Proceedings of the Standing Senate Committee on
Foreign Affairs and International Trade
Issue 5 - Evidence - Meeting of February 5, 2014
OTTAWA, Wednesday, February 5, 2014
The Standing Senate Committee on Foreign Affairs and International Trade met
this day at 4:18 p.m. to study security conditions and economic developments in
the Asia-Pacific region, the implications for Canadian policy and interests in
the region, and other related matters.
Senator A. Raynell Andreychuk (Chair) in the chair.
The Chair: Honourable senators, we are the Standing Senate Committee
on Foreign Affairs and International Trade.
Here by videoconference is one witness. I should advise you that with respect
to our second witness from Victoria, there has been a problem with the
videoconferencing and unfortunately they cannot fix it in time for this hearing.
We will have to rectify the problem and hear from the witness probably next
week, but we're very pleased that the other videoconference hookup is working.
We are continuing our study on security conditions and economic developments
in the Asia-Pacific region, the implications for Canadian policy and interests
in the region and other related matters. By videoconference from Seattle, we
have Rex Hughes, Visiting Professor, Canada Centre for Global Security Studies,
Munk School of Global Affairs, University of Toronto.
We won't ask you about Seattle, but we welcome you to the committee. Our
procedure in Parliament is we will ask for your opening statement, and then
senators will wish to ask questions.
Welcome to the Standing Senate Committee on Foreign Affairs and International
Trade. The floor is yours for your comments.
Rex Hughes, Visiting Professor, Canada Centre for Global Security Studies,
Munk School of Global Affairs, University of Toronto, as an individual:
Thank you very much. I would first like to thank the committee for this
opportunity to testify on Canada and Asia-Pacific cyberspace.
We live in a cyber-enabled world. With each passing day, the global economy
both widens and deepens its connections to Internet cyberspace. This year marks
the thirtieth anniversary of American-Canadian author William Gibson's
popularization of the term ``cyberspace'' in his 1984 steampunk sci-fi book,
Neuromancer. In 1984, the Internet had only 1,000 hosts and a cell phone
weighed several pounds and cost several thousand dollars.
Given the subject of today's discussions, it is fitting to recognize that
Gibson authored Neuromancer while a resident of Canada's Pacific Coast in
The Asia-Pacific region is a major contributor to the global cyber economy.
As of 2014, there are nearly 3 billion connected Internet users worldwide,
nearly half located in the Asia-Pacific region. Like most human inhabitants of
cyberspace, Asia-Pacific peoples use the Internet for business, education,
health, social and entertainment purposes. According to the OECD and other
leading economic measurement organizations, the cyber economy accounts for
somewhere between 1 and 8 per cent of gross domestic product in Asia-Pacific
Economic Cooperation economies, or APEC economies, with Canada coming in
somewhere between 1 and 4 per cent GDP but growing roughly at 10 per cent
annually, so quite a positive direction.
While the expansion of cyberspace is a net positive development for gross
domestic product growth, it can also subtract from GDP when exploited for
illicit ends. Cybercrime is estimated to cost the global economy annually
anywhere from $100 billion U.S. to in excess of $1 trillion.
In Canada, U.S. cyber security firm Symantec estimates that cybercrime costs
the Canadian economy upwards of $3 billion annually.
The massive 2013 Christmas shopping credit card breach at the U.S. Target
retail stores shows how vulnerable the commercial banking system has become to
cyberattacks. Fortunately, Canada is far ahead of the U.S. on the use of more
robust chip and pin technology at point-of-sale credit card use.
Unfortunately, given the Asia-Pacific region's burgeoning demographics and
rapid economic growth, its constituent states are both a major source and
victims of cybercrime. Given the interconnectedness of the cyber economy and
Canada's growing economic links to the Asia-Pacific region, or APAC region, APAC
cybersecurity should be of concern to the Government of Canada.
Protecting Canadian citizens from 21st century cyber threats will require
perpetual vigilance and engagement by all agencies charged with Canadian public
safety and defence. Given that the Internet is 90 per cent in the hands of the
private sector, effective public-private partnerships are essential tools to
combating cybercrime. Regional economic organizations such as APEC and ASEAN,
the Association of Southeast Asian Nations, and international organizations such
as Interpol and Swift can play an important role in combating cybercrime.
Cyberspace will also feature more prominently in APAC national security
matters. Whether it involves the management of foreign information flows, the
exercise of soft power or the projection of force, states will develop new ways
to make strategic use of cyberspace. Canada and its economic partners should be
ready for the next cyber black swan.
Recently we have seen regional disputes on the Korean Peninsula and East
China Sea or local anti-government protests playing out in cyberspace, whether
through patriotic campaigns, dissident surveillance or targeted malware attacks.
Should any of the above disputes escalate into actual armed conflict, cyber
control will be a decisive factor for victory on the 21st century
For Canada, as is the case with other wealthy G20 members, there is an array
of strategies and policies available to pursue when seeking to maximize national
interests and/or international partnerships in Internet cyberspace.
