Proceedings of the Standing Senate Committee on 
Foreign Affairs and International Trade

Issue 5 - Evidence - Meeting of February 5, 2014


OTTAWA, Wednesday, February 5, 2014

The Standing Senate Committee on Foreign Affairs and International Trade met this day at 4:18 p.m. to study security conditions and economic developments in the Asia-Pacific region, the implications for Canadian policy and interests in the region, and other related matters.

Senator A. Raynell Andreychuk (Chair) in the chair.

[English]

The Chair: Honourable senators, we are the Standing Senate Committee on Foreign Affairs and International Trade.

Here by videoconference is one witness. I should advise you that with respect to our second witness from Victoria, there has been a problem with the videoconferencing and unfortunately they cannot fix it in time for this hearing. We will have to rectify the problem and hear from the witness probably next week, but we're very pleased that the other videoconference hookup is working.

We are continuing our study on security conditions and economic developments in the Asia-Pacific region, the implications for Canadian policy and interests in the region and other related matters. By videoconference from Seattle, we have Rex Hughes, Visiting Professor, Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto.

We won't ask you about Seattle, but we welcome you to the committee. Our procedure in Parliament is we will ask for your opening statement, and then senators will wish to ask questions.

Welcome to the Standing Senate Committee on Foreign Affairs and International Trade. The floor is yours for your comments.

Rex Hughes, Visiting Professor, Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, as an individual: Thank you very much. I would first like to thank the committee for this opportunity to testify on Canada and Asia-Pacific cyberspace.

We live in a cyber-enabled world. With each passing day, the global economy both widens and deepens its connections to Internet cyberspace. This year marks the thirtieth anniversary of American-Canadian author William Gibson's popularization of the term ``cyberspace'' in his 1984 steampunk sci-fi book, Neuromancer. In 1984, the Internet had only 1,000 hosts and a cell phone weighed several pounds and cost several thousand dollars.

Given the subject of today's discussions, it is fitting to recognize that Gibson authored Neuromancer while a resident of Canada's Pacific Coast in Vancouver.

The Asia-Pacific region is a major contributor to the global cyber economy. As of 2014, there are nearly 3 billion connected Internet users worldwide, nearly half located in the Asia-Pacific region. Like most human inhabitants of cyberspace, Asia-Pacific peoples use the Internet for business, education, health, social and entertainment purposes. According to the OECD and other leading economic measurement organizations, the cyber economy accounts for somewhere between 1 and 8 per cent of gross domestic product in Asia-Pacific Economic Cooperation economies, or APEC economies, with Canada coming in somewhere between 1 and 4 per cent GDP but growing roughly at 10 per cent annually, so quite a positive direction.

While the expansion of cyberspace is a net positive development for gross domestic product growth, it can also subtract from GDP when exploited for illicit ends. Cybercrime is estimated to cost the global economy annually anywhere from $100 billion U.S. to in excess of $1 trillion.

In Canada, U.S. cyber security firm Symantec estimates that cybercrime costs the Canadian economy upwards of $3 billion annually.

The massive 2013 Christmas shopping credit card breach at the U.S. Target retail stores shows how vulnerable the commercial banking system has become to cyberattacks. Fortunately, Canada is far ahead of the U.S. on the use of more robust chip and pin technology at point-of-sale credit card use.

Unfortunately, given the Asia-Pacific region's burgeoning demographics and rapid economic growth, its constituent states are both a major source and victims of cybercrime. Given the interconnectedness of the cyber economy and Canada's growing economic links to the Asia-Pacific region, or APAC region, APAC cybersecurity should be of concern to the Government of Canada.

Protecting Canadian citizens from 21st century cyber threats will require perpetual vigilance and engagement by all agencies charged with Canadian public safety and defence. Given that the Internet is 90 per cent in the hands of the private sector, effective public-private partnerships are essential tools to combating cybercrime. Regional economic organizations such as APEC and ASEAN, the Association of Southeast Asian Nations, and international organizations such as Interpol and Swift can play an important role in combating cybercrime.

Cyberspace will also feature more prominently in APAC national security matters. Whether it involves the management of foreign information flows, the exercise of soft power or the projection of force, states will develop new ways to make strategic use of cyberspace. Canada and its economic partners should be ready for the next cyber black swan.

Recently we have seen regional disputes on the Korean Peninsula and East China Sea or local anti-government protests playing out in cyberspace, whether through patriotic campaigns, dissident surveillance or targeted malware attacks. Should any of the above disputes escalate into actual armed conflict, cyber control will be a decisive factor for victory on the 21st century network-enabled battlefield.

For Canada, as is the case with other wealthy G20 members, there is an array of strategies and policies available to pursue when seeking to maximize national interests and/or international partnerships in Internet cyberspace.

During my time at the Canada Centre for Global Security at the University of Toronto, I have had the distinct pleasure of meeting and conversing with a plethora of Canadian officials involved in the shaping of national cyber- strategies and policies, including foreign affairs, national defence, public safety, finance, transportation and others. We look forward to hosting some of these officials at our fourth annual Canada Centre Cyber Dialogue Conference in March.

