National Defence Committee on Feb. 14th, 2023

Thank you very much, Mr. Chair. I'll have a few opening remarks and then turn the floor over to Admiral Carosielli for a few more.

Thank you very much, Mr. Chair, for the invitation to speak to you today as part of your study on cybersecurity and cyberwarfare.

My name is Jon Quinn. I'm the director general for continental defence policy at the Department of National Defence. My portfolio includes, among other things, cyber-policy.

Cyberspace has become an important domain in the context of increasing global strategic competition. It underpins the systems and infrastructure that not only DND/CAF but all Canadians rely on for their daily work, life and essential services.

Cyber-threats are pervasive, with both state and non-state threat actors increasing their investments in, and development of, their own cyber capabilities. Against this backdrop, our partners and allies are likewise advancing their military cyber capabilities through significant investments and partnerships between military and civilian agencies to ensure they are better postured to defend against threats and to advance their interests.

In tandem with the rise of cyber-threats, we must also consider the opportunities that cyber capabilities offer. They are a strategic tool that the Government of Canada can use to accomplish its foreign affairs, intelligence and defence objectives.

Cyberspace has become another domain of military and national security operations, characterized by constant low-level, below-threshold competition that draws in allies and adversaries alike. The conflict in Ukraine demonstrates that cyber capabilities play a critical role in modern-day warfare.

Canada's defence policy—“Strong, Secure, Engaged”—directs the CAF to assume a more assertive posture in the cyber domain to develop offensive cyber capabilities and employ them against potential adversaries in support of government-authorized military missions.

As we develop miliary cyber capabilities and conduct operations, Canada is also providing leadership on the global stage in advancing responsible state behaviour in cyberspace.

Last year, Canada published its statement on the applicability of international law in cyberspace, which articulates our position on this matter.

In addition, CAF cyber operations respect all applicable domestic laws and are subject to proven checks and balances that ensure full oversight and accountability.

DND/CAF is committed to seizing the opportunities of cyberspace in a responsible manner and will continue working toward advancing the ability of our military cyber-forces to conduct cyber-operations independently with allies and other government departments to make Canada safer from cyber-threats.

Thank you. I'll now turn the floor over to Rear Admiral Carosielli.

Thank you for the invitation, Mr. Chair.

I am Rear Admiral Lou Carosielli, the Canadian Armed Forces cyber force commander. It is a great honour to be here today and have the opportunity to brief you on the outstanding work that our military and civilians do in the defence of Canada in the cyber domain.

Cyberspace is critical when conducting modern military operations and is recognized by Canada and its allies as a domain of military operations, a true war-fighting domain, which I will get into later on.

As such, the CAF relies on the force multiplier effect of technology-enabled communications, intelligence and weapons systems, which must be adequately secured and defended from cyber-threats. The CAF defends its own networks and information systems against cyber-threat actors and supports partners and allies as capacity permits.

Our adversaries have demonstrated sophisticated cyber-espionage and cyber-offence capabilities for use in competition, crisis and conflict.

Indeed, potential adversaries are leveraging and developing cyber capabilities to attempt to exploit vulnerabilities in our command, control, communications, computers, intelligence, surveillance, and reconnaissance systems.

In addition to the threat posed by foreign powers, a variety of threat actors with different motivations, such as cybercriminals, hacktivists, terrorist groups, thrill seekers, and insider continue to use increasingly sophisticated means to disrupt our networks.

The CAF cyber forces contribute to international peace and security through cyber threat intelligence sharing with allies and partners and through the conduct of full spectrum cyber operations as authorized by the Government of Canada.

For example, in response to Russian aggression in early 2022, the CAF immediately stood up a cyber task force to help Ukraine bolster its cyber defence capabilities.

Canada provides Ukraine with cybersecurity expertise, cyber-threat intelligence, software tools and technical solutions that allow them to better defend their networks against malicious cyber-activity.

The threat is not limited to Ukraine alone, and therefore, in response to a request for support from Latvia, the Canadian Armed Forces have deployed a persistent cyber task force to Latvia to conduct joint threat hunt operations to assist them in better defending themselves from threats and to demonstrate Canada's commitment to its allies.

Lessons learned from the experience in Latvia in detecting adversarial activities are being applied to better secure our own Canadian national defence's networks and therefore represent a significant return on investment.

Mr. Quinn and I look forward to your questions, Mr. Chair.

The cyber force is involved in all of these types of discussions with respect to the sharing of intelligence and cyber-related intelligence, so the cyber forces were involved in the conversations, but, as you were briefed yesterday, we are not the leads in these conversations.

As you know, the CAF reconstitution and recruitment is a priority for the Canadian Armed Forces, and we are endeavouring to improve our culture, grow the forces and represent the diversity of Canada and its population. We are making efforts to ensure that recruitment is expedited by ensuring that our systems are digitized, that they are streamlined and that we can process them proficiently.

With respect to cyber forces specifically, in 2017 the creation of cyber-operators was put in place. I am happy to be able to say that within the last three years, we are meeting all of our intake goals for cyber-operators. We have not had to provide any directed cyber-operator recruitment strategies because we have no issues getting the people in the doors. The Canadian Armed Forces are generating cyber-operators, and we provide that for general Canadian needs throughout the country.

There have been discussions on universality of service for cyber-operators and other trades. As you may well be aware, universality of service is something that's very important to the Canadian Armed Forces as it ensures that our members are able to do operations, and cyber-operators do go on operations.

At this point, there hasn't been much talk about exemptions. We do have capabilities of cyber-operators to go become public servants and do cyber operations on the public service side to help the complete team of the Department of National Defence and the Canadian Armed Forces.

You're asking about counter-space capabilities, ma'am. That's not my portfolio, so I wouldn't be able to respond to that question.

Your question is specifically with respect to intelligence positions. That is not something I am tracking, ma'am. That is something we can take on notice. We can get back to you in writing.

Thank you for the question.

The Canadian Armed Forces is investing imminently in the growth of the cybersecurity force, from both a technical and a personnel perspective.

As I indicated, over the last three years we have been meeting our recruitment intake goals. We will continue to monitor those and grow the capacity and capability as needed to support the Canadian Armed Forces' missions and operations.

The one thing about the cyber-operator trade within the Canadian Armed Forces is that we recruit right from the ground level. We have the ability to recruit people out of high school. We have the ability to recruit directly from industry or from other levels of academia, such as universities, etc.

We have all of those avenues available to us, and we grow from the ground up in those trades.

I don't have that number readily available to me, but that is a number we could take on notice and provide to you if needed.

That is a great question, and it's related to the conversation I've had with respect to recruitment and the creation of the cyber force operators.

With the creation of the cyber force operators, there is a career plan and a progression plan throughout, from entry all the way to retirement.