Hostile regimes like China pose Canada’s ‘greatest strategic cyber threat’, lawmakers tell committee

According to Feb. 7 testimony before the House of Representatives Standing Committee on Defense, Canada faces two major cybersecurity threats.

These include cyber programs in countries hostile to Canada and cyber crimes such as ransomware attacks, lawmakers said.

“State-sponsored cyber programs by Russia, China, Iran, and North Korea continue to represent Canada’s top strategic cyber threat,” (CSE).

“We know that Iran uses cybercriminal tools to avoid identifying them. This is one of their techniques. We are chasing competence,” Cory told lawmakers. “North Korea is very interested in stealing credentials and increasing their economic value by stealing funds. I have a motive.”

Other witnesses told the commission that to see what cyberwarfare really looks like, one must simply look at Russia’s invasion of Ukraine.

“The reason I think it’s particularly important to pay attention to the Ukraine war is because it’s a cyber warfare laboratory,” said Wesley Work, senior fellow at the Center for International Governance and Innovation, a Waterloo-based think tank. rice field. “This is the first single laboratory that has seen everything Russia used against Ukraine.”

The Commission heard two examples of this.

“We’ve seen them use them against Ukraine by cutting power grids. Twice,” Khoury said. “We are very concerned about that, so we are working with his provider of critical infrastructure in Canada to make sure they are taking all precautions,” he said. said.

He added that while Western countries were not directly targeted, there could be ramifications, such as if Russia jammed Ukraine’s satellite communications when the invasion was launched.

“Therefore, Russia pursued satellite communications … As a result, there were some Western entities that were also users of that service. As a result, their communications were disrupted,” he said.

Concerns about what other countries are doing have led to some outspoken comments from Conservative MP Sheryl Gallant about a Chinese high-altitude balloon that flew over Canada and the United States over the course of a week starting January 28. Prompting questions, the balloon was shot down on February 4. Over the Atlantic Ocean in North Carolina. However, some lawmakers have expressed anger that nothing appears to be happening over Canada.

“When and how was the Communications Security Authority established? [CSE] Have you noticed Chinese balloons in our airspace? asked Gallant.

“When the minister spoke over the weekend, she indicated that she was working very closely with US allies on this issue,” said Alia Tayyeb, deputy chief of Signals Intelligence at the CSE. .

“Did CSE play a role in electronic warfare by blocking or sabotaging devices attached to spy balloons?” Gallant asked.

“Again, I am sorry that I am unable to answer your question,” Tayeb replied, saying he would try to get a written response to the committee later.

Gallant also asked whether ongoing research partnerships between Canadian universities and China’s National University of Defense Technology are being monitored.

“We … report on foreign activity … directed at Canadians …[s] Including our approach to research activities, intellectual property, or financial investments,” Tayyeb replied.

But direct state-sanctioned cyberattacks aren’t the only threat. Cybercrime and ransomware are also major concerns.

The commission heard that nearly every aspect of public life could be targeted, including government departments, health care institutions and utility companies.

“I think we’re standing our ground” against cyberattacks by China and Russia, Work told the commission. He added that it is still a big challenge.

“The threats to Canada and Canadians are in a whole other world, including cybercrime,” he said. Wark added that while large companies and institutions are fairly aware of cyber risks, many small businesses feel vulnerable.

“The real problem is that small businesses don’t have the resources and don’t understand how vulnerable they are to cyberattacks, so we need to find ways to help them,” he said. rice field.

Khoury told the commission that the center does not know how many ransomware attacks there are because private companies are not required to report them.

“Many of them haven’t reported it. In fact, in 2021, Cyber ​​Center only had about 300 ransomware incident reports.

He said the cyber center is working with the private sector to mitigate threats, including issuing alerts on new threats and other ongoing countermeasures.

Aaron Shull, managing director of the Center for International Governance Innovation, proposed tax incentives as a way to force small businesses to comply with cybersecurity protocols.

“There’s an old saying that you can’t herd cats, but you can choose where you put their food out,” Schul said.

The committee also asked about the role of social media and how foreign actors are trying to influence it, including the use of bots.

“The world of social media communications is increasingly influenced by automated bots,” said Wark. “These are machines that amplify according to certain algorithms, certain kinds of messages, and there they are. there is,” he said.

The Commission conducts research into Canada’s cybersecurity and cyberwar readiness.