During my time at the Canada Centre for Global Security at the University of
Toronto, I have had the distinct pleasure of meeting and conversing with a
plethora of Canadian officials involved in the shaping of national cyber-
strategies and policies, including foreign affairs, national defence, public
safety, finance, transportation and others. We look forward to hosting some of
these officials at our fourth annual Canada Centre Cyber Dialogue Conference in
When contrasted with other impactful economic regions, the Asia-Pacific
region remains one of the most technically savvy in the world, manufacturing the
majority of electronic circuits and the devices that power cyberspace. Thanks to
one of the most successful economic development models the world has ever seen,
a good number of APEC economies are moving up the knowledge industry value
chain, most notably India, South Korea and Singapore. Little wonder, then, that
the new Microsoft CEO appearing in Seattle, Satya Nadella, hails from Hyderabad,
However, despite the astonishing economic success achieved by many
Asia-Pacific economies since the end of World War II and decolonization, many
countries still have a long way to go towards becoming full-fledged cyber
democracies. This is an area where Canadian development assistance can indeed
make a positive difference, especially where universal human rights are
Given the growing cyber dependencies in the global economy and the
institutional challenges that some of these dependencies present to the
developing Asia-Pacific states, it is important that Canadian development
agencies give careful consideration to how aid policies can be more
cyberfriendly. Again, we do live in a cyber-enabled, interconnected world.
Like its neighbour to the south, Canada is both an Atlantic and Pacific
trading nation, with a unique set of geographical, economic and cultural ties to
the Asia-Pacific region. The West Coast of Canada is particularly well- suited
to exploiting these ties, especially as it grows an indigenous cyber-enabled
knowledge industry of its own.
Two-way foreign direct investment can benefit Canada and its Asia-Pacific
cyber trade partners; however, legitimate security concerns do remain in some
sensitive sectors, and new confidence-building measures will indeed be needed to
overcome some of these more serious security concerns.
Again, thank you for this opportunity to share some of my personal
observations of Asia-Pacific cyberspace before your committee today. I look
forward to answering your questions and discussing with you further how Canada
and its provinces can best exploit its natural and comparative advantages for a
more prosperous and secure cyberspace.
The Chair: Thank you for your presentation.
Senator Fortin-Duplessis: Mr. Hughes, my question is on cyber
At the last meeting of the Standing Senate Committee on National Security and
Defense, senators heard from Mr. John Forster from the Communications Security
During his appearance, Mr. Forster stated that threats of cyberattacks keep
him up at night. He gave the example of Estonia, which was attacked by
cyberterrorists a couple of years ago, of the United States, which is regularly
the target of attacks, and of the Iranians, who have had a lot of problems with
Do you believe that Canada is doing enough in the area of cyber defence to
counter threats that could come from state actors? And do you believe that
Canada should be worried about certain Asian countries?
Mr. Hughes: Mr. Forster is correct to worry about some of the threats
Canada faces in cyberspace. Whether they are coming specifically from the
Asia-Pacific region or anywhere in the world today, the threats are very real.
Again, it depends on what sectors are the recipients of the threats. At the
highest order, critical infrastructure is probably what keeps him up the most at
night. This is an area that, for North America especially, the critical
infrastructure of — we'll look at British Columbia. There is a lot of hydro
power that comes down to the United States, and it flows both ways. There was a
report in the last few days that there was a station in California that
experienced some type of anomaly in their system. If that were to happen,
whether south or north of the border, the ripple effects would be pretty severe.
The good news on that front is that the people in charge of those systems,
whether it's critical energy infrastructure, transportation or civilian air
networks — to work down the list — are aware of the challenges. The technology
base for critical infrastructure is in many cases legacy pre-Internet. Now that
this interconnected world removes the air gap in many instances, even where we
think they are, that puts at risk those systems as they get more complex and we
move towards smart grids and other things. Those are probably the challenges
that keep Mr. Forster up at night.
We can discuss the threats from the Asia-Pacific region in general, but
partnerships will be key. Simply because there is a grid in Canada, a grid in
the United States and one in Mexico does not mean that those grids operate
independently. On the North American continent, partnerships will be key. Then a
looking-glass towards the Asia- Pacific region, the Atlantic, southern
hemisphere, and now the Arctic will challenge the defence infrastructure.
We've had some conversations with flag officers in the past in both Canada
and the U.S. in looking at systems such as NORAD, which is a Cold War legacy —
but what type of sensors and monitoring systems will that need in the future? Is
air defence enough? Should cyber be factored into that? Those are things that
keep military planners up at night, because if there was a severe attack, those
systems would be tested as they were in 9/11, and they did not perform very
well. However, Canada stepped into the breach. The United States would not have
made it through that crisis without Canada.
These are the right questions to ask. I'm sorry I don't have specific answers
in terms of the threat matrix or the magnitude of the impact; that's still a
work-in-progress, but we're trying to do the best we can to work with our
partners outside of academia. We do a lot with NATO and the European Union from
the Cambridge side. I suspect that will intersect with research we're doing at
the Munk School, as well.
Senator Fortin-Duplessis: Are you worried about cyberterrorism?
Mr. Hughes: I am, but maybe not in the way that you think I would be.