When contrasted with other impactful economic regions, the Asia-Pacific region remains one of the most technically savvy in the world, manufacturing the majority of electronic circuits and the devices that power cyberspace. Thanks to one of the most successful economic development models the world has ever seen, a good number of APEC economies are moving up the knowledge industry value chain, most notably India, South Korea and Singapore. Little wonder, then, that the new Microsoft CEO appearing in Seattle, Satya Nadella, hails from Hyderabad, India.

However, despite the astonishing economic success achieved by many Asia-Pacific economies since the end of World War II and decolonization, many countries still have a long way to go towards becoming full-fledged cyber democracies. This is an area where Canadian development assistance can indeed make a positive difference, especially where universal human rights are concerned.

Given the growing cyber dependencies in the global economy and the institutional challenges that some of these dependencies present to the developing Asia-Pacific states, it is important that Canadian development agencies give careful consideration to how aid policies can be more cyberfriendly. Again, we do live in a cyber-enabled, interconnected world.

Like its neighbour to the south, Canada is both an Atlantic and Pacific trading nation, with a unique set of geographical, economic and cultural ties to the Asia-Pacific region. The West Coast of Canada is particularly well- suited to exploiting these ties, especially as it grows an indigenous cyber-enabled knowledge industry of its own.

Two-way foreign direct investment can benefit Canada and its Asia-Pacific cyber trade partners; however, legitimate security concerns do remain in some sensitive sectors, and new confidence-building measures will indeed be needed to overcome some of these more serious security concerns.

Again, thank you for this opportunity to share some of my personal observations of Asia-Pacific cyberspace before your committee today. I look forward to answering your questions and discussing with you further how Canada and its provinces can best exploit its natural and comparative advantages for a more prosperous and secure cyberspace.

The Chair: Thank you for your presentation.

[Translation]

Senator Fortin-Duplessis: Mr. Hughes, my question is on cyber security.

At the last meeting of the Standing Senate Committee on National Security and Defense, senators heard from Mr. John Forster from the Communications Security Establishment Canada.

During his appearance, Mr. Forster stated that threats of cyberattacks keep him up at night. He gave the example of Estonia, which was attacked by cyberterrorists a couple of years ago, of the United States, which is regularly the target of attacks, and of the Iranians, who have had a lot of problems with Stuxnet.

Do you believe that Canada is doing enough in the area of cyber defence to counter threats that could come from state actors? And do you believe that Canada should be worried about certain Asian countries?

[English]

Mr. Hughes: Mr. Forster is correct to worry about some of the threats Canada faces in cyberspace. Whether they are coming specifically from the Asia-Pacific region or anywhere in the world today, the threats are very real.

Again, it depends on what sectors are the recipients of the threats. At the highest order, critical infrastructure is probably what keeps him up the most at night. This is an area that, for North America especially, the critical infrastructure of — we'll look at British Columbia. There is a lot of hydro power that comes down to the United States, and it flows both ways. There was a report in the last few days that there was a station in California that experienced some type of anomaly in their system. If that were to happen, whether south or north of the border, the ripple effects would be pretty severe.

The good news on that front is that the people in charge of those systems, whether it's critical energy infrastructure, transportation or civilian air networks — to work down the list — are aware of the challenges. The technology base for critical infrastructure is in many cases legacy pre-Internet. Now that this interconnected world removes the air gap in many instances, even where we think they are, that puts at risk those systems as they get more complex and we move towards smart grids and other things. Those are probably the challenges that keep Mr. Forster up at night.

We can discuss the threats from the Asia-Pacific region in general, but partnerships will be key. Simply because there is a grid in Canada, a grid in the United States and one in Mexico does not mean that those grids operate independently. On the North American continent, partnerships will be key. Then a looking-glass towards the Asia- Pacific region, the Atlantic, southern hemisphere, and now the Arctic will challenge the defence infrastructure.

We've had some conversations with flag officers in the past in both Canada and the U.S. in looking at systems such as NORAD, which is a Cold War legacy — but what type of sensors and monitoring systems will that need in the future? Is air defence enough? Should cyber be factored into that? Those are things that keep military planners up at night, because if there was a severe attack, those systems would be tested as they were in 9/11, and they did not perform very well. However, Canada stepped into the breach. The United States would not have made it through that crisis without Canada.

These are the right questions to ask. I'm sorry I don't have specific answers in terms of the threat matrix or the magnitude of the impact; that's still a work-in-progress, but we're trying to do the best we can to work with our partners outside of academia. We do a lot with NATO and the European Union from the Cambridge side. I suspect that will intersect with research we're doing at the Munk School, as well.

[Translation]

Senator Fortin-Duplessis: Are you worried about cyberterrorism?

[English]

Mr. Hughes: I am, but maybe not in the way that you think I would be. If we take the critical infrastructure example, if you look at the kind of history, there haven't been — at least in the North American context, or Europe for that matter, or the wealthier parts of Asia-Pacific — many direct terrorist attacks at critical infrastructure or banking networks and other parts of commerce that would be most vulnerable.

