National Defence Committee on March 10th, 2023

Evidence of meeting #53 for National Defence in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was cybersecurity.

A recording is available from Parliament.

On the agenda

Cybersecurity and Cyberwarfare

Committee Business

MPs speaking

Emmanuella Lambropoulos

Bryan May

Also speaking

Christyn Cianfarani President and Chief Executive Officer, Canadian Association of Defence and Security Industries

Tim Callan Chief Experience Officer, Sectigo

Christian Leuprecht Professor, Royal Military College of Canada, As an Individual

10:45 a.m.

Professor, Royal Military College of Canada, As an Individual

Dr. Christian Leuprecht

Sure, resilience on the part of critical infrastructure and private sector actors is key. However, when—not if—they get overwhelmed.... The incidents will come where, for instance, the financial system of one of our banks might find itself overwhelmed by an attack. What mechanisms do we have in place so the bank can call the CSE to tell the CSE that it is overwhelmed and that the CSE needs to do something about either disabling that particular attack or perhaps entirely sabotaging the capabilities that are enabling this type of attack in order to safeguard the financial system?

I would say that, currently, we do not have appropriate mechanisms in place where critical infrastructure and private sector actors can escalate and where they know what exactly the thresholds are and what the conditions are under which they can call the government and the government will intervene. That, I think, is critical for a minister and the government to establish so that we can get the timely help in critical moments that critical infrastructure and the private sector will need.

10:45 a.m.

Liberal

The Chair Liberal John McKay

Thank you.

Thank you, Mr. Bezan.

The final three minutes go to Mr. Sousa.

10:45 a.m.

Liberal

Charles Sousa Liberal Mississauga—Lakeshore, ON

Thank you, Mr. Chair.

Thank you for the testimony.

Let's talk about repercussions, then, with respect to some of these issues. How do we strengthen those norms of responsible behaviour? If I hear you correctly, there are concerns that we may not be adding to or effectively challenging the system in terms of enforcing it, but at the same time, we're sensitive about a state-sponsored cyber-attack that you seem to be suggesting is holding some of these countries at bay. How does Canada, in association with the Five Eyes, hold countries like Russia or China accountable for their actions? How do you impose that?

10:45 a.m.

Professor, Royal Military College of Canada, As an Individual

Dr. Christian Leuprecht

You impose that, on the one hand, by drawing very clear red lines, and on the other hand by demonstrating that we are prepared to use the capabilities we have to enforce against malicious behaviour. Traditionally, middle powers such as Canada have done so in concert with allies and with partners. That is the strength of our capabilities because together we still have more, far better, and more advanced capabilities than [Technical difficulty—Editor].

10:45 a.m.

Liberal

Charles Sousa Liberal Mississauga—Lakeshore, ON

Give us an example of one of those capabilities.

10:45 a.m.

Professor, Royal Military College of Canada, As an Individual

Dr. Christian Leuprecht

If you think, for instance, about the NATO intelligence mechanism that is currently stood up among a host of allies and partners, that could also be used as a coordinating mechanism on active and offensive cyber-measures, but currently we don't have an effective mechanism to coordinate on active and offensive cyber-measures outside of the Five Eyes intelligence community.

10:45 a.m.

Liberal

Charles Sousa Liberal Mississauga—Lakeshore, ON

We're at risk because we're not able to enforce it or we resist enforcing it. What is the U.S. doing, for example, in that case?

10:50 a.m.

Professor, Royal Military College of Canada, As an Individual

Dr. Christian Leuprecht

We are at risk of the fallacy of composition, because currently the whole is not greater than the sum of the parts.

The problem for Canada is that being able to harness and leverage that ability to co-operate with allies and to work together to establish those norms means that Canada also has to bring considerable capabilities to the table, because why would people say, “Sure, Canada, you should have a part in drawing the red lines and helping us to determine what those lines are”, when in return we're not willing to deploy the capabilities that we have or we don't actually have the capabilities or commitment to enforce those red lines?

Just as we have done in the kinetic space, where we have drawn certain red lines for kinetic behaviour that is unacceptable by states, we need to do likewise in cyberspace, and that can be done, but the Government of Canada has not shown any political will to engage in those conversations with our allies and partners.

10:50 a.m.

Liberal

The Chair Liberal John McKay

Thank you, Mr. Sousa.

I want to thank Professor Leuprecht for hanging in with us over these technical difficulties.

Colleagues, that does bring this time to an end.

You've received the budget for the travel. I need someone to move it.

It's moved by Mr. May, seconded by Mr. Bezan.

Is there any conversation about it?

(Motion agreed to)

We do need some resolution among the parties in order to action this budget. I'm hoping that will happen over the next little while because the planning of the time is entirely dependent upon the co-operation of the parties. All of you can speak to your respective whips.

The final point I wanted to make is that there's going to be a “Strong, Secure, Engaged” 2.0. It's just been launched. I would appreciate it if any thinking you may have over the course of the next week or two is communicated to see whether the committee wishes to engage in that space.

With that, the meeting is adjourned.