity treaty, it is vastly unclear as to how such an agreement would be enforced. Given the clandestine nature of cyberattacks and the ease by which the tracks of a cybercriminal can be covered, the ability of the international community to verify compliance would be dubious at best. Participants also expressed a great deal of uncertainty as to whether a cyberattack could be deterred through conventional military means. Furthermore, although addressing the challenges of cybersecurity will require a concerted effort by the international community, it was agreed that there are vast differences in how governments view the militarization of cyberspace. As noted by BGen. Steve Noonan among others, a dichotomy is emerging between those governments that seek to control internet activity and harness cyberspace for offensive military action, and others such as Canada which are highly skeptical of a militaristic cyber-posture.
In summation, the message conveyed throughout the proceedings was clear. The issue of cybersecurity is far from simply binary code, it is a big challenge indeed.