National Defence Committee on Jan. 30th, 2018

Oh, oh!

It is.

We come here to have a valuable exchange of dialogue so that we can engage with you and help you do the very valuable work that you do to help the department situate itself inside the government, so with that, I thank you.

I wouldn't want to leave you with the perspective that a classified conversation would yield different answers to the questions I received today. Indeed, if you had asked different questions, there would have been different answers, absolutely.

Thank you.

Indeed, we will come back with as much information as is available to us with respect to the MDA project. They're probably quite excited about it and have more details than we would, on the periphery, watching that happen.

With respect to what we would refer to in our terms as force development for cyber and co-operation and collaboration with NATO, as Commodore Feltham indicated in his remarks, NATO has invested significantly in a centre of excellence—a cyber range, if you will.

Imagine a technical environment where you can test cyber ordnances, your reaction to an attack, and so on. These are very valuable entities that we, as a partner of NATO, will be able to exploit and take advantage of. We look forward to that.

With respect to the commitments of our policy, the policy as delivered by the government directs investments by the department over a 20-year period. Those funding and personnel commitments have not exactly dropped into our laps this year, so we are busy looking at the design of the implementation of this policy and what it's going to look and feel like over the 20 years of its term.

It's a little early for me to comment on how much of the resources committed in the policy will land in NATO. Suffice it to say that the policy also explicitly tells us that we will continue to invest in and support our relationships with our allies, including NATO, Five Eyes, NORAD, and the others.

Unfortunately, I can't give you an quantitative answer other than an explicit direction from government in the policy for us to continue investing in that area. Then, as we implement the policy in the coming years, it will become clearer to us how and where to make those investments.

As Rich said earlier, there's always more demand than there is supply in a give-and-take relationship with any entity. We want to be very smart about where we put our resources so that we get the most return on investment for us and for Canadians, ultimately.

That's an excellent question, Mr. Chair. I'll ask Commodore Feltham to speak to that.

Thank you, Mr. Chair.

As I mentioned earlier, the human resource demand in this occupation is extreme and very difficult. We don't take it lightly. I would say I spend the vast majority of my time trying to understand innovative ways to come to that answer.

The first tranche of operatives we put into cyber-occupation, as an example, we took from a proven commodity. They were people who were doing that work within our operation centre, and we moved them into the operator trade. We've developed internal training programs. We have standards to develop and train our operators. We got those standards in collaboration with our allies. We worked together to have standardized training that we can exchange with our other broader allies.

Also we recognize that within the civilian sector, there's a robust and rich opportunity to recruit young Canadians from colleges around our country, and we are working with a number of colleges to accredit their programs and to bring those people into our programs as fully fledged cyber-operators.

I would not want to leave you with the impression that this is another military occupation that we will handle like every other, because it's not. It demands a different view, a different focus, and an adaptive approach over time.

The answer I give you today is that I hope that it will adapt and evolve over time to meet the demands of that occupation. For example, in the coming weeks we're going to have an entire ideation session on how we can best use the reserve force within a cyber-occupation. We're looking at every and all means, and not just within our own structure. We are trying to leverage both industry and academia to bring ideas to us and to leverage those as well. I don't think we have all the answers—I know we don't—but we're working with all allies internationally and nationally to get the best advice within that structure.

If I may follow up on that, earlier a colleague asked a similar question, and I wrote a note, which I want to contribute to the answer, around the reserve force and how exciting that is for us.

In my interactions with industry—we're significantly engaged in areas in which we are able to be—the discussion around cyber-talent is always a challenge, as it is for them as well. Given their industry base, they're able to pay some of the skilled people very well. It's very difficult for government to attract them to come over in the regular normal time as a public servant or as a regular force member. However, the interest in being a part-time cyber-operator for the Canadian Armed Forces is of great interest to industry and industry personnel whom I've engaged with.

As we learn and exploit how we're going to implement these new curriculums and these new criteria for being a cyber-operator, we're looking at creative ideas around using and leveraging the reserve force to get access to that industry talent, even if it's only on a part-time basis.

Again that's a very good question, in the sense of getting a perspective of what it would look and feel like to deploy as military personnel from a digital perspective.

As Rich said earlier, when we get ready to deploy our forces into these areas of the world, a threat assessment is done and a reaction to that assessment to mitigate those risks is established before we deploy. In the digital and cyber world, for this conversation, we provide the capabilities for those men and women in uniform to operate, to do the job that they need to do to succeed in operations. We give them capabilities that are secure and compliant. We do our best to stay ahead of the bad guys when it comes to exploits and vulnerabilities and we are constantly readjusting our position.

In some ways it will be the same approach when we deploy our men and women when it comes to cyber and digital capabilities, but it will always be adjusted to the threat of the environment they are going into.

To that end, I will offer Commodore Feltham, as an operator himself, the opportunity to elaborate on my statement.

Mr. Chair, I can really only reiterate what I said earlier, which is that it's all based on threat assessment, so the broad answer to your question is that there is no difference in how we approach the problem. The specifics of what we will deploy to support any individual operation will vary based on that threat assessment. I couldn't speak to every ongoing operation in the Canadian Armed Forces today, but the path we take to prepare our troops to enable them to succeed in operations is essentially the same. We analyze the threat and prepare them against that threat.

You're asking me if it compromises cybersecurity. I know I wear a navy uniform, but I must say I haven't worked within the navy structure for a number of years, so I'm not aware of their analysis of the threat that this morale tool introduces. I wouldn't want to speak out of turn.

The navy has done an analysis of what Wi-Fi means to the security of their platforms and the morale advantage that it provides to people who will deploy for months on end through having access to communications with families back home and what that provides for them. In terms of a threat or a cyber-threat, I'm not aware of any because I'm not working in the navy lines.

I would only want to interject to make sure that it was clear to the committee that the Wi-Fi capability supported by the navy on those platforms is not connected to the corporate network in any way, shape, or form. It provides access to the Internet for the men and women on board ship to have a bit of a work-life balance when they are off duty.

The corporate equities on board that ship still fall under the authorities of my organization to secure and maintain, and they are not involved in getting these men and women access to the Internet through corporate systems. These are independent systems that the navy has deemed a tolerable risk in order to enhance work-life balance. Further to that, you would have to ask the commander of the navy of his level of comfort with that.