If we take the critical infrastructure example, if you look at the kind of
history, there haven't been — at least in the North American context, or Europe
for that matter, or the wealthier parts of Asia-Pacific — many direct terrorist
attacks at critical infrastructure or banking networks and other parts of
commerce that would be most vulnerable.
That doesn't mean it won't happen. There are scaremongers who have talked
about the cyber Pearl Harbour or cyber 9/11 coming that would be more severe.
There are more things to be worried about in the threat matrix, such as human
error — five-finger error — simply complex systems that run beyond humans'
I do worry about the extremist dimension, though, and we've seen in a
post-9/11 world that the digital natives in extremist communities are making
excellent use of the technology, just as the Edward Snowden files have revealed
that the NSA and its counterparts in Canada have spent a lot of time trying to
track the use of the social media technologies — the Facebooks, Twitters,
Instagram — that the young extremists/soon-to-be-terrorists may take advantage
Sure, that's a legitimate concern. Maybe we can talk about balancing the
civil liberties around that, because if we are to track the perpetrators on
those networks, it has to be done in a way that is in accordance with our
democratic principles and civil liberties.
Senator Downe: You're the expert in this area, so I appreciate the
education, but it seems to me as a lay person that we're so dependent on this
interconnected infrastructure. Should we not be investing in a backup, parallel
system that is not as highly connected?
Mr. Hughes: That's an excellent question, senator. We live in an
Internet world, and the Internet reaches nearly everything. But there are still
legacy networks. I believe this video conference is going through the integrated
services digital network, ISDN, which is an old legacy of the public telephone
network. The phone companies keep those lines because there is a certain class
of users that requires things that do not go over the net, whether for security
reasons or backup.
We're taking advantage of a second network today, coupled with running
Internet and other protocols — I do not know why we lost Vancouver or Victoria —
but redundant networks are an example of where they come in handy, so bravo for
keeping with your ISDN.
Obviously, DND and NATO infrastructure are really interesting. NATO runs one
of the largest international sets of infrastructures in the world. It's truly an
international network that operates not only in cyberspace and
telecommunications but for its natural gas and energy networks, as well.
Defence organizations understand that parts of critical infrastructure do
need to be either separated or independent. Yes, in certain areas such as
medical, health, otherwise where a crisis could take down major parts of the
Internet, you need those backup systems.
But as Hurricane Katrina demonstrated in the U.S. and New Orleans, in
particular, parts of the Internet were more robust than other parts of the
cellular or telecom systems in some cases. It's not an either/or but it's good
to have capacity. In the university community, there is the Internet 2 network,
which is a separate high-speed backbone. And there is soon-to-be Internet 3.
There is research going in that direction, and it's something that Canadian
agencies should be aware of and taking advantage of where possible.
Finally, with the recent storm in New York, so much has gone to broadband
networks that they found some of the telecom providers in the New York region
are now taking out the plain old telephone copper lines, and that presents a
challenge. Broadband networks are power-intensive, so if you were at home during
the ice storm that recently hit Toronto, a lot of the broadband networks can
only stay up five or six hours because there is a battery in your modem. As soon
as the battery goes offline, you're out. You have to hope that the cell tower in
your neighbourhood stays online or is backed up.
It's very important. It's our understanding that Bell and telecom regulators
are on top of the problem, but it's an economic problem and the right incentives
have to be in place so that network providers still maintain legacy networks and
so that new entrants can design their broadband networks to be more robust for
I hope that answers your question, which was a good one.
Senator Downe: There are two areas: There is the defence concern,
which is the protection of the nation, and there is the economic concern.
Sometimes the two are separate. In an earlier answer, you alluded to an economic
attack. We have all become highly dependent on mobile, in my case on my
BlackBerry. Fifteen years ago, I used to know the phone numbers of all the
people I called. Now I just hit their name on the BlackBerry; I don't even know
the numbers anymore.
We saw in a European country a number of years ago where suspicion fell on
the Russians for a host of reasons, but it was never proven, when systems went
down. How much are we spending to avoid that happening? What is the economic
cost to protect our systems?
Mr. Hughes: Senator, that's another interesting question. I'm sorry; I
cannot give you an exact figure. I would not even know where to reach for it at
However, telecom firms and IT providers like BlackBerry take that into
account in the design of their networks and how much they can afford in terms of
redundancy. As for the Black Swans that are out there — and you mentioned the
economic threat, say, to the Toronto Stock Exchange — it doesn't really matter
if they come in as five finger or human error or machine error or, say, as an
extremist group or a nation-state that's extra mischievous and decides to inject
bogus information into the system. There will be fallout and cost from that.
Something we did in the United Kingdom, working with the cabinet office, was
to help them to develop a National Risk Register. I'm not sure if you're
familiar with the British National Risk Register out of the cabinet office. When
I was at Chatham House, we helped them to score cyber-dependencies alongside the
panoply of threats, from pandemics to floods to attack from space aliens. That
was the kind of new thinking, and I think it has made a difference on the U.K.
side. It would be interesting to learn more about the Canadian joined-up
approach in government to that challenge. It's an important one.
Senator Downe: I know the CIA does a similar exercise in the United
States in many cases. I'm not sure if Canada does that.
