It is not new, or particularly surprising, that the federal government has decided Canada needs to up its capabilities in terms of cybersecurity.
Early in 2016 a former CSIS director, Richard Fadden, suggested Canada needs to be able to launch its own cyber attacks as well as maintain cyber defences.
And the recently released defence policy review was clear that “a purely defensive cyber posture is no longer sufficient” considering the exponential growth in threats. Canada has not kept pace and now needs to catch up, and a big part of that is enabling the security establishment to conduct offensive operations in cyberspace where the need can be demonstrated.
What does it all mean? It means security officials will have the ability to launch cyber attacks against foreign actors, such as terror groups and other governments. Targets of these “active cyber operations” could include foreign groups, organizations, states and individuals. For example, if a foreign agent is attempting to steal private information from a government network, cyber spies could hack into and disable the network and/or servers being used. Currently, security officials can only repel such attacks as opposed to launching a counterattack.
Ultimately, this makes sense, but it’s a daunting prospect because it gives security agencies an unprecedented amount of power. The rules of engagement will specify that attacks would not be permitted to cause death or bodily harm, or to “obstruct, pervert or defeat the course of justice or democracy.” Other rules explicitly forbid actions inside Canada or against Canadians or their interests.
So there are regulatory safeguards planned. But clearly there will also be a need for stepped-up oversight. The government appears aware of that given its commitment to beef up oversight of all national security agencies. New rules will also restrict some of the powers spy agencies now have and impose an independent review of domestic actions by the national electronic surveillance organization.
YOU WILL ALSO ENJOY: Canadian security agency will soon be able to launch cyber attacks against terrorists
In part, this new oversight zealotry aims to keep a Liberal campaign pledge to fix what is wrong with the controversial Anti-Terrorism Act of 2015. Instead of making radical changes, the Liberals are adding a whole new layer of oversight, arguing that will protect Canadians from draconian applications of the act.
If all this leaves you feeling a little uneasy, it should. The cyber world is increasingly high-risk and unstable thanks to the combative and exploitive players involved. Canada didn’t create this reality, and we probably have little choice but to respond. But now that we are one of those players, you can’t help but think we’re closer to the actual cyber battleground, where some casualties, hopefully not the human kind, are inevitable sooner or later.
Source: The Hamilton Spectator