Canada faces two main cybersecurity threats, according to testimony on Feb. 7 at the House of Commons Standing Committee on National Defence.
These include the cyber programs of countries that are hostile to Canada, as well as cyber crimes such as ransomware attacks, MPs were told.
“The state sponsored cyber programs of Russia, China, Iran, and North Korea continue to pose the greatest strategic cyber threat to Canada,” said Sami Khoury, the head of the Canadian Centre for Cyber Security, which is part of the Canadian Security Establishment (CSE).
“We know that Iran is using cyber criminal tools to avoid attribution. This is one of their techniques. China is going after, you know, research, technical data, business, intellectual property, military capabilities,” Khoury told MPs. “North Korea is very much interested in enhancing its economic value by stealing credentials and then stealing funds. So they each have a motivation to conduct those activities … to further their own interest.”
Other witnesses told the committee that to see what cyber warfare looks like in action, they simply have to look at the Russian invasion of Ukraine.
“The reason I think it's particularly important to pay attention to the Ukraine war is it's a laboratory for cyber warfare,” said Wesley Wark, a senior fellow with the Centre for International Governance Innovation, a think tank based in Waterloo. “It's really the first single laboratory we've seen everything that's been used by Russia against Ukraine.”
The committee heard two examples of that.
“We've seen them use them against Ukraine by shutting down the power grid over there. Twice,” said Khoury. “We are very concerned about that. And that's why we work with critical infrastructure providers in Canada to make sure that they are taking every precaution,” said Khoury.
And he added while Western nations have not been directly targeted, there can be spill-off effects, such as when Russia disrupted Ukraine's satellite communications when the invasion was launched.
“So Russia went after satellite communication … and as a result, there was some Western entities that were also users of that service. So as a result, their communication got disrupted,” he said.
Concern over what other nations are doing also prompted some blunt questions from Conservative MP Cheryl Gallant over the Chinese high-altitude balloon that floated over Canada and the United States for a week, starting on Jan. 28. It was shot down on Feb. 4 over the Atlantic Ocean by North Carolina. But some MPs have expressed outrage that nothing appears to have been done while it was over Canada.
“How and when was the Communications Security Establishment [CSE] made aware of the Chinese balloon in our airspace?” asked Gallant.
“As the minister spoke over the weekend, she indicated we’ve been working very closely with our U.S. allies on this matter,” replied Alia Tayyeb, deputy chief of Signals Intelligence with CSE.
“Did the CSE play a role in electronic warfare in blocking or jamming the devices attached to the spy balloon?” asked Gallant.
“Again, I apologize that I’m not able to answer your question,” replied Tayyeb, who later said she would try to get the answers in writing to the committee.
Gallant also asked whether ongoing research partnerships between Canadian universities and China's National University of Defense Technology are being monitored.
“We … do report on any foreign activity … directed towards Canadian[s] including approaches to our research work or intellectual property or economic investments,” Tayyeb replied.
But direct state-sanctioned cyber attacks are by no means the only threat. Cybercrime and ransomware are also major concerns.
The committee heard that almost every aspect of public life can be a target—government departments, health institutions, utility companies, and more.
Wark told the committee that “I would say I think we're holding our own,” against cyberattacks by China and Russia. But he added cybercrime and ransomware remain major challenges.
“There's a whole other world of threats to Canada and Canadians, including through cybercrime,” he said. Wark added while major companies and institutions have a pretty high awareness of cyber risks, he feels many smaller companies are vulnerable.
“The real problem is that small and medium enterprises who neither have the resources nor perhaps even the understanding of the degree to which they're vulnerable to cyberattacks, and so we need to find … ways to help them,” he said.
Khoury told the committee there is no requirement for private sector companies to report ransomware attacks, so the Centre is not even sure how many there are.
“Many of them don't report it. As a matter of fact, in 2021, we've only had reports of about 300 ransomware incidents to the cyber center, which is probably underreporting,” he said.
He said the cyber centre works with the private sector to try to mitigate the threat, including publishing alerts of emerging threats and other ongoing measures.
Aaron Shull, managing director of the Centre for International Governance Innovation, suggested tax incentives as a way to get smaller companies to follow protocols on cyber security.
“There’s that old saying, you cannot herd cats, but you can pick where you put the food out,” said Shull.
The committee also heard about the role of social media and how foreign actors try to influence that, including the use of bots.
“The universe of social media communications is increasingly being affected by automated bots,” said Wark. “These are simply machines out there that amplify according to certain algorithms, certain kinds of messages, and they're there. They can be used for disinformation purposes by foreign state actors,” he said, whether the target is an election, or public opinion.
The committee is doing a study on the state of Canada's cybersecurity and cyberwarfare preparedness.