I will ask my last question. We've heard through the recent leaks in the
media about the intelligence gathering going on at many levels. Should we be
concerned, particularly about a country like China, where a lot of the tech
companies seem to have a strong military connection, that there may be devices
in those units that are being sold to us that serve other purposes?
Mr. Hughes: I think that in any prudent Canadian national strategy,
China would warrant concern. It really comes down to trust and how much trust
there is with an economic giant like China. China is a mixed system. It is one
China but with multiple economies within. Look at Microsoft in this region. It
has a lot of trust in China because, more and more, their high-end R&D has moved
to Beijing and Shanghai. In some areas, there's a high degree of trust and
comfort, but, obviously, it's something that security agencies are very
concerned about. Back doors are always potentially present. There have been a
number of cases, such as, of course, the BlackBerry case in Canada and Nortel, a
company we did a lot of work with in Cambridge University. The headquarters was
kind of like one of those embassies in the Cold War. There were so many bugs you
didn't know where you could have a free conversation. Whether that came from one
particular country or not, those are examples of where the economic espionage
enters into the equation. I suppose we have to think, going forward, of how best
to design systems, whether they're virtual or physical, that can withstand that.
There's interesting work going on when countries build embassies now, how they
keep them bug-free. There has been a pretty big sea change in how they go about
Yes, it's a concern. Critical infrastructure back doors could probably do the
most damage. I think it goes to the point I made earlier about confidence
building and, in the Asia-Pacific region, reaching out to the institutions that
Canada already plays a role in, like the ASEAN Regional Forum on the defence
side. That's an area for confidence building. I believe the Royal Canadian Navy
participates in RIMPAC on the defence side. Those are more hard defence, but I
suppose, for the economic institutions, it's interesting. The U.K. Strategic
Defence Review was a departure from the old, separating security from economic
strategy, and there's more and more joined-up thinking in the U.K. and NATO
countries. It's important to think about those challenges as on parallel tracks
Canada is a member of APEC and hosted a summit. That's an economic
organization, but it's interesting that, at many of the APEC summits, when the
leaders show up, there have been hard-power crises, such as after 9/11. There is
kind of a security parallel track that develops alongside. Logistics networks
are a big concern. I was in Singapore, and you could look out my hotel window
and see the number of ships, end to end, for miles and miles. Hundreds of ships
come in through the Straits of Malacca. I wrote an article for a review on
maritime cybersecurity, and that should be of concern to Canada as a Pacific
nation. The threats to the logistics supply chain are something we could talk
about as well. From the Port of Vancouver down to Seattle, the threats anywhere
in that supply chain, from the desktop to the freight corridor to the airports
to the ports, are an area that we haven't thought enough about. It would be
interesting to engage more with Canadian agencies, as well as with the
commercial partners that are vulnerable. Singapore is one of the most advanced
ports in the world. IBM, Sun Microsystems and others got in early and developed
a very sophisticated, modernized port facility, and I think they do stay up at
night worrying that some of those vulnerabilities could be exploited in
peacetime. In wartime, the risk is even greater, with the reliance of defence
organizations on the commercial network and on the Internet. Ninety per cent of
their port communications are carried over commercial carriers. It's true with
logistics networks as well. That's an area to be concerned about because it's so
complex. Things may be happening that we won't learn about until a long time
from now. That's an area that I think warrants extra concern and precaution.
Senator Verner: I would like to continue with an article published by
the Canadian Press in September 2012, which referred to concerns expressed by
Public Safety Canada that computer systems located in Canada are being
infiltrated more and more often, and then used by hackers to launch cyberattacks
elsewhere in the world.
Could you please tell us if this is a practice that is becoming more and more
Mr. Hughes: There are some really interesting reports I encourage you
to download from the Citizen Lab site, from the University of Toronto, that have
mapped occasions where opportunistic hackers have taken advantage of some
systems in Canada as partners. There's always a risk that service providers can
be captured and used for no-good ends. It's a concern. And I think protecting
against it is probably a balance of regulation and incentives. Again, I can't
speak for the Canadian government, but it's my understanding that it is still
working the formulas to get those balances right. That's where you come in on
the committee here. The democratic oversight and nudging in the right directions
is really important because service providers don't want to have nefarious
customers who will get them into trouble, and it's not in the government's
interest to provide incentives or overregulate. That would detract from those
types of services.
It's a challenge. It has happened before, and it's quite negative for all
parties involved. It's something I hope the committee could really take a look
at. I know the Citizen Lab and Professor Deibert's group would be thrilled to
offer assistance there because there's a lot of data they have that could be
Senator Verner: Since 2010, Canada has implemented three initiatives
concerning national and international cyber security: Canada's Cyber Security
Strategy, the Cross-Cultural Roundtable on Security, and a joint cyber security
action plan between Public Safety Canada and the American Department of the
In your opinion, are these three initiatives truly an effective way to
counter threats from the Asia-Pacific Region?
Mr. Hughes: Thank you, senator. It has been a while, I must confess,
since I've looked at the documents and the reports, but I do think they're
useful in terms of syncing up parts of government, whether it's in-country or
across the border. I don't recall that there's a lot of emphasis on the
Asia-Pacific region, but I will go back and look at the reports and can respond
to you later in more detail, if you wish.
