Thank you for your question.
Absolutely, attribution of cyber-attacks and malicious cyber-activity is a challenge. By their very nature, they tend to be intended to be covert action. Canada's position in the statement I alluded to on our interpretation of international law in the opening remarks is really just to be transparent and hold ourselves to account in Canada and to set a standard for our own behaviour in cyberspace and to lay out our interpretation of law.
There is an active effort when there is a malicious cyber-event in Canada to determine where it came from, but as you rightly mention, it is a challenging space. There's a process led by our colleagues at Global Affairs Canada to attribute publicly, when it's in our interest to do so, when those attacks occur and where they come from and to lay out some details, but it's only when there is really strong, defensible proof of the origin of that attack that a public attribution is made.