Canada ready to ‘impose costs’ on malicious cyberactors, advisers tell Trudeau
The Canadian Centre for Cyber Security has warned that state-sponsored players can conduct sophisticated influence operations by posing as regular people
OTTAWA — Canada will work with allies to strike back at foreign cyberattackers and “impose costs” that make them understand the price of their wrongdoing, advisers have told Prime Minister Justin Trudeau.
“Malicious state-sponsored cyber acts affect national security and economic prosperity interests,” says a newly released briefing note to Trudeau on the dangers to Canada from the online realm.
“Addressing these threats requires both better security at home and co-ordinated international actions.”
The note, obtained by The Canadian Press through the Access to Information Act, was included in materials to help prepare Trudeau for his second mandate following the Liberal victory in the October election.
Several passages deemed too sensitive to disclose were blacked out of the document.
The briefing note underscores the evolving threat to Canada on a new and often shadowy virtual battlefield.
The Canadian Centre for Cyber Security, a federal agency that monitors brewing online threats, has warned that state-sponsored players can conduct sophisticated influence operations by posing as regular people.
Online operatives create social media accounts or hijack existing profiles, and even set up “troll farms” of employees paid to comment on traditional media websites, social media and anywhere else they can reach their target audience, the centre said in a December 2018 report.
As a country with its own cybercapabilities, Canada is well-positioned to help shape an international strategic framework for cyberspace and advance Ottawa’s global peace and security interests, the briefing note to Trudeau says.
Canada has pursued a two-pronged strategy: develop and promote universal understanding of appropriate state behaviour in cyberspace, and help form co-ordinated mechanisms among like-minded countries to hold malicious actors to account.
“Rules and norms in cyberspace are critical, but they must be supplemented with measures to impose costs on hostile actors,” the note stresses.
It says that goal applies whether the attacks are prohibited under international law, unacceptable under non-binding international norms, or deemed a threat to Canada’s security or interests.
“Canada and its allies consider malicious cyber acts to be a major threat and believe that malicious actors will change their behaviour only when the costs outweigh the benefits.”
The principal international forum for advancing discussions on responsible state behaviour in cyberspace is the United Nations Group of Governmental Experts. In addition, the G7 countries have set up the Rapid Response Mechanism to react to emerging digital threats.
Deterrence begins with strong cyberdefence, led by the Centre for Cyber Security, to make it harder for hackers to gain access to important systems, the briefing note says.
“Deterrence in cyberspace is also about what Canada is prepared to do to respond to the threat.”
The Communications Security Establishment, Canada’s electronic spy service, now has a mandate to conduct foreign cyberoperations, giving Ottawa the means to respond to “serious foreign threats, international crises or events as part of a broader strategic approach and based on Canada’s foreign policy objectives,” the note says.
The CSE could be given the green light to proactively stop or impede foreign cyberthreats before they damage Canadian systems or information holdings, and conduct online operations “to advance national objectives,” it adds.