National Defence committee  CCDCOE is not an operational structure of NATO. It is a research centre, so it actually has no capability apart from the research function that it forces. If the question is should Canada be creating a cyber command or at least looking at where cyber fits within the current force

National Defence committee  Again, I'd go back to what I said earlier. In my work with the International Institute for Strategic Studies this year, for the first year, the strategic balance, which is really the referential tome when we look at the capabilities of nation states and others in traditional mili

National Defence committee  That's a question and there has been quite a bit of work done in the last three years in terms of looking at how the existing laws of armed conflict can be updated to include the cyber dimension. I think there's a greater understanding now, especially post Ukraine and Crimea, tha

National Defence committee  I think we have a much greater risk at the moment in terms of what is happening within the commercial sector and the aggregation of data at scale than we do within the government institutions. This is an immensely challenging area because we have not only built an industry around

National Defence committee  I don't think the government should take responsibility, but I think the role of government is to set rules and those rules can either regulate or they can incentivize. In certain cases, creating incentives for information-sharing through very light regulation is probably a lot b

National Defence committee  I'll give a two-part answer, partially answering a question that was asked previously. This method of public health surveillance as a way of identifying individuals at risk I think actually does have applicability in cyberspace and could be applied at a community level without c

National Defence committee  Exactly right. This is a separate topic but maybe an important one. The global Internet, because it reflects the majority of humanity right now, is probably the single most valuable intelligence tool we have. By that I don't mean intelligence in terms of state intelligence but

National Defence committee  That's correct, but here I might also make a small distinction that is quite important. There is surveillance for law-enforcement purposes, but there's also public health surveillance. Both rely, essentially, on the same kinds of methodologies, which means gathering data in order

National Defence committee  It could mean anything as simple as the mass disruption of telecommunications networks; the manipulation of data in critical systems, for example, at Treasury Board or Bank of Canada; or the remote manipulation of SCADA or process control systems around either electricity deliver

National Defence committee  I will give you an example. It'll be an artfully constructed one but I think one that will make the point. All the banks in Canada use the same Internet providers for most of their network services. Whereas banks can see anything that happens within their infrastructure, they c

National Defence committee  The answer is yes, and I think that is definitely something that Canada should work at having. The problem with cybersecurity is that it isn't quite as easy to understand as health care, unemployment, or other things that the average voter will either have a position on or not.

National Defence committee  I would very strongly agree with that approach as, I think, the comments during my testimony would emphasize. We risk silently rewriting the social contract between individuals and states if we don't take into account the role of privacy and the right of the individual as we reba

National Defence committee  That's a good question, and I would say this. You need to start small. I think understanding the role of cyber within the military means you need to have some kind of doctrine around cyberspace operations that is consistent with the existing defence posture. However, because c

National Defence committee  Again, I think the answer is yes. It boils down to the fact that CSEC is—rightly so—the institution in which we have concentrated the capabilities and understanding of the cyber domain in government. However, CSEC is both constrained in some ways and maybe not the most appropriat

National Defence committee  Certainly, one of the things that we have developed as a criterion when we work with other states who are seeking to develop national cybersecurity strategies, is to understand the role of standards, and participation in standards-making bodies as a way of ensuring that the techn