Overall, the trajectory and the energy in cybersecurity collaborations with
like-minded NATO countries has been towards NATO, towards the Atlantic
direction, so there probably has not been nearly enough energy in looking at the
Asia-Pacific region. That's something that should come in pretty short order.
The work we do at the university level, again, even that's pulled in a lot of
directions. We've had conferences with MIT and Harvard and others, which have
been pretty Atlantic-focused. It's a real effort to get Asia-Pacific
representatives to come. I mentioned the fourth annual Cyber Dialogue Conference
that we'll be hosting. We'll have more, but not enough. It's kind of a legacy of
the Atlantic post-Cold War era. As the economy shifts, the main events of this
century will be in the Asia-Pacific region, so I think we all need to do a lot
more to reach out and examine.
In short, I don't think there is enough Asia-Pacific focus that would warrant
a lot of attention at this time. Again, hopefully with the help of the
committee, it will come.
Senator Dawson: Senator Fortin-Duplessis and Senator Downe both talked
about the cyberattack on Estonia. There is a price to pay. Estonia is by far the
most wired country in the world. They have the best Wi-Fi Internet service by
far of any European country. Their cabinet sits with computers. They don't have
paper. People have Wi-Fi. They've been paying their parking meters with their
phones for the last 10 years. We're starting to do it here now.
There is a price to pay for progress. They were ahead the curve and, because
of the fact that they were ahead of the curve, they were an easy target for what
is suspiciously thought that the Russians attacked them, but that's the price.
Because they were ahead of the curve, they made it to the European community
faster than the other Baltic states. They made it to the euro faster. There is a
price to pay for that kind of progress. They invented Skype, and it's not banal
as a success story.
We used to be ahead of that curve. They have a digital policy. They have a
digital strategy as a government. I'm not criticizing the existing government.
The previous government wasn't better at having a digital plan. We don't have a
digital strategy in Canada. We used to be ahead. I'm chairman of the Transport
and Telecommunications Committee, and we've studied the issues of digital
Canada. We used to be ahead of the curve with phones and television. It put us
at risk because, if you're ahead of the curve, you are more vulnerable.
Everybody knows what happened to Nortel, which was the biggest organization of
its kind in the world.
I defer to my two colleagues that yes, there is a risk with this dependence
on the digital world, but there are advantages. We would not have the progress.
Inflation would be higher if we did not have the price competition that the
Internet offers us in buying products at a lower price. Yes, it does have some
repercussions. It influences the book industry and the libraries in Canada, but
it is progress. I don't disagree with my colleagues, but I think that's the
price we have to pay.
What I would like to hear from you is how we assure ourselves that we get
back ahead of the curve in terms of technological progress but, at the same
time, have some surveillance of what is being done with this mega-data mining
information that we saw again this week. I have so many of these tools. I don't
know if anybody is trying to follow me. Trust me; they can find me. What do we
do to be ahead of the curve and, at the same time, not be too vulnerable?
Mr. Hughes: Thank you, senator. I think you're right. The Estonians
may have been a little bit ahead of themselves during the incident and the
skirmish with Russia, and it showed how vulnerable you are if you're the most
advanced e- economy in Europe when your banking networks are attacked, and your
point-of-sales systems and Internet parking meters. That can be a real problem,
especially in scale if it was Canada or the U.S. or much bigger countries.
Ultimately, no one is going to stop the progress. Even the best regulators will
be out-witted and outsmarted.
What you're really getting at perhaps is Canada and its partners have fallen
behind in some areas. Those are probably questions about economic incentives. I
can speak from the U.K. side because, living in Cambridge, which prides itself
as a Silicon Valley of the United Kingdom, this is on our mind all the time and
in the government there, both nationally and regionally, and then with the
European Union, and how to create incentives that keep you at least competitive
if not ahead of the curve in the Internet game. I can say from our experience at
the university level, and I think this applies at the University of Toronto, too
— the MaRS project and incubation and looking at the Waterloo, BlackBerry, the
legacy there and innovation — and maybe out to the Pacific coast here and
thinking about competition with Asia-Pacific countries, specifically, that it's
really about the incentives that make it possible for new capital formation to
I was thinking this morning on the way to this site that the West Coast faces
Asia, whether south or north of the border. The investment increasingly will
come from the Asia-Pacific region. There's already a growing presence of Bank of
China investments. Look at Vancouver and the properties developed there. I was
at the Asia-Pacific conference that the Asia-Pacific Foundation hosted in June
last year. It's interesting to see some of the banks, even British banks, Bank
of Hong Kong, Barclay's, talking about the new capital that's coming. What
investments do they look at? Well, a lot of real estate, but ultimately those
buildings have to be filled up.
I think you're starting to see some traction in high-tech companies in the
Canadian economy, especially British Columbia. There's already a stepping stone
with the film industry in Vancouver. Now the film industry is so integrated with
the digital industries and digital media that they're becoming almost one and
If it's about the next generation of Canadian industries that are
technologically based in the Internet cyber sector, looking at the incentives
that all competitive regions in the technology game are looking at, in our
experience it's a combination of getting the regulation picture right, other
economic and fiscal incentives and regional development strategies. There's a
lot there. There are a lot of good models to look at.
