Tuesday, February 6, 2018

Canada Cyber Defence: Uninformed, Wild Speculation

I was chatting with a defense attache today, and he asked me a question about Canada: why hasn't Canada developed much of a cyber-defence capability yet?  Given that cyber threats are the most significant dangers to Canada (we are too far away from everyone for conventional military threats and most nukes will just pass over, oops), this is a puzzle.  I hate not answering questions, so here are my wild guesses, and you can let me know which you think makes the most sense:

1) Standard bureaucratic politics: neither the army, air force, nor navy wanted to spend money/personnel on cyber since it would mean taking away from the activities/equipment that they have long seen as priorities.  The only way to develop cyber capabilities is to have new money, which is ultimately what the Defence Policy Review (aka SSE for Strong, Secure, Engaged).
2) Canadian defence procurement doth suck muchly.  The SSE and the Liberal government budgeted money for new personnel and stuff to do cyber stuff.  So, yeah, we shall how long that takes to happen.  I feel like blaming Treasury Board because, well, I don't really understand it, but they seem to not like spending money.
3) Canada lacks a good imagination of the possible.  When we hear discussion of cyber and the CAF, the discussion ends up focusing on how can one have soldiers who compute?  Do we have to have the same physical standards for the cyber warriors as for the normal kind?  How about considering how the other advanced democracies do it?  The National Security Agency is owned by the Department of Defense, but is mostly a civvie agency if I am not mistaken.  Perhaps the DND cyber warriors could be civilians?  I have no idea really, but how about seeing how other countries have done it.
4) I do think that Canadians are worried about privacy and about the government having too much capability.  There was concern and questions about the cyber offensive stuff in the SSE.  So, maybe the politicians are slow because they think this stuff is unpopular?

As I said, I am wildly speculating.  Given where Canada is now on this at a time where Canadian institutions (including Carleton) are getting hit by cyber attacks, should we expect more out of the government?  If so, why is it (and previous governments) underperforming?  

No comments: