National Defence Committee on March 29th, 2018

If you'll give me the opportunity very briefly, I agree that one of the key things is to re-establish red lines. I honestly believe, in my personal view, that the reason chemical weapons were used in the U.K. is that we didn't do more to stop their use in Syria. We didn't follow our own red lines and therefore we've allowed the Chemical Weapons Convention to fritter away.

You've spoken a lot about nuclear, and we cannot allow nuclear norms to fritter away. If we don't respond energetically to cyber-attacks, particularly for really destructive things like WannaCry and NotPetya, we then communicate a message that this is now acceptable, that it's high gain and low risk, if you like. We need to turn it around and once again make these violations of international norms, not just in a genocide area but the use of these new weapons, high risk in terms of the response—it's going to be counter-productive, you're going to lose more than you gain, and low gain. That's going to take time, but I think that's key.

I think the second area—and I agree with Mr. Rohozinski here—is that when new things come along, like artificial intelligence or autonomous weapons systems, we need to be all over them early, and much more quickly. That means asking if there are advanced uses in these issues that we could develop to make our defence better. For example, quantum computing can provide a lot of the solutions to cyber defence, so it could be a good thing.

We know from experience that these new technologies have their good side, like the Internet, and their dark side, and we need to be quicker at how we try to stop the dark side.

Mr. Rohozinski, I think, is totally right to point out that, with autonomous weapons systems that could be used totally outside of the human decision-making loop, we need to now start thinking what kind of arms control norms and what kind of standards we need and how to get people on board, so that we establish a red line against the illegitimate use of these things.

Finally, I don't believe there is going to be a new domain as such, but I think one thing we need to think about is how the existing domains and people who work in those domains can help with cyber defence, and how the cyber people can help to reinforce our ability in the existing domains.

Mr. Rohozinski, I think, quite rightly pointed to the problem of more and more weapon systems now running on Windows 2.0, and the vulnerabilities that could come from that.

Those are the three points I'd like to make in response to an extremely interesting question.

That's a difficult question for me to answer. We view Canadians very differently from Americans. We see Canadians as more British, if you can say that.

Oh, oh!

I think the Commonwealth joins us much more closely. We have a stronger common background. We're close to the Americans militarily, but amongst our general population, the ease of relationship is not there. Especially when we see what is happening with the Twitter communications coming out of America now, it's creating a distance.

Having said that, the English language is always a unifier, a bond, and our past history, particularly the support that we've given to each other during the First and Second World Wars, remains a critical point of importance for us.

In terms of the future threats, can I stress the importance of greater honesty and transparency with our own populations? I say this because there is a growing cynicism that is being fed by others on social media. We need to have a resilience amongst our population that isn't there at the moment. We need to give them the decency and the integrity they deserve, and help them to understand what the threats are and the values we're defending. We need to do more of that before we go on to look at the next capability threat. The biggest capability threat that we face is undermining the values of democracy by not being as honest and straight with our population about what the threats are out there and what we're trying to do to tackle them.

First of all, my sense is that Canada is now showing again that it provides muscle to NATO, by rejoining the AWACS program and taking the lead in having Canadian troops back in Europe now—although after the Cold War we didn't know this would be needed again. You've answered the call by taking the lead of the multinational battalion—and the most complicated as well—in Latvia. This shows that Canada is sharing the burden, increasing its defence budget. That means you speak with a loud voice in NATO today. You've shown that it's not just words, but actions, like your commitment to Afghanistan, or the Balkans in the past. That's key.

Secondly, Canada stands for norms. I mentioned in my remarks the criticality of not just producing more weapons, but also producing norms and good ideas. Canada has always been in the forefront of propounding norms, since the days I used to work with people like Michael Ignatieff and Lloyd Axworthy. There's a lot of work to be done.

I totally agree with everything that's been said about women, peace and security; the great role of Ambassador Hutchison; and Security Council Resolution 1325. However, I would hope that Canada would go beyond that and also propound in NATO other types of norms that we should be developing, particularly in the arms control and cyber domains. You have a leadership role in the G7, which could be an appropriate venue as well.

Finally, from the point of view of my own country, you have signed a trade agreement with the European Union. Unfortunately, we don't yet have the trade agreement with the United States that we hoped for. You've shown that a major North American country can sign one. In my country, when we talk about Brexit, we always talk about Canada plus, or Canada plus plus.

I agree with Madeleine: lead the way on multilateralism, the liberal rules-based international order. You have a great deal of authority on that, and that's a message everybody needs to hear.

I would suggest that the question's probably better addressed to Mr. Shea since he represents NATO.

Okay. First of all, no.

There are lots of bilateral intelligence sharing arrangements. You know of the Five Eyes, of course, because Canada's part of that, and it has played, traditionally, a large role. We have in NATO today, with this joint intelligence and security division that has been in existence for just over a year, a concerted effort now to increase intelligence sharing in NATO by forming many panels. We're thereby linking, for the first time, civilian intelligence with military intelligence and therefore encouraging allies to share more. We now have a system called BICES—another terrible NATO acronym for you—which is a distinct agency that allows all allies and partners in the European Union to file the intelligence reports they're willing to share with allies. They can choose the level of classification, and they can choose whom they want these to go to. That's a voluntary effort, but by being voluntary it encourages more intelligence sharing than if we had tried to have a one-size-fits-all approach.

The situation is progressively developing, but it's always, always, always going to be a basic privilege and a right of any country that originates intelligence to determine with whom and what it wants to share. NATO could be a hub to facilitate this, but we can't change that fundamental national right.

The additional comment I would make is that intelligence sharing is based upon knowing what intelligence is actually meaningful to the domain. I think that one challenge we have in cyber is actually knowing what is meaningful and actionable intelligence that you can work on.

Indicators of compromise, which are now being shared among NATO countries, both at the commercial level and the classified level, are one thing, but how do you share information on, for example, traffic emerging on social media that may have a direct impact as part of a hybrid impact against a NATO member country? Is there a justification for surveillance of social media traffic as a joint national defence or joint defence strategy? These are policy questions where we have quite huge gaps.

In fact, maybe as a closing answer or statement on this, I think you have an issue here as parliamentarians. Cyberspace is having an impact across the board on our society, which is disproportionate to how we see the size of the problem right now. We have a mechanism in Canada known as a royal commission that generally allows us to deal with things that are of a larger scale than simply a departmental responsibility. I've given testimony to several different committees of parliamentarians and the Senate. I've done work with individual government departments. In each case the stovepiping in how decision-making is being done means that there isn't a holistic approach to our being able to understand, as Canadians, and you as parliamentarians, how we need to approach this in a more overall manner where the impact is on domestic policy, where the impact is on our state policy, where the impact may be more narrowly focused on national defence. My encouragement to you as parliamentarians is to understand that this is a whole-of-society issue that requires debate and, like Ms. Moon has said, that we have to be forthright in understanding where the issues are and forthright in being able to identify them.

Thank you.

I'll give you a very indirect answer. We have difficulty with that even domestically. There is no mechanism that compels, for example, banks to share information among themselves of threats they may share in common. There's no thing to compel telecommunication carriers, for example, to inform downstream organizations, whether those are banks or governments, of things that may be actually affecting them on an intelligence “sharing” level vis-à-vis cyber. This is a cascading problem that scales up to NATO.

I think the honest answer is no, there isn't a mechanism. There are mechanisms that we are trying to adopt, but there isn't a solution to this problem. That's one of the challenges.