That doesn't mean it won't happen. There are scaremongers who have talked about the cyber Pearl Harbour or cyber 9/11 coming that would be more severe. There are more things to be worried about in the threat matrix, such as human error — five-finger error — simply complex systems that run beyond humans' capacity.

I do worry about the extremist dimension, though, and we've seen in a post-9/11 world that the digital natives in extremist communities are making excellent use of the technology, just as the Edward Snowden files have revealed that the NSA and its counterparts in Canada have spent a lot of time trying to track the use of the social media technologies — the Facebooks, Twitters, Instagram — that the young extremists/soon-to-be-terrorists may take advantage of.

Sure, that's a legitimate concern. Maybe we can talk about balancing the civil liberties around that, because if we are to track the perpetrators on those networks, it has to be done in a way that is in accordance with our democratic principles and civil liberties.

Senator Downe: You're the expert in this area, so I appreciate the education, but it seems to me as a lay person that we're so dependent on this interconnected infrastructure. Should we not be investing in a backup, parallel system that is not as highly connected?

Mr. Hughes: That's an excellent question, senator. We live in an Internet world, and the Internet reaches nearly everything. But there are still legacy networks. I believe this video conference is going through the integrated services digital network, ISDN, which is an old legacy of the public telephone network. The phone companies keep those lines because there is a certain class of users that requires things that do not go over the net, whether for security reasons or backup.

We're taking advantage of a second network today, coupled with running Internet and other protocols — I do not know why we lost Vancouver or Victoria — but redundant networks are an example of where they come in handy, so bravo for keeping with your ISDN.

Obviously, DND and NATO infrastructure are really interesting. NATO runs one of the largest international sets of infrastructures in the world. It's truly an international network that operates not only in cyberspace and telecommunications but for its natural gas and energy networks, as well.

Defence organizations understand that parts of critical infrastructure do need to be either separated or independent. Yes, in certain areas such as medical, health, otherwise where a crisis could take down major parts of the Internet, you need those backup systems.

But as Hurricane Katrina demonstrated in the U.S. and New Orleans, in particular, parts of the Internet were more robust than other parts of the cellular or telecom systems in some cases. It's not an either/or but it's good to have capacity. In the university community, there is the Internet 2 network, which is a separate high-speed backbone. And there is soon-to-be Internet 3. There is research going in that direction, and it's something that Canadian agencies should be aware of and taking advantage of where possible.

Finally, with the recent storm in New York, so much has gone to broadband networks that they found some of the telecom providers in the New York region are now taking out the plain old telephone copper lines, and that presents a challenge. Broadband networks are power-intensive, so if you were at home during the ice storm that recently hit Toronto, a lot of the broadband networks can only stay up five or six hours because there is a battery in your modem. As soon as the battery goes offline, you're out. You have to hope that the cell tower in your neighbourhood stays online or is backed up.

It's very important. It's our understanding that Bell and telecom regulators are on top of the problem, but it's an economic problem and the right incentives have to be in place so that network providers still maintain legacy networks and so that new entrants can design their broadband networks to be more robust for the future.

I hope that answers your question, which was a good one.

Senator Downe: There are two areas: There is the defence concern, which is the protection of the nation, and there is the economic concern. Sometimes the two are separate. In an earlier answer, you alluded to an economic attack. We have all become highly dependent on mobile, in my case on my BlackBerry. Fifteen years ago, I used to know the phone numbers of all the people I called. Now I just hit their name on the BlackBerry; I don't even know the numbers anymore.

We saw in a European country a number of years ago where suspicion fell on the Russians for a host of reasons, but it was never proven, when systems went down. How much are we spending to avoid that happening? What is the economic cost to protect our systems?

Mr. Hughes: Senator, that's another interesting question. I'm sorry; I cannot give you an exact figure. I would not even know where to reach for it at this time.

However, telecom firms and IT providers like BlackBerry take that into account in the design of their networks and how much they can afford in terms of redundancy. As for the Black Swans that are out there — and you mentioned the economic threat, say, to the Toronto Stock Exchange — it doesn't really matter if they come in as five finger or human error or machine error or, say, as an extremist group or a nation-state that's extra mischievous and decides to inject bogus information into the system. There will be fallout and cost from that.

Something we did in the United Kingdom, working with the cabinet office, was to help them to develop a National Risk Register. I'm not sure if you're familiar with the British National Risk Register out of the cabinet office. When I was at Chatham House, we helped them to score cyber-dependencies alongside the panoply of threats, from pandemics to floods to attack from space aliens. That was the kind of new thinking, and I think it has made a difference on the U.K. side. It would be interesting to learn more about the Canadian joined-up approach in government to that challenge. It's an important one.

Senator Downe: I know the CIA does a similar exercise in the United States in many cases. I'm not sure if Canada does that.

