From my perspective, they seemed like sound approaches to dealing with the issues in the short and medium term, which we absolutely must do. I see this as part of a broader cyber program for Canada. We have to simultaneously figure out that this is where we want to be in 10 years and that these are all the important disciplines and practices we should at the very least consider, or adopt in some form, to solve the issues he's saying we need to solve. The endgame, however, should also include resilience to future attacks.
Ultimately, we want to build a stronger cyber immune system. It's not about solving the latest...or just defending with one defence after another, like plugging holes in a dam. If you're thinking 10 years in the future, it's not that far. We just need to find a way to have a better cyber immune system where we're better able to detect new and emerging threats and adapt quickly to deal with them, instead of just drinking water from the firehose all the time.
Part of that does require a greater coordinated effort in Canada. I think Brian O'Higgins has advocated for a RAND-type organization where the cybersecurity research has to be funded by the government. You want trustworthy, objective, knowledgeable advice to the government so that we can react quickly to new and emerging threats. I think that's a fundamental part of a national cyber immune system. It's not the only part, but that's one of the next pieces I would strongly advocate for, in addition to the current cybersecurity centre and all the great things we do have going for us.