National Defence committee  I would agree in principle, but I would caution against painting it as black and white in that sense as there are varying levels to this, just as there are varying levels to security clearance. The problem is that these silos exist without much thought to whether this needs to be

National Defence committee  The specifics on the databases in question is definitely separate from the policy. The ad hoc nature is very much overall, but the policy that I would really put my finger on that needs to be clarified is CAF's position and strategy related to persistent engagement.

National Defence committee  Persistent engagement is the U.S. strategy of how to respond to adversarial states in cyberspace.

National Defence committee  I won't say across the board, but specifically with cyber-oriented SMEs, I would say yes.

National Defence committee  I would say that CSE is the most prepared, in part as a lot of their planning has been good and a lot of their open reporting on what they've been doing has been fantastic. It's largely that the connections between CSE and the CAF are almost non-existent. It's very informal, from

National Defence committee  I would say both. That ad hoc policy that I referred to was very much new policy every year, or finding that our policy last year did not work, so let's do something new. There really isn't much coherency and logic through the years.

National Defence committee  I'll try to be quick then, which is difficult for an academic. Cybersecurity is very much holistic, whereas cyber-defence and cyberwarfare are very targeted on the threats, and for the most part include states and not non-state actors. In cybersecurity you're dealing with low-le

National Defence committee  I'm not at all. I think cybersecurity professionals are just as important as members of the military and of a police force. Sure, they can be viewed as a risk in certain senses, but cybersecurity professionals are integral to the functioning of our society. It would be undue to s

National Defence committee  Thank you for that opportunity. Fortunately, on many of the questions, I've been allowed to expand on many of the points. The one I don't think I've touched on too much yet is a general lack of cyber-infrastructure in the forces. One part is the slow procurement process, as ma

National Defence committee  I can't comment too much on that, as the information I have is limited. I will say that a big reason for the difficulty in retaining those with the skills in the CAF is that they simply don't have the infrastructure and means to actually do the work. There are a lot of bureaucr

National Defence committee  I can elaborate as far as I'm aware that it is a plan. That's really the most knowledge I have on that. From the information that I've heard from officials, it seems the existing relationship is very much ad hoc. They potentially have CSE individuals embedded with the CAF or vi

National Defence committee  It's been a long problem that.... Are you referring to just the CAF or broadly in the government?

National Defence committee  Part of that is the ad hoc process that I referred to. The creation of Shared Services Canada basically gutted the armed forces of their cybersecurity and cyber-talent. The idea of just centralizing it in SSC was a good idea, but it overlooks the central importance of national de

National Defence committee  Thank you for the question. I would say the number one thing that Canada needs to do is to state its position on persistent engagement. This is the U.S. strategy of constantly engaging adversarial elements in cyberspace. When you hear about U.S. Cyber Command or NSA conducting o

National Defence committee  I want to first take your example of being unable to take pictures as a security issue. We're now dealing with the greater proliferation of open-source intelligence. We're able to use just Google Maps to conduct that same exact intelligence and analysis that 20 years ago was ille