I will ask my last question. We've heard through the recent leaks in the media about the intelligence gathering going on at many levels. Should we be concerned, particularly about a country like China, where a lot of the tech companies seem to have a strong military connection, that there may be devices in those units that are being sold to us that serve other purposes?

Mr. Hughes: I think that in any prudent Canadian national strategy, China would warrant concern. It really comes down to trust and how much trust there is with an economic giant like China. China is a mixed system. It is one China but with multiple economies within. Look at Microsoft in this region. It has a lot of trust in China because, more and more, their high-end R&D has moved to Beijing and Shanghai. In some areas, there's a high degree of trust and comfort, but, obviously, it's something that security agencies are very concerned about. Back doors are always potentially present. There have been a number of cases, such as, of course, the BlackBerry case in Canada and Nortel, a company we did a lot of work with in Cambridge University. The headquarters was kind of like one of those embassies in the Cold War. There were so many bugs you didn't know where you could have a free conversation. Whether that came from one particular country or not, those are examples of where the economic espionage enters into the equation. I suppose we have to think, going forward, of how best to design systems, whether they're virtual or physical, that can withstand that. There's interesting work going on when countries build embassies now, how they keep them bug-free. There has been a pretty big sea change in how they go about doing that.

Yes, it's a concern. Critical infrastructure back doors could probably do the most damage. I think it goes to the point I made earlier about confidence building and, in the Asia-Pacific region, reaching out to the institutions that Canada already plays a role in, like the ASEAN Regional Forum on the defence side. That's an area for confidence building. I believe the Royal Canadian Navy participates in RIMPAC on the defence side. Those are more hard defence, but I suppose, for the economic institutions, it's interesting. The U.K. Strategic Defence Review was a departure from the old, separating security from economic strategy, and there's more and more joined-up thinking in the U.K. and NATO countries. It's important to think about those challenges as on parallel tracks right now.

Canada is a member of APEC and hosted a summit. That's an economic organization, but it's interesting that, at many of the APEC summits, when the leaders show up, there have been hard-power crises, such as after 9/11. There is kind of a security parallel track that develops alongside. Logistics networks are a big concern. I was in Singapore, and you could look out my hotel window and see the number of ships, end to end, for miles and miles. Hundreds of ships come in through the Straits of Malacca. I wrote an article for a review on maritime cybersecurity, and that should be of concern to Canada as a Pacific nation. The threats to the logistics supply chain are something we could talk about as well. From the Port of Vancouver down to Seattle, the threats anywhere in that supply chain, from the desktop to the freight corridor to the airports to the ports, are an area that we haven't thought enough about. It would be interesting to engage more with Canadian agencies, as well as with the commercial partners that are vulnerable. Singapore is one of the most advanced ports in the world. IBM, Sun Microsystems and others got in early and developed a very sophisticated, modernized port facility, and I think they do stay up at night worrying that some of those vulnerabilities could be exploited in peacetime. In wartime, the risk is even greater, with the reliance of defence organizations on the commercial network and on the Internet. Ninety per cent of their port communications are carried over commercial carriers. It's true with logistics networks as well. That's an area to be concerned about because it's so complex. Things may be happening that we won't learn about until a long time from now. That's an area that I think warrants extra concern and precaution.

[Translation]

Senator Verner: I would like to continue with an article published by the Canadian Press in September 2012, which referred to concerns expressed by Public Safety Canada that computer systems located in Canada are being infiltrated more and more often, and then used by hackers to launch cyberattacks elsewhere in the world.

Could you please tell us if this is a practice that is becoming more and more common?

[English]

Mr. Hughes: There are some really interesting reports I encourage you to download from the Citizen Lab site, from the University of Toronto, that have mapped occasions where opportunistic hackers have taken advantage of some systems in Canada as partners. There's always a risk that service providers can be captured and used for no-good ends. It's a concern. And I think protecting against it is probably a balance of regulation and incentives. Again, I can't speak for the Canadian government, but it's my understanding that it is still working the formulas to get those balances right. That's where you come in on the committee here. The democratic oversight and nudging in the right directions is really important because service providers don't want to have nefarious customers who will get them into trouble, and it's not in the government's interest to provide incentives or overregulate. That would detract from those types of services.

It's a challenge. It has happened before, and it's quite negative for all parties involved. It's something I hope the committee could really take a look at. I know the Citizen Lab and Professor Deibert's group would be thrilled to offer assistance there because there's a lot of data they have that could be quite useful.

[Translation]

Senator Verner: Since 2010, Canada has implemented three initiatives concerning national and international cyber security: Canada's Cyber Security Strategy, the Cross-Cultural Roundtable on Security, and a joint cyber security action plan between Public Safety Canada and the American Department of the Interior.

In your opinion, are these three initiatives truly an effective way to counter threats from the Asia-Pacific Region?

[English]

Mr. Hughes: Thank you, senator. It has been a while, I must confess, since I've looked at the documents and the reports, but I do think they're useful in terms of syncing up parts of government, whether it's in-country or across the border. I don't recall that there's a lot of emphasis on the Asia-Pacific region, but I will go back and look at the reports and can respond to you later in more detail, if you wish.

