Public Safety Committee on April 5th, 2022

Absolutely. What we're seeing, and what we can see from some of the open reports, is that the Americans, of course, had to deal with the interference in their 2016 election. A British House of Commons committee examined what happened with Russian interference in Brexit, and there have been studies on Russian interference in the Castilian independence movement in Spain.

What we are seeing, or at least what seems to be appearing—and this is something of course that is Dr. Kitchen's expertise—is a focus on areas where society can be divided. This is what everybody refers to when they talk about the weaponization of social media. What the Russians have discovered...And we can't leave the Chinese out, because the Chinese are also heavily involved, or at least that is what comes out of the open literature. They try to divide societies by focusing on the various feeds that exist. This is then followed by a hope that somebody within that society will pick up that cause and become the leader.

It's sort of the issue that Lenin referred to back in the early days of Communism. “Useful idiots” basically tried to divide society. The effort today is actually to have a way of separating and neutralizing any support for the type of collective actions we need.

With regard to other cyber threats, we also know the Russians have shown an increasing capability of being able to interfere in various electronic systems and cyber systems of other states. We've seen this with their ability to influence the Ukrainian electrical system prior to the onset of the war in 2014. We're seeing this in other locations

Once again, it's hard to know exactly how well-defended we've become in being able to harden that part of cyberwarfare. There's no question, whatsoever, that the attention the Russians and the Chinese are giving this is increasing, if the reports from the Americans and British are indications of this capability.

I think there are many levels to this. There is a level at which individuals need to take personal responsibility, making sure they're using things like two-factor authentication to protect their own systems, and obviously, that also applies at the level of organizations.

From a governmental perspective, it is really, as has already been discussed, a question of co-operating, both between the private sector and public authorities. This also includes across borders, recognizing that these kinds of threats are not easily contained within domestic borders, because of the transnational nature of companies and groups.

As Dr. Huebert mentioned, there is this effort with disinformation to inspire others to take action, rather than taking action directly, so that's one of the ways you can see this crossover from the cyberworld into the physical world.

Certainly, it is very important to ensure that the types of software that run big systems like refineries are up to date and protected from the Internet.

I'm certainly not an expert on ransomware attacks and on cyber-attacks of that nature. Unfortunately, I'm not aware of any specific services that might be offered, but again certainly trying to stop vulnerabilities before they happen...and I think the government can have a role in providing information on the kinds of threats that might be faced and, on the side of disinformation, providing accurate information to help combat the tendency to be taken in by things like phishing scams and ransomware attacks could be helpful.

I can't respond specifically. I'm like Professor Kitchen in my ability to answer these details. The key agency to provide information and notification is probably the Communications Security Establishment, CSE, but I don't know in detail how much they have moved in this area, because their work has always been dealing with the electronic world.

One of the dangers here—and I agree with Professor Kitchen that this is information—is stepping over the line with the government trying to regulate and to force on private companies certain procedures or certain systems. You could imagine a central system. That's going to be problematic because of the private sector issues involved, so care needs to be taken there.

I wouldn't necessary say that we need an agency, but we certainly need a structure with the United States. Remember, the United States is structured differently. All those agencies you're talking about all live in one house, the Department of Homeland Security. They are a bit of a step ahead of us, whereas, if you look at us, the RCMP are dealing with criminal activities, as a lot of ransomware is about crime, as hackers are out to make money. Then we have CSE on the intelligence side, as is CSIS, both coordinated under Public Safety.

Does Public Safety have the authority, and what are its links to Homeland Security in the United States? Are there regular meetings? Is there a bilateral committee? You can think about a variety of forms, for example, in the maritime warning world, where there are these developments, not just with the United States but also with the Five Eyes community.

I think it's important to look at those things in detail, such as whether we are structured right, particularly because the Internet cyberworld knows no borders. Information coming into Canada comes into the United States. It flows in patterns I don't know about or understand, really. Critical infrastructure is integrated with that in the United States, so we have a common interest as a function of our close relation of integration with the United States.

Certainly. There are a few different ways to think about this. One is in terms of the effect it might have on swaying an American election, both in the sense of whether there might be Russian interference and also broadly in terms of the direction in which the American people will decide to vote. Certainly some administrations and some policy positions will be easier for Canada to deal with than others will.

The other thing to be concerned about is the fact that individuals inspired by these kinds of narratives to take political action, whether it rises to the level of criminal activity or security activity, could be on either side of the border. The media landscapes in Canada and the United States are very closely integrated. This is not to say that there aren't separate causes in both countries, but we do see groups being inspired by each other across the border, and also groups that simply exist transnationally that might take action.

Canada's maintaining and diversifying our relations with the United States can help to make sure that our interests continue to be heard, even if we have a change in government.

It goes beyond Russian involvement. It goes into international crime, and we suspect also that there is Chinese involvement. It is, of course, the issue of transparency. One of the difficulties we've always had, in terms of being able to determine just exactly what the involvement of others is in the financial system, is that it's very hard to trace, in terms of both any regulatory regime and any government action.

If I have any overall statement on that, it is that it has to have some greater visibility in terms of what the transactions are, and there has to be a move away from the privacy that often protects these types of actions.

Definitely it's going to backfire. As I said, I don't agree that disinformation campaigns—and they're not all coming from Russia; there are issues about our information campaigns as well—have that much of a significant impact in terms of exploiting social differences. But if you—