Public Safety Committee on May 17th, 2022

Thank you, Mr. Chair.

I will speak in English, but feel free to ask your questions in either official language.

Ideologically motivated violent extremism and seditious activity in Canada and other western countries are being exploited by foreign actors. Russian misinformation and disinformation on open source social media platforms are undermining police and the sitting government. The lack of awareness and education in the area of IMVE, sedition, and foreign actor interference has caused tangible national security vulnerabilities. Such activities did not end with the illegal Ottawa occupation. Bad actors can mobilize political opinion and instigate various levels of potentially illegal activities.

IMVE, seditious intent, separatists' activities and the impact of foreign actor interference have been underestimated within the regional and national security architecture for some time. Jihadi terrorism has dominated efforts and left law enforcement vulnerable to miscalculation in the absence of sufficient early warning and strategic intelligence to adapt its posture to a fluid threat picture.

The effective narrative of bad foreign and domestic actors in perpetuating conspiracy theories and false narratives will continue to inspire further actions against the state. Thresholds for actively investigating foreign actor interference by federal law enforcement agencies are rather high, often requiring major criminality or establishment of direct ties to a foreign state. This is too high a bar. It leaves local and federal police services in a difficult position to establish it. This enables a permissible environment for foreign actor influence.

Proactive intelligence probing is required on IMVE activity in Canada to assess associated risks with a reasonable degree of accuracy.

I shall now jump to seven recommendations.

First, Canada's national security architecture needs to take a more active and assertive role in addressing IMVE and foreign actor interference. It's important to distinguish that IMVE does not include political activism and radical thought. IMVE in Canada is driven by hatred and ideologically extreme core values, with a propensity towards advocacy of violence and, recently, seditious and separatist ideation.

Second, more education and awareness are needed to highlight the impact of IMVE and foreign actor interference, not only on national security, but on human security, and to acknowledge the relationship between the two. Foreign actors have effectively capitalized on propagating division within our society and weakening public confidence in our institutions, such as public health and law enforcement.

Third, response to foreign actor interference needs to be reimagined. A more robust framework is needed for federal agencies to act more proactively in coordination with the police of jurisdiction, who are the ones more connected to the communities being affected by FAI. More cyber capabilities are needed not just to identify misinformation/disinformation, but also to counter it actively. The intelligence establishment needs to improve its public outreach and education.

Fourth, Canada's national security architecture needs to be more responsive and nimble to a changing and complex threat environment as influenced by geopolitical trends and developments.

Fifth, foreign actor laws similar to those in Australia need to be introduced to allow more tools for law enforcement, but only if conditions in recommendations three and four are met. Current laws and capabilities are rarely utilized. We need to seek opportunities to apply existing laws to proactively preserve Canada's national interests in alternative ways that can be equally effective in hardening the operating environment.

Sixth, push-back against FAI and IMVE doesn't have to be merely through criminal charges. Intelligence probing and active engagement is essential to be in a position to not only diagnose the risk better, but also to ensure a more inhospitable operating environment. Lack of arrests or charges should never serve as a barometer of risk.

Seventh, special prosecutors need additional resources to respond to the complexities of IMVE, FAI and organized crime.

In closing, I should acknowledge that this brief was co-authored with John Khoshandish of the York Regional Police.

Thank you very much, Chair, and thank you, committee members. I'm both honoured and humbled to be with you today. I really do appreciate it.

In advance of this, I watched all of the other witnesses' testimony. I think my best advice to this committee is that if we focus too much only on emergency management and preparedness, we miss an opportunity for strategic foresight and planning. That's really where I'm going to try to steer my comments.

An emergency exists, and we're responding by definition, but we need to get to a point where we have a strategic plan in this country that's supported by all parties. The reality is that no matter who forms a government, the threats that any leader faces will be the same across the board. In other words, this has to be a non-partisan effort if we want to get it right in the truest sense.

The second bit of advice I would offer is that while we're talking about Russia in the context of this committee, obviously these threats don't come from just Russia. We all know that. I would simply pause and say that what we consider here has much broader application.

We're going to talk about critical infrastructure. I'm going to read one quote from a U.S. official, who aptly put it that “This is pretty mind blowing...going to work every day behind sealed doors, essentially trying to figure out if it was possible to cripple an entire nation's infrastructure without ever firing a shot or dropping a bomb.” The answer is, yes, it is. This should give all Canadians pause. That's the context in which we're having this conversation.