Overall, the trajectory and the energy in cybersecurity collaborations with like-minded NATO countries has been towards NATO, towards the Atlantic direction, so there probably has not been nearly enough energy in looking at the Asia-Pacific region. That's something that should come in pretty short order.

The work we do at the university level, again, even that's pulled in a lot of directions. We've had conferences with MIT and Harvard and others, which have been pretty Atlantic-focused. It's a real effort to get Asia-Pacific representatives to come. I mentioned the fourth annual Cyber Dialogue Conference that we'll be hosting. We'll have more, but not enough. It's kind of a legacy of the Atlantic post-Cold War era. As the economy shifts, the main events of this century will be in the Asia-Pacific region, so I think we all need to do a lot more to reach out and examine.

In short, I don't think there is enough Asia-Pacific focus that would warrant a lot of attention at this time. Again, hopefully with the help of the committee, it will come.

Senator Dawson: Senator Fortin-Duplessis and Senator Downe both talked about the cyberattack on Estonia. There is a price to pay. Estonia is by far the most wired country in the world. They have the best Wi-Fi Internet service by far of any European country. Their cabinet sits with computers. They don't have paper. People have Wi-Fi. They've been paying their parking meters with their phones for the last 10 years. We're starting to do it here now.

There is a price to pay for progress. They were ahead the curve and, because of the fact that they were ahead of the curve, they were an easy target for what is suspiciously thought that the Russians attacked them, but that's the price. Because they were ahead of the curve, they made it to the European community faster than the other Baltic states. They made it to the euro faster. There is a price to pay for that kind of progress. They invented Skype, and it's not banal as a success story.

We used to be ahead of that curve. They have a digital policy. They have a digital strategy as a government. I'm not criticizing the existing government. The previous government wasn't better at having a digital plan. We don't have a digital strategy in Canada. We used to be ahead. I'm chairman of the Transport and Telecommunications Committee, and we've studied the issues of digital Canada. We used to be ahead of the curve with phones and television. It put us at risk because, if you're ahead of the curve, you are more vulnerable. Everybody knows what happened to Nortel, which was the biggest organization of its kind in the world.

I defer to my two colleagues that yes, there is a risk with this dependence on the digital world, but there are advantages. We would not have the progress. Inflation would be higher if we did not have the price competition that the Internet offers us in buying products at a lower price. Yes, it does have some repercussions. It influences the book industry and the libraries in Canada, but it is progress. I don't disagree with my colleagues, but I think that's the price we have to pay.

What I would like to hear from you is how we assure ourselves that we get back ahead of the curve in terms of technological progress but, at the same time, have some surveillance of what is being done with this mega-data mining information that we saw again this week. I have so many of these tools. I don't know if anybody is trying to follow me. Trust me; they can find me. What do we do to be ahead of the curve and, at the same time, not be too vulnerable?

Mr. Hughes: Thank you, senator. I think you're right. The Estonians may have been a little bit ahead of themselves during the incident and the skirmish with Russia, and it showed how vulnerable you are if you're the most advanced e- economy in Europe when your banking networks are attacked, and your point-of-sales systems and Internet parking meters. That can be a real problem, especially in scale if it was Canada or the U.S. or much bigger countries. Ultimately, no one is going to stop the progress. Even the best regulators will be out-witted and outsmarted.

What you're really getting at perhaps is Canada and its partners have fallen behind in some areas. Those are probably questions about economic incentives. I can speak from the U.K. side because, living in Cambridge, which prides itself as a Silicon Valley of the United Kingdom, this is on our mind all the time and in the government there, both nationally and regionally, and then with the European Union, and how to create incentives that keep you at least competitive if not ahead of the curve in the Internet game. I can say from our experience at the university level, and I think this applies at the University of Toronto, too — the MaRS project and incubation and looking at the Waterloo, BlackBerry, the legacy there and innovation — and maybe out to the Pacific coast here and thinking about competition with Asia-Pacific countries, specifically, that it's really about the incentives that make it possible for new capital formation to be created.

I was thinking this morning on the way to this site that the West Coast faces Asia, whether south or north of the border. The investment increasingly will come from the Asia-Pacific region. There's already a growing presence of Bank of China investments. Look at Vancouver and the properties developed there. I was at the Asia-Pacific conference that the Asia-Pacific Foundation hosted in June last year. It's interesting to see some of the banks, even British banks, Bank of Hong Kong, Barclay's, talking about the new capital that's coming. What investments do they look at? Well, a lot of real estate, but ultimately those buildings have to be filled up.

I think you're starting to see some traction in high-tech companies in the Canadian economy, especially British Columbia. There's already a stepping stone with the film industry in Vancouver. Now the film industry is so integrated with the digital industries and digital media that they're becoming almost one and the same.

If it's about the next generation of Canadian industries that are technologically based in the Internet cyber sector, looking at the incentives that all competitive regions in the technology game are looking at, in our experience it's a combination of getting the regulation picture right, other economic and fiscal incentives and regional development strategies. There's a lot there. There are a lot of good models to look at.

