The Department of National Defence and the Canadian Armed Forces are looking to improve their ability to defend against cyber attacks, with newly released documents suggesting the current system remains woefully inadequate.
DND/CAF published a request for “industry feedback” on Friday morning, stating that the Canadian military wants to develop a new system “that will enable a reliable, near-real-time analysis of its Information Technology Infrastructure (ITI) to detect and identify malicious activities and then provide decision aids and tools” to defend against those attacks.
The initiative has been dubbed the “Defensive Cyber Operations Decision Support Project” and it’s expected to set taxpayers back between $50 and $99 million.
WATCH: Is Canada prepared for a cyber attack?
Friday’s documents were released less than a month after the department’s main webpage was hacked. Canadians trying to learn about career opportunities with the military at forces.ca instead found themselves staring at the landing page of the Chinese central government’s official web portal.
Mysterious 24-metre structure discovered under sand on Florida beach
House-sitters beware: Your trip could end at a border crossing
Details of the upgrade plan made public on Friday describe the project as a “complex multi-year requirement” that is still in its infancy. The final delivery date is slated for 2024.
But the documents reveal that the sooner the department’s current system for dealing with cyber threats can be replaced, the better. They acknowledge that “state and non-state adversaries are developing increasingly sophisticated cyber capabilities” that can target the Canadian military.
“Current Defensive Cyber Operations capabilities are mostly manual and do not scale to the complexity of the DND/CAF cyber domain, nor the tactics used by our potential adversaries,” the documents note.
The sensors used to detect cyber attacks are “not sufficient,” they go on to say, and when they do come across malicious attempts to compromise the department’s computer systems, “analysts must manually piece the data together to understand the extent of the breach and its operational impacts.”
On top of that, the current defence system lacks the ability to compare what the technicians are seeing to existing intelligence reports, or to other information that could help them decide how to respond.
“Furthermore, there are a very limited set of response possibilities that can be employed.”
The fundamental problem, according to the department, is that DND’s cyber defences “mainly focused on yesterday’s problem while combating today’s adversaries.”
Industry stakeholders will now have a chance to submit feedback on possible ways to bring the system into the modern era.
After that, the department will need to examine the feedback, then come up with a business case for approval by September 2017.
Global News has reached out to the department for additional information and comment.