Certainly in the Asia-Pacific region, I've mentioned the Asian growth miracle
that everybody on the committee is well aware of. That started with good land
use policies — there were some interesting books and articles written about that
— and then getting towards to the capital formation, the foreign direct
investment that is so key. Even for developed countries, no country is fixed in
its position. Even if Canada, as you've referenced, maybe slid back in some
areas, the next Nortel or BlackBerry may be on the horizon and government
perhaps can do things to get those companies over the hump. That will be the
subject of the INET conference coming to Toronto in April, the Institute for New
Economic Thinking. We have an INET node in Cambridge, U.K., where the university
will be taking up that question in a more technological focus. They held their
conference last year for the first time in Asia, in Hong Kong.
On the incentives, it may be interesting to hear some more feedback from the
committee as to how you're grappling with that, because with the leap or the
intersection with Asia-Pacific and foreign trade, there's so much there. It's
hard to know where to begin. I have personally seen evidence at the Asia-Pacific
conference and elsewhere that some of the wealthy bankers and entrepreneurs and
investment capital are quite excited to do business in Canada and along the West
Coast. The West Coast of North America is the technology belt because of Silicon
Valley, but the belt goes in both directions. It goes down to Guadalajara,
Mexico, which is developing its own tech hub, and up to Vancouver, and perhaps
beyond, so that may be what powers much of the transformation and collaboration.
I think there are a lot of good things happening and perhaps senators in their
constituencies are more aware of some of the companies and organizations taking
advantage of those opportunities.
I hope that heads in the right direction with your question, which is a good
Senator Dawson: Very briefly, you are quoting someone else, but the
next war will begin in cyberspace, which probably is true, and when I criticized
the government, I criticized the one that was there before as well as the one
that's there now.
We do not have a digital plan, so if there is going to be a cyberwar and we
don't have a digital plan for Canada, what is our procurement policy going to
be? All of us know around here about the problems with the procurement policy of
National Defence. The government has acted on it this week and I think it's a
step in the right direction.
But procurement for a cyberwar needs some political guidance on a digital
policy for the government, and this is probably a little away from our subject,
but if we are looking at our Asian future competitors, they have digital
policies. They have ministers responsible for the management of the digital
policies of their countries.
We're behind the ball on that. If the next war will start in cyberspace, I
would like to know that we have at least a procurement policy for how we will
react to it.
I do not know if you have any comments on that, but one of the advantages of
the Internet now is that I can read. I probably know more about you in what I
read than you know about yourself, because I have it all here on Google. But
this is a reality, and I think we're behind the ball on it.
Mr. Hughes: Thank you, senator. I appreciate you finding some of my
articles on the Internet. Academics worry about getting past the 1:1 readership
ratio, so it's good to know things are reaching the highest levels of
My only comment would be that it never hurts to have a strategy, even if it's
not followed to the T. There are a number of good examples. I think the U.K.
does a better job than perhaps the U.S. and Canada in developing strategies.
They don't always get implemented, and sometimes the resources aren't always
But from the top down, the Prime Minister's policy directorate, and going
back to early Internet days, they brought people in from the industry and the
BBC who had a bead and a vision for where they wanted to go, and they brought
that expertise into government and then focused on whether it was an eGovernment
Strategy or the development of what is called Ofcom, the Office of
Communications, which is the British telecom regulator. It is really exemplary
for the Commonwealth.
I worked there for a time and delegation after delegation came through to see
how the British operated. It took five regulators and print, broadcast,
telecommunications and radio, converged that into one super regulator that all
it did was prepare strategy in its first few years. I had the privilege to work
on the telecom strategic review, which really got the U.K. ahead of the curve in
terms of liberalizing its wireless spectrum, and the U.K. was one of the first
in Europe with 4G wireless technology and quite far ahead of other countries.
I think you're right, and it's good you are Googling, because you can find
some of these other strategies, and perhaps they are examples for Canada to
I think there is some really good work done on the defence side in the
Canadian war colleges that look at challenges. I was reading some articles last
night, and there is some high-quality thinking that is as good as anywhere, but
perhaps the link is a little bit weak getting those into government policies and
There may be opportunities to develop those things in a more rapid manner,
but it is a really good question. I'll be happy to point you to some that we
have worked on, at least from the Cambridge side, if that's of interest.
Senator Demers: I would like to know from you to what extent this is
valid: Canada has a reputation in Asia of showing up there but not being serious
about establishing long-term relationships.
Apparently, from what I read, this was not always the case. Canada is a
powerful country. What's your answer regarding that matter?
Mr. Hughes: Well, I must say my experience with Canadian officialdom
in the Asia-Pacific region is quite good. I may not be the right person to ask
in terms of the long-range impact where your criticisms may be valid.
Canada has played a critical role in APEC in terms of institution-building
and regional forums, and it, I think, has a really good seat at the table and is
Again, I'm sorry, I can't cite any specific examples where I have seen maybe
the government fall down in certain cases, but it's interesting, and it's
probably a perspective we should look at in our engagements with Foreign Affairs
and other departments that may be more aware of that.