Certainly in the Asia-Pacific region, I've mentioned the Asian growth miracle that everybody on the committee is well aware of. That started with good land use policies — there were some interesting books and articles written about that — and then getting towards to the capital formation, the foreign direct investment that is so key. Even for developed countries, no country is fixed in its position. Even if Canada, as you've referenced, maybe slid back in some areas, the next Nortel or BlackBerry may be on the horizon and government perhaps can do things to get those companies over the hump. That will be the subject of the INET conference coming to Toronto in April, the Institute for New Economic Thinking. We have an INET node in Cambridge, U.K., where the university will be taking up that question in a more technological focus. They held their conference last year for the first time in Asia, in Hong Kong.

On the incentives, it may be interesting to hear some more feedback from the committee as to how you're grappling with that, because with the leap or the intersection with Asia-Pacific and foreign trade, there's so much there. It's hard to know where to begin. I have personally seen evidence at the Asia-Pacific conference and elsewhere that some of the wealthy bankers and entrepreneurs and investment capital are quite excited to do business in Canada and along the West Coast. The West Coast of North America is the technology belt because of Silicon Valley, but the belt goes in both directions. It goes down to Guadalajara, Mexico, which is developing its own tech hub, and up to Vancouver, and perhaps beyond, so that may be what powers much of the transformation and collaboration. I think there are a lot of good things happening and perhaps senators in their constituencies are more aware of some of the companies and organizations taking advantage of those opportunities.

I hope that heads in the right direction with your question, which is a good one.

Senator Dawson: Very briefly, you are quoting someone else, but the next war will begin in cyberspace, which probably is true, and when I criticized the government, I criticized the one that was there before as well as the one that's there now.

We do not have a digital plan, so if there is going to be a cyberwar and we don't have a digital plan for Canada, what is our procurement policy going to be? All of us know around here about the problems with the procurement policy of National Defence. The government has acted on it this week and I think it's a step in the right direction.

But procurement for a cyberwar needs some political guidance on a digital policy for the government, and this is probably a little away from our subject, but if we are looking at our Asian future competitors, they have digital policies. They have ministers responsible for the management of the digital policies of their countries.

We're behind the ball on that. If the next war will start in cyberspace, I would like to know that we have at least a procurement policy for how we will react to it.

I do not know if you have any comments on that, but one of the advantages of the Internet now is that I can read. I probably know more about you in what I read than you know about yourself, because I have it all here on Google. But this is a reality, and I think we're behind the ball on it.

Mr. Hughes: Thank you, senator. I appreciate you finding some of my articles on the Internet. Academics worry about getting past the 1:1 readership ratio, so it's good to know things are reaching the highest levels of government.

My only comment would be that it never hurts to have a strategy, even if it's not followed to the T. There are a number of good examples. I think the U.K. does a better job than perhaps the U.S. and Canada in developing strategies. They don't always get implemented, and sometimes the resources aren't always available.

But from the top down, the Prime Minister's policy directorate, and going back to early Internet days, they brought people in from the industry and the BBC who had a bead and a vision for where they wanted to go, and they brought that expertise into government and then focused on whether it was an eGovernment Strategy or the development of what is called Ofcom, the Office of Communications, which is the British telecom regulator. It is really exemplary for the Commonwealth.

I worked there for a time and delegation after delegation came through to see how the British operated. It took five regulators and print, broadcast, telecommunications and radio, converged that into one super regulator that all it did was prepare strategy in its first few years. I had the privilege to work on the telecom strategic review, which really got the U.K. ahead of the curve in terms of liberalizing its wireless spectrum, and the U.K. was one of the first in Europe with 4G wireless technology and quite far ahead of other countries.

I think you're right, and it's good you are Googling, because you can find some of these other strategies, and perhaps they are examples for Canada to follow.

I think there is some really good work done on the defence side in the Canadian war colleges that look at challenges. I was reading some articles last night, and there is some high-quality thinking that is as good as anywhere, but perhaps the link is a little bit weak getting those into government policies and national strategies.

There may be opportunities to develop those things in a more rapid manner, but it is a really good question. I'll be happy to point you to some that we have worked on, at least from the Cambridge side, if that's of interest.

Senator Demers: I would like to know from you to what extent this is valid: Canada has a reputation in Asia of showing up there but not being serious about establishing long-term relationships.

Apparently, from what I read, this was not always the case. Canada is a powerful country. What's your answer regarding that matter?

Mr. Hughes: Well, I must say my experience with Canadian officialdom in the Asia-Pacific region is quite good. I may not be the right person to ask in terms of the long-range impact where your criticisms may be valid.

Canada has played a critical role in APEC in terms of institution-building and regional forums, and it, I think, has a really good seat at the table and is well respected.

Again, I'm sorry, I can't cite any specific examples where I have seen maybe the government fall down in certain cases, but it's interesting, and it's probably a perspective we should look at in our engagements with Foreign Affairs and other departments that may be more aware of that.

