Public Safety Committee on Dec. 9th, 2020

Could we just focus on this ransomware capability?

You shut down somebody's access. You shut it down, so that's a particular capability, never mind a ransom. Are there countries or operations that can do that en masse and are we vulnerable to that as a nation throughout? If we are, do we have any defence against that?

You still think that someone could use that in an organized and coordinated or massive way to attack a country or a country's enterprises, whether it be a hospital or—

We're going to have to leave it there. Mr. Harris is over his time.

Mr. Motz, please. You have five minutes.

Thank you, Chair.

Thank you, Mr. Jones, for being here again. I always appreciate the level of expertise you bring to the field. Thank you again for the great service that CSE provides Canadians.

Scott, you've previously appeared before this committee in talking about our approach to protect our mobile and telecommunications systems and networks, namely, through a system similar to the U.K. model, where they inspected everything before it was even installed. As you know, the U.K. has moved away from that model, going so far as to reverse their decision to allow Huawei in light of security issues raised by the security teams in their government.

Huawei, which we all know falls under the Chinese state-controlled company, because of their security laws cannot be safely used in Canada according to various—basically all I've ever seen—independent experts.

Is your team still working on a recommendation on Huawei for the minister, or have you already briefed the minister and provided advice on the best way forward with respect to this company?

I appreciate that, Mr. Jones. I guess, based on that answer, I would say that you have already provided that briefing, and if you have, thank you for doing that. I'm sure that's something that will go a long way to making the decision.

Your report highlights in many parts the use of indirect attacks to gain access to desired systems—going after suppliers, business partners, clients and governments, all with the intent of gaining access to a particular target. We also know that China is one of those countries that have been identified by various security agencies across our country and other countries. It would seem counterproductive to have the system that transfers all of our information, namely the Internet, controlled by a company that falls under the thumb of a country focused on theft, misinformation, espionage and disruption.

Can you help me and Canadians understand why we still don't have an answer on Huawei?

Mr. Motz, you've asked twice that an official of the government comment upon a decision of the cabinet. I think Mr. Jones declined to answer that question the first time. He should probably decline to answer that question a second time.

I appreciate your intervention, Mr. Chair. Please take that time off of my five minutes. That would be great.

Mr. Jones, previously—

You know I'm always generous with your time, Mr. Motz.

Not as generous as you are with Mr. Harris, but hopefully today will be one of those days.

He does very well, I have to say.

Mr. Jones, you've testified before that you were looking at how to manage security products—this is really key—in a global supply chain and rolling software updates. That was something that you focused on at one of the last times you were with us. That was in September 2018. It's been two years. Have you come to any resolution on securing hardware and software that brings rise to this concern?

So it would be a fair point to note that we can't say that we are secure. Saying that it's a permanent battle would be a fair assessment, and we have to be vigilant moving forward. I guess it would then make sense that we would want to only use supplies from trusted countries. That would make sense.

I have a question. You've appeared before NSICOP as well, and as you know, we tabled a report recently detailing serious concerns around foreign interference and influence in Canada and how China has played a role in those concerns.

As a country, we've been deemed to be an attractive and permissive target, according to that report. From your perspective—

Mr. Motz, I'm stopping the clock.

This is a question specifically about what we need to do to change that.

Okay, I just want to be cautious about whatever questions, answers and deliberations about NSICOP. That is, in fact, a committee of parliamentarians who are sworn to a high level of secrecy, like you.

Yes.

I just want to make sure that you're going to stay within those guardrails. We know that guardrails are important to stay within these days.

Yes, I know that guardrails are very important. I don't want to go to jail for my guardrails. It was tabled in their NSICOP report and thus has already been made public.

Okay.