Evidence of meeting #163 for Public Safety and National Security in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was cybersecurity.
A recording is available from Parliament.
3:50 p.m.
Senior Advisor Cybersecurity, As an Individual
That could be one of the vulnerabilities.
It goes without saying that these new technologies will lead to situations like that, but that's not the worst it. Right now, with your cell phone you can even control the front door of your house when you're away. You can answer the door and open it remotely. If someone gains access to your system, he or she can easily find out that you're away and then unlock your door.
3:50 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
Yesterday or the day before, there was a security breach in WhatsApp. Are you aware of that?
3:50 p.m.
Liberal
3:50 p.m.
Senior Advisor Cybersecurity, As an Individual
Malware was remotely installed and used to spy on cell phone communications. If someone got a call, the device was infected, even if the person didn't answer. Again, this is a matter of updating the software. You are right. This made the news yesterday.
3:50 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
You said that 95% of users do not read the end user licence agreement, but I would say that number is closer to 99.99%.
3:50 p.m.
Senior Advisor Cybersecurity, As an Individual
The figure I provided comes from interviews conducted for a Deloitte study. I agree that that is a very conservative estimate.
3:50 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
You are no doubt aware of what PC Pitstop did in 2005. It offered $1000 to anyone who read its end user licence agreement. It was only after five months and 3,000 sales that the first person claimed the $1000.
3:50 p.m.
Liberal
May 15th, 2019 / 3:50 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
Thank you, Chair.
Thank you to both groups for being here today.
I was intrigued with your plan to connect. You indicated your connectivity to the line that's being built through your fibre network is time sensitive. When do you anticipate the decision on that connection so you get in the queue to make sure you're connected prior to the line being installed?
3:55 p.m.
Advisor, Tawich Development Corporation
The time frame is two years from now.
3:55 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
And that's when it's anticipated that line will be put through.
3:55 p.m.
Advisor, Tawich Development Corporation
They have to do the design to see, to have what they call a spur point to be able to connect in Hudson Strait to go down to the thing. The idea is that you have to start the design, the process. They're now working on the connection between Alaska and Japan. They did some surveying last summer and that phase is going to be executed. After that, they'll start to do the design in the two-year time frame
3:55 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
One of the things that you mentioned, sir, in your concluding remarks, was hardware. You're obviously going to need some hardware as part of this line. How do you ensure that your hardware is secure, and that it's reliably sourced? This is a cybersecurity issue. The study we're doing for this committee is primarily focused on the financial end, but it involves lots of different components of cybersecurity. How do you intend to ensure that the hardware you receive is secure?
3:55 p.m.
Advisor, Tawich Development Corporation
I think it's a process of compliance within the supply of the element. The main point we're making is that if you don't have the line, you will be dependent on the U.S. The situation could not be worse. Of course, you have to make sure that your provider respects all the Canadian security standards for what they call the landing point or the landing station. There are some standards that you can use. Our military has some standards. I think they should be used to ensure you're complying with the proper hardware security issue.
3:55 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
As your organization plans this and moves forward—and I think this is an incredible project to participate in—obviously there will be some expectations. As a proponent of this, you will be expected to ensure that the hardware you use is secure. I'm just curious to know.... That was the line of my questioning.
3:55 p.m.
Advisor, Tawich Development Corporation
One adviser company that we have in our team is IBM, which is very well known for doing that process, and they already have some standards, yes.
3:55 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
In your material, Mr. Tony Gull, I think you mentioned that one of your businesses is called Creenet. I think that's an incredible business, but I suspect you had some significant challenges when you first started the process in becoming a service provider, especially in the area you're providing it. How have you been able to secure that network, given the challenges you had?
3:55 p.m.
President, Tawich Development Corporation
Creenet started back in 1998, roughly. The idea was to basically be an Internet service provider, and to provide those types of services within the region, because they weren't present at the time.
To this point, we have faced many challenges due to market size. It's a very big, very competitive market when you want to be an ISP-type business, and you have to have the market. We were trying to chase after the Cree nation market, but in a nutshell, a regional entity was supported, which I think we have in our presentation. It's called the Eeyou Communications Network, and it is a regional entity run by the Cree nation government.
3:55 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
In your opinion, sir, do you believe that your critical infrastructure—this and other critical infrastructure included— is sufficiently protected in the north by government? Does government take the protection of that critical infrastructure in your part of Canada as seriously as it needs to?
3:55 p.m.
President, Tawich Development Corporation
Based on experience—hands-on, I've also managed our company for many years and now I sit at a different level—we're very vulnerable, just like anybody else. I think that security and any information for us...we've really been getting into that to try and secure ourselves, as well.
Like any other nation, like any other organization, as the gentleman spoke about, you're always vulnerable to any cybersecurity issues. You have to make sure that you always keep yourselves up-to-date, in terms of whatever software you use and whatever hardware you have to control it.
4 p.m.
Advisor, Tawich Development Corporation
Just to add to that, I think we know everybody who is coming into and out of the community. There's only one access road into Wemindji and one James Bay highway going north. They monitor everybody going in and out. On a road basis, it's very controllable. Wemindji, of course, has an airport, so it's accessible by air, but there's also James Bay. James Bay is very shallow. I don't think submarines can go in there; they'll hit a few rocks if they do. The bay is very shallow, and the sediments keep moving around.
4 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
Mr. Jarry, my last question to you is, given your experience and your current role, do you feel governments do an adequate job in ensuring that our critical infrastructure is resilient to an attack in Canada? Is there anything, from your perspective, that we can do better?
4 p.m.
Senior Advisor Cybersecurity, As an Individual
From what I've seen, I think it's not in just Canada but all the countries in the world right now with the evolution of the Internet of things. When we talk about cyber-attacks, we're mainly talking about protecting the information. We talk about identity theft, fraud, denial of service attacks, those kinds of things. Now as we move forward with connecting objects, it's becoming more physical. That's the concern.
Did we do enough as far as cybersecurity is concerned? For an example, when there's a very sensible transaction or a command to close a certain valve, do we do enough strong authentication or biometric authentication? I don't think the answer is yes. It's probably no. It's not enough. But it's not just in Canada; it's across the world.