In cyber, maybe there is a general feeling there aren't enough people that
are really committed to it, and programmatically maybe that doesn't filter down
to the region. That could be the case, but that perspective is very interesting,
and I would hope to learn more about your understanding of that.
The Chair: Professor, I have two questions. You've talked about
cyberspace and some of the difficulties and some of the advantages. Looking at
Asia-Pacific, what I'm concerned about are the countries. If we're going in a
negative direction, you're talking about governments having to protect their
data, et cetera.
When you look at Asia-Pacific, is it a question of policies and ideology, or
is it the lack of institutions and capabilities that is an impediment to working
with the countries?
Mr. Hughes: Just to be clear, are you referring to the policies and
ideologies on the Asia-Pacific side, the Canadian side or both, perhaps?
The Chair: Yes. In so many of the other fields we say that China, for
example, and some of the other countries are developing, but their institutions
were not compatible to ours. Their laws and protections aren't there.
Intellectual property is a subject that comes up all the time. Is that an
impediment? My second question is you said that there are some advantages that
our industries and our government could take.
So what are the inhibiters? Because you have certainly put out the advantages
for the real world we live in today.
Mr. Hughes: Thank you for that clarification.
You hit the nail on the head of what is among the most contested areas of
Asian studies in academia: whether the incentives will close the cultural gap
between the West and parts of Asia. That's obviously something that has been
debated for centuries.
There are a couple of schools of thought today, I think. There is an
interesting article by a Woodrow Wilson School professor, John Ikenberry from
Princeton, on liberalism and the kind of Western value of open democracy and
capitalist systems and whether countries like China would eventually get on
board with that. His thesis was, yes, they would, even though some of their more
overt policies look askance to that, that there is good evidence if you look
materially at what China and other countries that may have a very different
ideology from Western countries, that they are more or less going down the road
of engaging with liberal institutions, whereas the World Trade Organization or
APEC was created very much in the western model.
So there is that viewpoint. But there is the other viewpoint, the kind from
Samuel Huntington, if you are familiar with his great book, The Clash of
Civilizations. That was so impactful because he threw a unique thesis out
that, looking at the United States, North America, that it would be challenged
by immigration from the south of the U.S. border and that that would be an
example of where maybe culture collisions cause domestic tensions and even in
the country's outward view of things. So there are many different schools of
thought and there is probably no correct answer because history is unfolding
My personal view is that I would side with Ikenberry that the West has had
various successes in creating the institutions, especially following World War
II, and that countries have very different ideologies from us. Look at what's
happening with Iran now. They are all of a sudden looking at ways to find entry
points into things like the WTO. They are very western and may be diametrically
opposed to what their clerics and officials would be for with their domestic
constituencies, but there is a kind of trajectory towards some mutual
accommodation, cooperation and positive sum game where at least economically you
can bring those countries in. There is a pretty good track record; not that
there won't be bumps along the way.
Of course, the crisis in the East China Sea and perhaps soon the South China
Sea are real barriers and things could go terribly wrong and countries'
economies could potentially collapse around that, if it went off the charts
I don't know how valuable my personal view would be to you on that, but I
think there is evidence that at least institutionally there are things that
Canada and other partner countries can do that would facilitate cooperation with
countries that have those different ideologies. But it's anyone's guess as to,
of course, what ultimately happens in some of the more difficult areas.
The cyber bit is interesting because we're talking today about cyberspace as
a separate thing from real space and it's often convenient to think that way,
but if you think about the about next generation, the digital natives and the
future foreign service officers, they are going to bring a really different
perspective. Look at how young people view privacy with Facebook and other
social media versus our peers, even though there is a different approach to
things now in the social media world. Much like for the private sector, cyber
has been transformative. Amazon is the world's largest retailer now and a decade
ago barely existed. We're 20 years this year since the commercialization of the
Internet, when the National Science Foundation let it go into the commercial
domain in the United States and beyond.
I think, looking forward, that the generational perspective, especially
coming from the university, is a real opportunity for Canada. In the U.K., I
think there is a realization, thinking back to the London cyberspace conference
a few years ago. It's my understanding that the conference may come to Canada in
the future. It is really important to get the next generation of foreign service
officers engaged and create pathways for them to create digital strategies for
I think that scenario is where Canada and a lot of countries are challenged.
It's true in the U.S. as well. There is a tiny little office in the State
Department that's the kernel of the secretary's digital Internet freedom
strategies carried from the previous administration. There are still not many
bodies or expertise to allocate. That's an area where Canada, if it wanted to,
could match up the right resources and leap ahead of many of its neighbours and
add unique perspective. Again, the geographic, economic and cultural ties are
there. So why not find new mechanisms to leverage those and help close the gap
on some of those ideological frictions for a better cyber future or just
Asia-Pacific future in general?
The Chair: Following up on that, that's an interesting recommendation
you're making about foreign service. Is there any other area with business, et
cetera, that you think we could improve on and would have an advantage over
other countries, strategically, of course, around the Pacific?