I want to be of the most assistance I can to this committee, so I will do two things. First, I will offer an assessment of the specific threats enumerated in the standing order, but I'll break it out in terms of what I think you can change and what I think you can't change. It only makes sense to focus on the things you actually can change.

Then I will offer a recommendation that I think, if acted upon, will mitigate against either an overly narrow approach to national security or ex post reactionism. It's the Wayne Gretzky thing. Wayne Gretzky was the greatest hockey player of all time because he skated where the puck was going to be, not to where it was. I just feel like oftentimes we're goaltending right now. We need to get past that. We need a strategic framework that we can lean into the world.

On specific threats, first, the study asked us to look at critical infrastructure, both physical and cyber. I would urge you to focus on cyber. There are two reasons for that. Number one, most critical infrastructure is cyber-enabled anyway. Number two, if we're addressing a Russian kinetic strike on Canadian critical infrastructure, we're in NATO article 5 territory at that point. You can't really change that.

Let's focus on cyber. There are countless examples. All of the other witnesses have talked about that. I won't go through the examples. Let me just draw two broad trends that I see. What makes these weapons so dangerous is that they're deployed in secret, they're developed in secret and they're doctored in secret. What that means is that we might bump into each other's red lines by accident. That creates a tremendously dangerous operating environment.

The study also asked us to look at the prevalence and impact of Russian misinformation. I think it's important that we draw the distinction between “misinformation” and “disinformation”. Disinformation was actually omitted from the standing order, and I think that was maybe just by accident, because really what we're talking about is Russian disinformation.

What can the committee practically do? Focus on amplification. That's the sweet spot for our work. As 39% of all Internet traffic is from bad bots, that is where you can focus to make a difference. Automated traffic makes up 64% of all Internet traffic—64% is bots. Let me just pause there for a second. With 39% of all Internet traffic from bad bots, here are two practical things we can do.

Go after the money. People don't wake up in the morning with a sense of civic duty to run a Russian bot farm. They want to get paid. The sanctions that are in place against Russia I think are proof of concept. Let's lean into that.

The second thing we can do is look at the technical architecture of the Internet. There are ways, with something called the “domain name” system, to make sure that the large bot farms don't resolve. Point them into the ocean or into outer space. We have to lean on the architecture of the Internet to lower the amount of traffic.

We can also work with international partners to come up with a definition of what bad bots are, and then work with the technical architecture of the Internet and those providers to limit the flow.

The study also asked us to look at espionage, sabotage and weapons of mass destruction. Well, on the question of WMD, this is an area you likely can't change. If Russia uses WMD, all bets are off. You're probably into NATO article 5 territory there.

On espionage and sabotage, this is already happening, but again, this is principally cyber-enabled. There's a dynamic interplay between economic security and prosperity and actual national security here. We just need to think about a way that we can harden Canadian companies. I have some thoughts on that, if you want to get into it in the question and answer period, in terms of how we can practically help our companies in this operating environment.

What we really need overall is a new national security strategy that is a truly non-partisan effort.

This is all linked. We need a strategic framework to lean into the world. Otherwise, we're goaltending.

Thank you very much, Mr. Chair.

Chair and members of the committee, thank you for this opportunity to appear before your committee in its study of the assessment of Canada's security posture in relation to Russia.

To begin, I'll make two main points.

The first is that planning for security requires us to take a long view. The threats that Canada faces include, but range well beyond, those posed currently by Russia. The answers of how Canada should meet those threats cannot be found in a siloed study of Russian danger alone.

The Centre for International Governance Innovation has undertaken an ambitious and unprecedented project to address these security challenges. We call this “reimagining a Canadian national security strategy”. We embarked on this project well before the Russian invasion of Ukraine. Its genesis rested in a belief that Canada needed to seriously rethink its approach to national security and in recognition of the stunning fact that Canada currently possesses no comprehensive national security strategy. The last and only one was produced in 2004, which was 18 years ago. We identified in our reporting a range of persistent and new threats that include global geopolitical disruption, current and future pandemic and health security threats, climate change security impacts, technological change and economic insecurity.

