There are two vulnerabilities here, and I actually think we're much closer to cyberwar than people think, precisely because of these vulnerabilities. One is that our adversaries overestimate their capacities in this space. As a result of overestimating their ability, because they're being told by their signals intelligence agencies and whatnot that they can do this, they underestimate the response. So the uncertainties include, for instance, how the other side might respond and the targeting of these, if you want to call it that. These information weapons can easily get out of hand and get into other types of systems.
We, as a result, have difficulty gauging at which point a cyber-attack might either trigger a conventional response or have a cascading effect that would have conventional implications for us here in Canada, at which point we might, for instance, decide that this warrants a conventional response.
I have a whole separate paper on this, which I'm happy to share with the committee, but I actually think the uncertainty in this space is deeply troubling because it creates all sorts of potential for misperceptions and escalations, which we have no international framework to handle.