Canada’s military too vulnerable to cyber attacks: documents

The facade of the headquarters of the Department of National Defense is pictured in Ottawa, Wednesday April 3, 2013. The Canadian Press

The Department of National Defence and the Canadian Armed Forces are looking to improve their ability to defend against cyber attacks, with newly released documents suggesting the current system remains woefully inadequate.

DND/CAF published a request for “industry feedback” on Friday morning, stating that the Canadian military wants to develop a new system “that will enable a reliable, near-real-time analysis of its Information Technology Infrastructure (ITI) to detect and identify malicious activities and then provide decision aids and tools” to defend against those attacks.

The initiative has been dubbed the “Defensive Cyber Operations Decision Support Project” and it’s expected to set taxpayers back between $50 and $99 million.

WATCH: Is Canada prepared for a cyber attack?

Click to play video: 'Is Canada prepared for a cyber attack?'
Is Canada prepared for a cyber attack?

Friday’s documents were released less than a month after the department’s main webpage was hacked. Canadians trying to learn about career opportunities with the military at instead found themselves staring at the landing page of the Chinese central government’s official web portal.

Story continues below advertisement

READ MORE: Hackers attacking Canada’s ‘critical infrastructure’ and it’s only going to get worse

Details of the upgrade plan made public on Friday describe the project as a “complex multi-year requirement” that is still in its infancy. The final delivery date is slated for 2024.

But the documents reveal that the sooner the department’s current system for dealing with cyber threats can be replaced, the better. They acknowledge that “state and non-state adversaries are developing increasingly sophisticated cyber capabilities” that can target the Canadian military.

“Current Defensive Cyber Operations capabilities are mostly manual and do not scale to the complexity of the DND/CAF cyber domain, nor the tactics used by our potential adversaries,” the documents note.

The sensors used to detect cyber attacks are “not sufficient,” they go on to say, and when they do come across malicious attempts to compromise the department’s computer systems, “analysts must manually piece the data together to understand the extent of the breach and its operational impacts.”

On top of that, the current defence system lacks the ability to compare what the technicians are seeing to existing intelligence reports, or to other information that could help them decide how to respond.

“Furthermore, there are a very limited set of response possibilities that can be employed.”

The fundamental problem, according to the department, is that DND’s cyber defences “mainly focused on yesterday’s problem while combating today’s adversaries.”

Story continues below advertisement

Industry stakeholders will now have a chance to submit feedback on possible ways to bring the system into the modern era.

After that, the department will need to examine the feedback, then come up with a business case for approval by September 2017.

Global News has reached out to the department for additional information and comment.

Sponsored content