National Defence committee  Mr. Chair and members, thank you for inviting me to speak here today. I am Alexander Rudolph, a doctoral candidate at Carleton University and a Canadian Global Affairs Institute fellow. I am researching how and why countries develop the institutional means to conduct cyber-opera

National Defence committee  I'll use one example from a recent invasion. They deployed what looked to be ransomware that was encrypting the system and saying, “Your system is now locked down and your data's encrypted. You now need to pay us x dollars.” Behind it, they were actually deploying wiper malware t

National Defence committee  It's always quite difficult to determine if it will lead to a kinetic response, as cyber-operations can be escalatory. It's oftentimes how it is combined with other efforts. A cyber-operation itself is not necessarily going to cause kinetic damage, but how states respond or use t

National Defence committee  I can't comment if it has happened in Canada or not. You would need to ask the military if there have been any attacks on military infrastructure. It's often difficult to determine. With critical infrastructure, much of it is dual use. If it targets explicitly military infrastruc

National Defence committee  It's quite a big question. I will first state that there needs to be a lot more funding to the Canadian centre for cybersecurity and ways for the centre to interface with the rest of government and for the government to look to what the provinces need and what the federal governm

National Defence committee  The use of ransomware, I'd say, affects phones just as much as our regular computers—and particularly with the proliferation of surveillance software, which many of you have probably heard of, such as Pegasus or NSO Group. The greater proliferation of these zero days and malware

National Defence committee  I would agree that it is a major risk, particularly with.... I don't recall the name of the communications company that was recently suspended because of ties to Chinese firms. I'd say that is a constant, ongoing problem, as we have seen evidence that China will actively taint

National Defence committee  I will completely agree that there is a need for more transparency, I'd say, across the board on Canadian cyber-defence policy. Most of my research is from looking at audits and looking at departmental results, and then I'm surprised that people are surprised by what I know about

National Defence committee  I would agree. It's endemic to the system. Recently the National Security and Intelligence Review Agency found out that there were 180 independent databases in the Canadian Armed Forces, meaning that you need personnel management, not information management, in order to access

National Defence committee  I want to first take your example of being unable to take pictures as a security issue. We're now dealing with the greater proliferation of open-source intelligence. We're able to use just Google Maps to conduct that same exact intelligence and analysis that 20 years ago was ille

National Defence committee  As the CSE official confirmed on Tuesday, CSE is able to support and help the CAF on cybersecurity and cyber-defence issues. When doing so, they take on Canadian Armed Forces mandates. That would mean if the CSE were required to be called upon in a conflict, particularly a war, C

National Defence committee  I can't comment too much on that, as the information I have is limited. I will say that a big reason for the difficulty in retaining those with the skills in the CAF is that they simply don't have the infrastructure and means to actually do the work. There are a lot of bureaucr

National Defence committee  I can elaborate as far as I'm aware that it is a plan. That's really the most knowledge I have on that. From the information that I've heard from officials, it seems the existing relationship is very much ad hoc. They potentially have CSE individuals embedded with the CAF or vi

National Defence committee  It's been a long problem that.... Are you referring to just the CAF or broadly in the government?

National Defence committee  Part of that is the ad hoc process that I referred to. The creation of Shared Services Canada basically gutted the armed forces of their cybersecurity and cyber-talent. The idea of just centralizing it in SSC was a good idea, but it overlooks the central importance of national de