A budget of $ 2.4 billion over three years, 1,000 new recruits, the most sophisticated defense tools in the world. This is the new plan of the Armed Forces of France to prepare for cyber warfare, where the greatest threats to Western states today lie. What does the Canadian government plan to invest? Nothing, or almost.
In any case, this is what the electoral platforms of all the federal parties vying for the September 20 elections reveal, except one: the Conservative Party of Canada (PCC). But the latter especially mentions the importance of completing the establishment of a command dedicated to cybersecurity by granting the private sector the bulk of the task. In fact, the CCP’s main goal is to bring Canada closer to its commitment to NATO to spend the equivalent of 2% of its GDP on military equipment.
In this promise, there is much more the willingness to buy fighters and tanks than to invest in cyber espionage or in defensive measures against cyber threats coming from abroad.
Canada being a close ally of the United States, it represents a prime target for foreign cyber hackers who want to indirectly attack Uncle Sam. Canadian companies and research centers are also interesting targets for interests. foreigners, because an enormous amount of intellectual property is created there, which remains insufficiently protected from cyberespionage measures.
Avoid the next Nortel
In his documentary The breach published last spring, journalist Marc-André Sabourin traces the outlines of a hacking campaign that helped bring down the telecommunications equipment manufacturer Nortel. At the turn of the 1990s, Canada was a pioneer in telecommunications, thanks in part to Nortel. Not only did its bankruptcy hurt the Canadian economy, it also created a huge hole in the retirement funds of many Canadian savers who saw Nortel as a safe bet.
Cyber security expert and former military Steve Waterhouse participated in this documentary. He notes that very little has been done since by governments to prevent the situation from happening again. This is extremely worrying at a time when the largest publicly traded Canadian company is a tech company: Shopify.
“A major foreign theft of intellectual property from R&D from companies like Shopify, it could happen,” he says. “And Ottawa doesn’t have the tools right now to go to countries like China or Russia and demand accountability. Time is running out for Canada to develop its own expertise in military cyber operations. This is the best way to protect yourself against cyber threats. “
Towards an army of “cyber-reservists”?
In addition to wanting to hire 1,000 cybersecurity experts, France wants to create a force of 4,500 cyber fighters which will be mainly composed of reservists. Cyber reservists, at the end of the day.
This idea of relying on civilians who are tech-savvy to conduct military operations in cyberspace has been circulating in Canadian Forces offices for years, but no one takes it seriously long enough to bring it to fruition. However, creating this army of cyber reservists would be inexpensive for Canada to catch up with other NATO member countries in terms of military investments, underlines Steve Waterhouse, himself a former computer security officer at the Ministry of Defense.
Few experts are employed by Canada in cyber defense, but they are very good, he assures. “It would be possible to join the ranks and develop this expertise so that Canada can position itself as a leader within NATO in military cyber operations, not because of its quantitative strength, but because of the quality of its cyber defense tools. “
Forming a national cyber reserve would even be rather simple. Canada – and Quebec in particular – is constantly praised for its pool of talented and versatile programmers and technologists. There are private and public research centers in the country, and universities where one would undoubtedly find many people willing to serve their country in this way.
Paying, but not appealing, cyber warfare
Cyber security issues are far too sharp to feature at the top of federal party election platforms. Even if they are making the headlines more and more often. Last May, the hackers’ neutralization of one of the largest pipelines in the United States caused fuel shortages and made residents of several eastern states fear the worst.
We heard about this story in Canada because the Caisse de dépôt et placement du Québec owned 17% of the company responsible for this pipeline. Moreover, the managers of these infrastructures are these days more concerned with the divestment of large investment funds like the Caisse than with the strengthening of their IT security.
Yet such cyberattacks are set to become more frequent and more severe in the coming years. The specialist firm Cybersecurity Ventures, the world’s largest private research group in computer security, calculates that the cost of such cyberattacks will reach $ 13.3 trillion in 2025, a sum four times greater than what the cybercrime generated. in 2015.
That’s a little less than China’s annual GDP, at $ 17 billion. This includes theft of intellectual property, financial fraud against banks, businesses and individuals, theft of confidential data and the destruction of sensitive data.
And yet, all of this is more likely to end up in the synopsis of a Hollywood blockbuster directed by Denis Villeneuve than in the platform of a Canadian political party.