Mr. Hughes: Yes. I think, on the business side, in addition to what
Foreign Affairs may do, that thinking back to my visits to Vancouver of recent,
doing things that make it easier for those Asia-Pacific entrepreneurs, specially
coming from some of the offshore economies like Hong Kong and Singapore with
bags of money to invest, and in speaking to some of those individuals I think
they do feel a cultural affinity. They love to go and get dim sum at some of the
best restaurants in town and look at these beautiful condos that they could end
up living in, so there is an attraction there, obviously. There are easier
travel connections from the Pacific coast of Canada to Asia, but there may be
opportunities, whether at the regional level or the metropolitan level, to
create platforms where it makes those interactions.
Think back to Silicon Valley, and the experience in participating university
events at Stanford and Berkeley. There are the formal things that happen and the
informal things. I haven't spent enough time at UBC. It's amazing how much the
campus has transformed and obviously it's the beneficiary of some of that Asian
Create mechanisms maybe on the formal side that go along with the informal,
the kind of mixing that goes on. Our experience in Cambridge, U.K., the regional
development agencies work with the department of trade, now BIS, to bring
delegations like we did at Ofcom and they also then will take delegations over.
I think that already goes on today.
I don't have any real breakthrough ideas for you, I'm sorry. I do think there
are probably some models to look at around the world. We have done some work
with the Irish Development Agency. They do a really good job for a small country
of 6 million people — it has doubled in population in the last 20 years —
focusing on their high-tech sectors. They have been moving up the value chain
even though they went through economic disaster, like Iceland. But they are
still chugging along. attracting foreign investment, a lot of U.S. high tech,
and now China tech and Japan tech going into Ireland. Their development agencies
focus like a hawk on attracting those companies, so it's about bringing the FDI
in, this tech focus. There are models out there that could be followed.
But the incentives really matter. Ultimately, these are businessmen. They
will go where their dollars have the least friction, so having the right
incentives for them to invest and having their confidence is important.
It's an area we would look forward to brainstorming with various officials on
to see how it could be done. The benefits will flow down the West Coast,
obviously. In Seattle today, look at what Microsoft and other companies are
doing on the other side of the border. The Olympics were a big opportunity. It's
my understanding there was a pretty interesting looking glass that was developed
with Homeland Security across the border, maybe like a mini NORAD that watches
the border in a pretty high-tech sophisticated way. Taking advantage of the
technology companies on the West Coast — there are many there and I think that's
true for the U.S. as well. Again, the pull has been towards the Atlantic in the
past, but while Europe takes a time-out in terms of its high-tech development
because of stressed capital markets, the euro and all sorts of other problems,
now is probably the time to look towards the Pacific. They can take some of
those budgets and shift them in the other direction to try to make improvements.
I hope that's helpful.
The Chair: Thank you. That's helpful. I have a question from Senator
Fortin-Duplessis before we adjourn.
Senator Fortin-Duplessis: Are there international or legal
instruments, or conventions or treaties that would allow Canada to promote state
and supranational action to strengthen cyber security in Asia?
Mr. Hughes: Another good question. I cannot cite examples of
initiatives that would be comparable to what the UN Government Group of Experts
is working on more in the arms control area or the European convention on
cybercrime. Nothing equivalent has developed in the Asia-Pacific region
specifically. But I can say that in a recent visit to APEC headquarters in
Singapore, I met with some of the working group chiefs. They have some proposals
that are coming through their national governments. Even Russia has some good
ones. You don't often think of Russia as a Pacific power, but it is, through
I think there are proposals that could be on track to being something bigger,
and that could be an opportunity for Canada as well. You think about Russia and
its engagement with the West as still rather turbulent, but they are a
cyber-power, and they are really good with the management of their technology.
They are a bit challenged on their commercial side.
The countries have used these regional institutions like APEC and ASEAN to
float proposals, and I'm sure Foreign Affairs is well aware as to what is in
play at the moment. But there may be opportunities to take some of those
initiatives forward, and maybe Canada can offer some of its own, whether that is
arms control or human rights.
I know Professor Ron Deibert is a big believer that Canada has a unique
opportunity to promote its human rights values around the globe. Finding the
model and the venues for that are difficult, but it speaks to the need to look
beyond Brussels and beyond the old Atlantic access to London and Berlin. It's
still important, but in addition to that there is probably a need to move some
things where Asia-Pacific countries may be more receptive.
Japan is still the second or third largest economy in the world and there is
probably opportunity there to float proposals. It would be interesting to see
what could be developed that would be perhaps more attractive to Asia-Pacific
countries that can be developed in APEC and ASEAN and taken forward to some of
the more global bodies. It would be a big opportunity.
But there have been no really serious initiatives that we have seen as of
late that would be comparable to what has come out of the Euro-Atlantic region.
The Chair: Mr. Hughes, thank you very much for joining us and carrying
the entire session. It has been extremely helpful. You've touched on a lot of
areas. Our questions probably went beyond the ones you expected, but you handled
them admirably. I thank you for your input. You indicated that you may have
other information; you can certainly file it with the clerk, as this is an
Thank you very much, and thank you for your information.
Honourable senators, we are adjourned until tomorrow morning.