Evidence of meeting #13 for National Defence in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was threat.
A recording is available from Parliament.
4:05 p.m.
Conservative
Todd Doherty Conservative Cariboo—Prince George, BC
That's why I asked that question. I get it.
Further to that question and that comment, Ms. Henderson, would you say that certain policy positions in recent years have hurt our standing within the Five Eyes? Are we being left out of important meetings because we still have Huawei at the table and are still partnered with Huawei?
4:05 p.m.
Assistant Director, Requirements, Canadian Security Intelligence Service
What I would say is that right now, the Government of Canada is engaged in an ongoing review that's being led by Public Safety and it's determining the Canadian approach for the implementation of 5G technology and telecommunications networks.
4:05 p.m.
Conservative
Todd Doherty Conservative Cariboo—Prince George, BC
Do you believe our allies see this as a threat and have concerns over Huawei still being at the table with Canada?
4:05 p.m.
Assistant Director, Requirements, Canadian Security Intelligence Service
All of our allies have taken different approaches to 5G and to Huawei and to the implementation, and they're adopting various mitigation measures to protect their national security in response to the needs of their unique environments, and we all continue to talk and work very closely together.
4:10 p.m.
Conservative
Todd Doherty Conservative Cariboo—Prince George, BC
Do you feel there are concerns among our allies with respect to Huawei and Canada's partnership with them?
4:10 p.m.
Assistant Director, Requirements, Canadian Security Intelligence Service
I couldn't speak to what the allies are thinking at this point, but what I can say is that we all work very closely together.
4:10 p.m.
Conservative
Todd Doherty Conservative Cariboo—Prince George, BC
How would you define, for lack of a better term, a cyber-Pearl Harbour attack, and are we prepared for it?
4:10 p.m.
Assistant Director, Requirements, Canadian Security Intelligence Service
We work very closely with our partners around the world as well as with our domestic partners to really educate and inform the critical infrastructure, the various business enterprises, industry and our own government departments to shore up their resources and protect their cybersecurity, and we constantly work together to learn about new ways in which we may be attacked so that we can prepare and help support all of our departments to protect themselves against a massive cyber-attack.
4:10 p.m.
Conservative
4:10 p.m.
Assistant Director, Requirements, Canadian Security Intelligence Service
Lots of things keep me up at night.
4:10 p.m.
Conservative
Todd Doherty Conservative Cariboo—Prince George, BC
What is the perfect storm and what keeps you up at night with respect to our national security and the cyber-attacks and cyber-threats?
4:10 p.m.
Assistant Director, Requirements, Canadian Security Intelligence Service
I would say at the moment that we are all working extremely hard and closely monitoring the current situation and environment, and monitoring the advances in technology so that we can make sure we have the defences to protect ourselves. We are only as strong as the weakest link, which means we really need to work together, educate, and learn from anybody's mistakes so we can shore up everything and protect ourselves today and into the future. It's a constantly evolving environment, and we can never let our guard down, because there is always a threat actor out there that would be willing to try to take advantage of our systems and our country and to have a hugely negative impact on our national security.
4:10 p.m.
Conservative
Todd Doherty Conservative Cariboo—Prince George, BC
I won't put words into your mouth, but you've said that we're only as strong as our weakest link. Would you say that Canada is viewed as a weak link within our Five Eyes system because we are still considering Huawei and in negotiations with Huawei?
4:10 p.m.
Assistant Director, Requirements, Canadian Security Intelligence Service
No, I would not, because as I noted earlier, every country needs to find the mitigation measures that work in its specific instance, and we all work extremely closely to share information to make sure that we're all helping each other protect ourselves as we move into the future.
4:10 p.m.
Liberal
The Chair Liberal John McKay
Mr. Fisher, what keeps you up at night? You have five minutes to tell us.
March 28th, 2022 / 4:10 p.m.
Liberal
Darren Fisher Liberal Dartmouth—Cole Harbour, NS
Thank you very much, Mr. Chair. I won't get into what keeps me up at night, but I'm sure it's not at the same level as that of our amazing witnesses.
Thank you very much for being here and for your testimony.
I was trying to read an awful lot to prepare for today's meeting. There's an awful lot here dealing with cyber-threats and cybersecurity, and in fact I will throw a compliment out to Ms. Gallant across the way. When I was first on the National Defence committee, she was one of the members leading the charge on cyber-threats and cybersecurity, and I did learn quite a bit from her.
Some of the reading I've done talked about Canada being almost collateral damage when it comes to cyber-threats and cybersecurity, basically on the basis of our proximity to the United States and our connections to the U.S.
I will ask this of both of you, maybe starting with Ms. Henderson. Is that still true, now that we've just unleashed significant sanctions on Russia? None of us around this room is welcome in Russia anymore for our summer vacations. Are we more than collateral damage now that we have enacted those massive sanctions against Russia and its oligarchs?
4:10 p.m.
Assistant Director, Requirements, Canadian Security Intelligence Service
As I noted earlier, we work really closely with our partners because, as Mr. Doherty pointed out, I did say that we're only as strong as our weakest link, and because we all work so closely together to share each other's experiences, to learn and to develop, I would not say that we were collateral damage. I would say that we are a partner and we work closely with our allies to build those partnerships and our knowledge and awareness.
4:15 p.m.
Liberal
Darren Fisher Liberal Dartmouth—Cole Harbour, NS
Okay.
I wasn't sure if Mr. Khoury was going to chime in on that, but that's fine. Thank you for that.
4:15 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
I was going to echo what Ms. Henderson said.
4:15 p.m.
Liberal
Darren Fisher Liberal Dartmouth—Cole Harbour, NS
Okay. That's excellent.
Many state actors are now contracting out to criminal networks, for instance, as we hear about Russia on a regular basis. How are we to follow up on state actors when they're contracting out their cyber-threats around the world?
That's for whomever wants to answer.
4:15 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
I'm happy to maybe take a first crack at that.
We are aware of the connection between the Russian intelligence services and cybercriminal organizations. That is something we identified in our national cyber-threat assessment of 2020 and more recently in the context of the Ukraine and Russia conflict.
We have seen cybercriminal organizations take sides one way or another. From a cyber centre perspective, we have the task of defending the country, defending Canada and defending critical infrastructure against all sorts of threats, irrespective of whether they are by nations states or cybercriminals, and to promote cybersecurity across the board.
Obviously, calling out a country for cyber-activity is a whole-of-government...and GAC has the lead on the attribution framework. We would provide, from a cyber centre perspective, one piece of input to the dossier that will help the Department of Foreign Affairs, GAC, make the determination on naming a country more publicly.
4:15 p.m.
Liberal
Darren Fisher Liberal Dartmouth—Cole Harbour, NS
In 45 to 60 seconds, can one of you help me better understand “ethical” hackers? What is an ethical hacker?
4:15 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
I would say that it's a hacker without ill intent. It's somebody who will hack into a system to discover a vulnerability and then report it to the system owner and say, “I found this vulnerability in your system and here's how you should fix it.” That's opposed to a hacker who goes in and steals information and then maybe holds it for ransom or damages the system.