By proposing $800 million over the next five years for cybersecurity measures in this year’s budget, the government is finally showing a desire to fix Canada’s aging cybersecurity strategy.
With so many areas in need of serious improvement, there is much to be done.
Canada’s institutions and businesses are breached on a frequent basis. According to a recent report by the Communications and Security Establishment, government computer networks are targeted by at least 50 state-sponsored cyberattacks every week, of which at least one is successful.
To put this into perspective, a single successful cyberattack against the National Research Council’s computer infrastructure cost Ottawa hundreds of millions of dollars and likely resulted in the theft of valuable information.
Meanwhile, our private sector is not faring much better, despite the fact that they own a majority of our critical infrastructure. According to a survey from Deloitte, only 9 % of companies can be considered highly secure against cyberattacks. This makes the others easy prey for hackers—recent studies show that 90 % of Canadian companies suffered at least one cybersecurity breach last year.
The threats that these attacks represent cannot be understated. Hackers are targeting critical systems like energy grids, telecommunications and dams. Even one successful attack puts the safety of Canadians at risk.
So far, the government has been relatively secretive about what it plans to do with the new money. For now, all we have are vaguely worded guiding principles.
There are several areas that the government must address if it is serious about stopping these attacks.
First, the government needs to strengthen its relationship with the private sector in fighting against this threat. Currently, businesses are expected to voluntarily take advantage of government programs to bolster their defences, often at a significant cost to the company. As a result, many corporate leaders choose to ignore these programs to support their bottom line.
While much of this will rest on the shoulders of these corporations, governments at all levels must take action to ensure that cybersecurity is taken seriously. This means drafting legislation that ensures companies take proper measures to both protect sensitive information and disclose any breaches. Providing economic incentives will also motivate companies to take on the costs associated with bolstering their defences.
While this may be a bitter pill for some companies to swallow, we need to clearly articulate how dangerous data breaches can be for the security of Canadians. Critical infrastructure and the personal information of Canadians are too valuable to risk.
There is also a serious need to address the fact that Canadians do not know how to deal with cyberthreats. Currently, one in three Canadians use the same password for all their accounts and never change their passwords. A majority of Canadians also do not know how to report cybercrimes.
Efforts to bolster Canada’s defences against cyberattacks are meaningless if the people using our critical systems let attackers in. That is why world leaders in cybersecurity like Israel and Australia integrate cybersecurity into their education and workforce training programs. Canada should follow suit.
Finally, our government needs to deal with the red tape preventing it from effectively dealing with cyberthreats. When the National Security Council was hacked in 2014, its systems were not part of the government’s usual secure network, making it easy prey for the hackers and making it far harder to respond to the crisis in a timely manner.
While the government has since brought many of its systems onto a single network, many departments and agencies still express frustration with poor information sharing and record keeping.
The government’s financial commitment needs to be coupled with strong policy that addresses the current glaring weaknesses in our system.
We cannot afford to wait for the worst to happen before we determine what we want to do. It is time to learn from our mistakes and make Canada into a secure digital economy.
Senator Mobina S.B. Jaffer is deputy chair of the Senate Committee on National Security and Defence. She represents British Columbia in the Senate.
This article appeared in the May 28, 2018 edition of The Hill Times.