In cyber, maybe there is a general feeling there aren't enough people that are really committed to it, and programmatically maybe that doesn't filter down to the region. That could be the case, but that perspective is very interesting, and I would hope to learn more about your understanding of that.

The Chair: Professor, I have two questions. You've talked about cyberspace and some of the difficulties and some of the advantages. Looking at Asia-Pacific, what I'm concerned about are the countries. If we're going in a negative direction, you're talking about governments having to protect their data, et cetera.

When you look at Asia-Pacific, is it a question of policies and ideology, or is it the lack of institutions and capabilities that is an impediment to working with the countries?

Mr. Hughes: Just to be clear, are you referring to the policies and ideologies on the Asia-Pacific side, the Canadian side or both, perhaps?

The Chair: Yes. In so many of the other fields we say that China, for example, and some of the other countries are developing, but their institutions were not compatible to ours. Their laws and protections aren't there. Intellectual property is a subject that comes up all the time. Is that an impediment? My second question is you said that there are some advantages that our industries and our government could take.

So what are the inhibiters? Because you have certainly put out the advantages for the real world we live in today.

Mr. Hughes: Thank you for that clarification.

You hit the nail on the head of what is among the most contested areas of Asian studies in academia: whether the incentives will close the cultural gap between the West and parts of Asia. That's obviously something that has been debated for centuries.

There are a couple of schools of thought today, I think. There is an interesting article by a Woodrow Wilson School professor, John Ikenberry from Princeton, on liberalism and the kind of Western value of open democracy and capitalist systems and whether countries like China would eventually get on board with that. His thesis was, yes, they would, even though some of their more overt policies look askance to that, that there is good evidence if you look materially at what China and other countries that may have a very different ideology from Western countries, that they are more or less going down the road of engaging with liberal institutions, whereas the World Trade Organization or APEC was created very much in the western model.

So there is that viewpoint. But there is the other viewpoint, the kind from Samuel Huntington, if you are familiar with his great book, The Clash of Civilizations. That was so impactful because he threw a unique thesis out that, looking at the United States, North America, that it would be challenged by immigration from the south of the U.S. border and that that would be an example of where maybe culture collisions cause domestic tensions and even in the country's outward view of things. So there are many different schools of thought and there is probably no correct answer because history is unfolding before us.

My personal view is that I would side with Ikenberry that the West has had various successes in creating the institutions, especially following World War II, and that countries have very different ideologies from us. Look at what's happening with Iran now. They are all of a sudden looking at ways to find entry points into things like the WTO. They are very western and may be diametrically opposed to what their clerics and officials would be for with their domestic constituencies, but there is a kind of trajectory towards some mutual accommodation, cooperation and positive sum game where at least economically you can bring those countries in. There is a pretty good track record; not that there won't be bumps along the way.

Of course, the crisis in the East China Sea and perhaps soon the South China Sea are real barriers and things could go terribly wrong and countries' economies could potentially collapse around that, if it went off the charts wrong.

I don't know how valuable my personal view would be to you on that, but I think there is evidence that at least institutionally there are things that Canada and other partner countries can do that would facilitate cooperation with countries that have those different ideologies. But it's anyone's guess as to, of course, what ultimately happens in some of the more difficult areas.

The cyber bit is interesting because we're talking today about cyberspace as a separate thing from real space and it's often convenient to think that way, but if you think about the about next generation, the digital natives and the future foreign service officers, they are going to bring a really different perspective. Look at how young people view privacy with Facebook and other social media versus our peers, even though there is a different approach to things now in the social media world. Much like for the private sector, cyber has been transformative. Amazon is the world's largest retailer now and a decade ago barely existed. We're 20 years this year since the commercialization of the Internet, when the National Science Foundation let it go into the commercial domain in the United States and beyond.

I think, looking forward, that the generational perspective, especially coming from the university, is a real opportunity for Canada. In the U.K., I think there is a realization, thinking back to the London cyberspace conference a few years ago. It's my understanding that the conference may come to Canada in the future. It is really important to get the next generation of foreign service officers engaged and create pathways for them to create digital strategies for the future.

I think that scenario is where Canada and a lot of countries are challenged. It's true in the U.S. as well. There is a tiny little office in the State Department that's the kernel of the secretary's digital Internet freedom strategies carried from the previous administration. There are still not many bodies or expertise to allocate. That's an area where Canada, if it wanted to, could match up the right resources and leap ahead of many of its neighbours and add unique perspective. Again, the geographic, economic and cultural ties are there. So why not find new mechanisms to leverage those and help close the gap on some of those ideological frictions for a better cyber future or just Asia-Pacific future in general?

The Chair: Following up on that, that's an interesting recommendation you're making about foreign service. Is there any other area with business, et cetera, that you think we could improve on and would have an advantage over other countries, strategically, of course, around the Pacific?