The second point I wish to make in direct response to your study is that Canada's national security and intelligence agencies, not the military, represent the country's first line of defence. This is especially true with regard to Russia when it comes to identifying threats, protecting critical infrastructure, dealing with state-sponsored disinformation and conducting counter-intelligence.

I want to read to you an opening statement from the chapter devoted to intelligence in that 2004 national security policy. It states:

Intelligence is the foundation of our ability to take effective measures to provide for the security of Canada and Canadians.

The policy went on to state:

Intelligence is important not only for Canada’s security but also for sound international, military and economic policy.

Given the importance of our national security and intelligence system in facing the Russian threat, what do we then need to be concerned about in terms of our security posture? I will list three top-tier issues and prioritize them.

The first is our ability to collect, assess and produce impactful reports on the capabilities and intentions of threat actors such as Russia. In particular, we need to be able to look to the future of Russia's war in Ukraine and plan accordingly.

Second is our efforts at countering foreign espionage targeting both the public and private sectors.

Third, as a top-tier threat, is our capacity to defend against cyber-attacks or probes threatening critical infrastructure. The CSE and its Five Eyes counterparts have issued repeated warnings about the threat of Russian cyber-attacks on critical infrastructure, and we now have a database of evidence about such Russian threats and capabilities, including the examples of the NotPetya worm in 2017 and the SolarWinds software supply chain hack in 2020.

I would also note that Canada has yet to take any action, in contrast to its NATO and EU partners, to expel Russian intelligence officers of its three services from this country. Canada needs to take forceful action to impede Russian espionage and interference operations. I note that the latest count is that over 500 Russian officials have been expelled from western capitals since the beginning of the Russian invasion of Ukraine. Canada has expelled none.

The Russian invasion of Ukraine has presented us with an opportunity to rethink our approach to national security. We have to abandon old habits of national security navel-gazing, as I call it, by recognizing that we live in a borderless world of threats. We must develop a sovereign capacity to understand their global points of origin and impact, hence the need for an enhanced global intelligence collection and assessment capacity.

We also have to be prepared to wield an offensive response capacity, including the use of intelligence and cyber-enabled tools. The Ukraine war, I think, has brought this starkly into focus, and Canada has responded in part by providing monies to Ukraine for the purchase of satellite imagery and allowing MDA to share its RADARSAT analysis.

I think we could be doing more to support Ukraine with intelligence, cyber-tools and operations, and through greater assistance in war crimes investigations. We have advanced arguments and our CIGI—Centre for International Governance Innovation—special report that we produced in the fall of 2021 for a thorough ongoing review of Canadian national security capabilities to meet a new threat environment. The last such review, I would tell members of this committee, was conducted by an external examiner in 1970.

We also need—

We also need the production, as we called for, of a renewed national security strategy as non-partisan guidance for the government and public. We hope to see some of these proposals acted on. Thank you.

Just very briefly, I think Canada does have some limited foreign intelligence capabilities, particularly those operated by the Communications Security Establishment and to a certain extent by Global Affairs Canada. There is a lot more we could do. Canada has often faced quiet criticism from its Five Eyes partners for being a bit of a freeloader, a free rider, in the alliance partnership.

I think the key concern I have is that we really do need to build a stronger sovereign capacity to understand the world and threats that are coming at us from the world. I think there's a lot of work that can be done in that regard, both with regard to intelligence collection capabilities—especially something that's forgotten, the importance of intelligence assessment where we have a kind of scattered and diffuse system in the federal government—and also in the system by which we report intelligence that we have acquired and try to make sure that it has an impact on decision-making.

We did say in the CIGI special report that we felt it was important to have a look at the governance of national security in Canada, which has for a long time, of course, been a very decentralized system, siloed and based on departmental mandates and expertise, with relatively little central coordination and control. We did advocate in that report the idea, among others, that there should be a permanent cabinet standing committee on national security and intelligence. Such cabinet committees have been in place in the past. They've currently been replaced by the Incident Response Group, as I'm sure members of the committee know, which is an ad hoc gathering of cabinet ministers and officials that deals just with emergencies and has I think little capacity to do any forward strategic thinking and planning. Thank you.

Over the last 25 years the amount of demands on the Canadian Armed Forces has increased significantly, both qualitatively in terms of the complexity of the security environment and quantitatively in terms of what's required of the Canadian Armed Forces.

