National Defence Committee on Feb. 14th, 2023

Can I understand that to include publicly available information, such as metadata on social media? The modelling of Canadians' behaviour based on social media activity would not fall within the scope of the cyber force's operations.

Okay.

Mr. Chair, I imagine I only have a few seconds left. I want to ask some questions about privately owned and controlled critical infrastructure.

Last summer, when we saw the Rogers outage, it became evident the federal government had very little role in protecting and recovering the Rogers network.

I'm wondering, Rear-Admiral, if you could touch on the differences between the capabilities of the cyber force and its reach into these privately controlled areas of critical infrastructure. Does the cyber force—?

Mr. Bachrach rightly identified that he had very little time left, and he ran it out.

Well, it's a great intro to his next opportunity to answer.

Yes, yes. That's a warm-up question.

Okay. Mr. Kelly, you have five minutes, please.

Thanks.

On Friday, we had testimony from Alexander Rudolph, who said, “The CAF is in no way prepared to face cyberwarfare in the event of a conflict. I further question to what degree they are able to even co-operate and work interchangeably with allies, including the United States.”

He went on to say, “At best, Canadian cyber-defence policy can be described as incomplete, ad hoc and inconsistent in strategy and definition...particularly [with] the United States.”

That was some pretty strong stuff that we were told on Friday. Is he correct?

Okay.

You talked earlier about embedded personal. Is that just with the United States, or is that with NATO, our Five Eyes allies, Ukraine, Latvia or any other places?

Thanks. That's good.

Mr. Rudolph mentioned that Russia, using wiper malware attacks against Ukraine, has used these attacks to destroy data irretrievably. Are Canada's defences and backup protocols and intentional built-in redundancies adequate to counter a similar attack on Canadian infrastructure?

If we were facing an all-out attack in the event of wide conflict involving, say, China over the Taiwan Strait or an expanded conflict with Russia, could Canada withstand these kinds of attacks?

Is Canada's cybersecurity infrastructure currently ready to handle the F-35's capacity for intelligence and intelligence sharing with allied forces as we acquire these aircraft?

Will we be able to communicate and share intelligence with other allies?

In your opening remarks—perhaps it was Mr. Quinn—you talked about this area as a new domain of conflict. We've heard a lot about domain awareness and gaps in domain awareness. We've heard quite a bit about this in light of the airspace incursions that have occurred over the last two weeks. We heard a lot about underwater subsurface domain awareness, and the absence of it. What are the gaps that we have in cyber domain awareness? Are we certain of what our risks are? How can we have that level of certainty?

Okay.

I have a different question to finish it off. Is Canada presently prepared to fend for itself in conflict, if a conflict were to arise or escalate within the cyberspace domain?

Thank you, Mr. Kelly.

You have five minutes, Ms. O'Connell.

Thank you, Mr. Chair.

Thank you both for being here.

I have an area of questions that begin where you left off. We heard testimony earlier that made it sound like Canada wasn't prepared in the cyberspace, but in your opening remarks you spoke about how you're helping in Latvia and you're helping in Ukraine. Why would countries want cyber capabilities from countries if they weren't leaders in this space? Is this why Canada is called upon? Is it to help in these areas?