Mr. Hughes: Yes. I think, on the business side, in addition to what Foreign Affairs may do, that thinking back to my visits to Vancouver of recent, doing things that make it easier for those Asia-Pacific entrepreneurs, specially coming from some of the offshore economies like Hong Kong and Singapore with bags of money to invest, and in speaking to some of those individuals I think they do feel a cultural affinity. They love to go and get dim sum at some of the best restaurants in town and look at these beautiful condos that they could end up living in, so there is an attraction there, obviously. There are easier travel connections from the Pacific coast of Canada to Asia, but there may be opportunities, whether at the regional level or the metropolitan level, to create platforms where it makes those interactions.

Think back to Silicon Valley, and the experience in participating university events at Stanford and Berkeley. There are the formal things that happen and the informal things. I haven't spent enough time at UBC. It's amazing how much the campus has transformed and obviously it's the beneficiary of some of that Asian capital inflow.

Create mechanisms maybe on the formal side that go along with the informal, the kind of mixing that goes on. Our experience in Cambridge, U.K., the regional development agencies work with the department of trade, now BIS, to bring delegations like we did at Ofcom and they also then will take delegations over. I think that already goes on today.

I don't have any real breakthrough ideas for you, I'm sorry. I do think there are probably some models to look at around the world. We have done some work with the Irish Development Agency. They do a really good job for a small country of 6 million people — it has doubled in population in the last 20 years — focusing on their high-tech sectors. They have been moving up the value chain even though they went through economic disaster, like Iceland. But they are still chugging along. attracting foreign investment, a lot of U.S. high tech, and now China tech and Japan tech going into Ireland. Their development agencies focus like a hawk on attracting those companies, so it's about bringing the FDI in, this tech focus. There are models out there that could be followed.

But the incentives really matter. Ultimately, these are businessmen. They will go where their dollars have the least friction, so having the right incentives for them to invest and having their confidence is important.

It's an area we would look forward to brainstorming with various officials on to see how it could be done. The benefits will flow down the West Coast, obviously. In Seattle today, look at what Microsoft and other companies are doing on the other side of the border. The Olympics were a big opportunity. It's my understanding there was a pretty interesting looking glass that was developed with Homeland Security across the border, maybe like a mini NORAD that watches the border in a pretty high-tech sophisticated way. Taking advantage of the technology companies on the West Coast — there are many there and I think that's true for the U.S. as well. Again, the pull has been towards the Atlantic in the past, but while Europe takes a time-out in terms of its high-tech development because of stressed capital markets, the euro and all sorts of other problems, now is probably the time to look towards the Pacific. They can take some of those budgets and shift them in the other direction to try to make improvements. I hope that's helpful.

The Chair: Thank you. That's helpful. I have a question from Senator Fortin-Duplessis before we adjourn.

[Translation]

Senator Fortin-Duplessis: Are there international or legal instruments, or conventions or treaties that would allow Canada to promote state and supranational action to strengthen cyber security in Asia?

[English]

Mr. Hughes: Another good question. I cannot cite examples of initiatives that would be comparable to what the UN Government Group of Experts is working on more in the arms control area or the European convention on cybercrime. Nothing equivalent has developed in the Asia-Pacific region specifically. But I can say that in a recent visit to APEC headquarters in Singapore, I met with some of the working group chiefs. They have some proposals that are coming through their national governments. Even Russia has some good ones. You don't often think of Russia as a Pacific power, but it is, through Vladivostok.

I think there are proposals that could be on track to being something bigger, and that could be an opportunity for Canada as well. You think about Russia and its engagement with the West as still rather turbulent, but they are a cyber-power, and they are really good with the management of their technology. They are a bit challenged on their commercial side.

The countries have used these regional institutions like APEC and ASEAN to float proposals, and I'm sure Foreign Affairs is well aware as to what is in play at the moment. But there may be opportunities to take some of those initiatives forward, and maybe Canada can offer some of its own, whether that is arms control or human rights.

I know Professor Ron Deibert is a big believer that Canada has a unique opportunity to promote its human rights values around the globe. Finding the model and the venues for that are difficult, but it speaks to the need to look beyond Brussels and beyond the old Atlantic access to London and Berlin. It's still important, but in addition to that there is probably a need to move some things where Asia-Pacific countries may be more receptive.

Japan is still the second or third largest economy in the world and there is probably opportunity there to float proposals. It would be interesting to see what could be developed that would be perhaps more attractive to Asia-Pacific countries that can be developed in APEC and ASEAN and taken forward to some of the more global bodies. It would be a big opportunity.

But there have been no really serious initiatives that we have seen as of late that would be comparable to what has come out of the Euro-Atlantic region.

The Chair: Mr. Hughes, thank you very much for joining us and carrying the entire session. It has been extremely helpful. You've touched on a lot of areas. Our questions probably went beyond the ones you expected, but you handled them admirably. I thank you for your input. You indicated that you may have other information; you can certainly file it with the clerk, as this is an ongoing study.

Thank you very much, and thank you for your information.

Honourable senators, we are adjourned until tomorrow morning.

(The committee adjourned.)