The Canadian Armed Forces are currently, as of February this year, 7,600 people short of their authorized troop strength of 72,500, but they are about 10,000 people short on the operational side. That means effectively that they're operating at 85% of staffing levels to meet operational requirements and mandates. That has a significant impact on morale, as well as on the ability of the organization to deliver on domestic operations on continental defence, as well as on regional and international security. It partially explains why the government is more limited than perhaps it might like to be to respond to current challenges.

That is the result of 20 years of benign neglect where governments have chosen their force packages and force structure and the operations that they go on. With this emphasis on operations, we've neglected force reconstitution, force regeneration and force sustainment. So all efforts need to be on that front piece because it takes, as you point out, 15 to 20 years to train an experienced soldier who can then deliver not only kinetic operations abroad or for continental defence, but also for some of the complex domestic responses that the Canadian Armed Forces are increasingly called upon.

Yes, absolutely.

The CSE has put in place something called the small and medium baseline controls. If companies just did that, that chances are that they'd be fine because no state-level threat actor is going to go after a small business, especially if they're hard to get into. It's just not worth it.

We put the baselines in place, but the problem is that while they exist, most companies are not doing them. The threat is not enough to spur them to action, so you have to incentivize them. I would consider looking at a tax credit of some sort. If you gave small and medium enterprises 5,000 bucks back on their taxes, chances are they'd put those baselines in place.

If every small and medium enterprise in the country did it, it would cost you $50 million. I can guarantee you the amount of money being sucked out of the economy by cybercrime is a lot higher than that, so it's good economic policy. It also makes our companies more resilient.

That's a very good question because, in part, this is sort of the dog that didn't bark. We assumed that we were going to see a lot more and a lot more sophistication than we did.

The challenge with Russia is this. The SolarWinds attacks showed that Russia, China and a handful of other actors have extremely sophisticated capabilities to be able to build targeted exploits, compared with the 98% or 99% of attacks that are reasonably medium level and that you can defend against them with reasonable capabilities. We just saw such a targeted exploit in Ukraine with regard to a U.S. satellite provider. It took out some key critical infrastructure in Ukraine just in the last week. It was not directed at critical infrastructure on U.S. soil. The exploit that was used can be generically deployed against all sorts of hosts of critical infrastructure, so what was deployed and how it was deployed was a considerable concern.

The long and short of it is that these actors have the patience, skill sets and the resources to build very deliberate and targeted exploits. These are not targets of opportunity, but are quite intentional, which is what we saw in the SolarWinds attack. This is why our critical infrastructure is disproportionately vulnerable to these types of state-based capabilities—or in the case of Russia, state-tolerated capabilities—which are extremely sophisticated.

That's where we need a more sophisticated collaboration between signals intelligence and the private sector because only signals intelligence has the domain awareness of these types of capabilities. It requires, in many cases, some offensive capabilities in order to disable the exploits that are being deployed against us. It also requires a more aggressive law enforcement stance, as we've seen by both British and U.S. authorities, which have gotten warrants to effectively make changes to coding and software in critical infrastructure if companies don't act expeditiously enough.

A very simple place to start is government networks. There's no plan for significant reinvestment in government networks. There is no strategy to further fortify and innovate Canadian networks compared to our allies, and in particular, compared to our adversaries.

The first place we should start is by having a strategic plan to reinvest in Government of Canada corporate networks. Inherently, our cyber networks, intelligence networks and military networks are just corporate networks that are operated by government with perhaps slightly better defence.

We need to lead by example and make sure that our own networks are fit for purpose. We're currently treading water, but we're rapidly losing ground. Government needs to have a strategy for its own infrastructure. If we can't keep our own infrastructure safe and working, then there's probably not much hope that we can actually help the private sector.

That is a good question.

There are two parts to the answer. On the Twitter platform, that's going to take you to the terms of service. That's a Twitter problem. The Government of Canada wouldn't really have much authority over that account. It's whether or not the Russian embassy is contravening Twitter's terms of service.

Where you can intervene, which is what I was talking about in my comments, is around the amplification. The Russian embassy sends a tweet that gets picked up by a bot network and a troll farm. All of a sudden it spreads all the way around the world. That's where you can be intervening along the lines I talked about in my comments.