Russian hackers interfered with the U.S. presidential election, and Prime Minister Justin Trudeau has tasked a cabinet minister with ensuring nothing similar happens in Canada – but it’s not governments who should be most concerned about security online, it’s individuals, says Scott Jones, who is tasked with defending the federal government’s networks.
“When you look at cybercrime, it’s the huge impact that’s going to hit you and me,” said Jones, the assistant deputy minister at the Communications Security Establishment.
“And if I look at what’s the biggest threat online, it’s actually the growth of cybercrime. [It’s] the use of those tools that will undermine our confidence in this environment in general.”
If the public’s trust in the cyber world is damaged enough, Jones said, society will feel a desire to revert to behaviours predating the online world.
WATCH: Border, cyber security part of Trump plan to thwart homegrown terrorism
“If that undermines our confidence, then we move back to bricks-and-mortar shopping and a paper-based bureaucracy,” he said. “I don’t think that’s going to work.”
In essence, he said, while the security of the government’s information is pivotal, it’s not the only thing with which cybersecurity experts are concerning themselves.
“It’s about everything,” Jones said.
Forsaking privacy for ease
The security considerations individuals ought to take mirror those at the enterprise and government levels, Jones said in an interview on The West Block.
For example, the CSE has a “Top 10 Security Actions” list it published to help protect government information.
READ MORE: U.S. defence chief says ‘very little doubt’ Russia interfered with US election
Often, a person might connect networks or opt to skip a sign-in because it’s simpler or faster. “When you have the option of weakening security to make it easier, think about that,” he said.
Other tips Jones offered include uninstalling software no longer in use, updating software and ensuring operating systems are up to date.
Will Canada’s election be compromised?
On the national scale, CSE is tasked with supporting Democratic Institutions Minister Karina Gould in her new mandate to help defend the Canadian political system against cyber threats and hackers.
Jones said his role will helping shed light on how the government can maintain the integrity of the vote and assure Canadian elections continue to be open, transparent and free of interference.
READ MORE: U.S. defence chief says ‘very little doubt’ Russia interfered with U.S. election
While acknowledging there are always vulnerabilities online, Jones said Canada is “very robust” in terms of the democratic process.
“We’ve got a pretty savvy citizenry,” he said. “Really, this is about building that knowledge and not being caught unprepared.”
In terms of the big question – could what happened in the U.S. election happen in Canada? – Jones demurred.
“Well, it’s a different environment,” he said. “Cyber is a good means to get information that you could use to shape opinion, to change people’s minds … I think cyber is just a new means of doing something that’s been existing a long time.
“It’s just that it’s so much easier.”
100 million malicious attacks daily
Every day, the Communications Security Establishment blocks more than 100 million – some days more than one billion – malicious cyber “actions,” Jones said.
An “action” is not necessarily an attack, he said; an action is usually someone looking for vulnerabilities in the system, trying to poke holes and probing to see where any weaknesses might be.
Those daily occurrences come from everywhere – from states to “enthusiasts,” Jones said.
WATCH: Israeli PM Netanyahu to discuss cyber security with Donald Trump
At the same time, however, CSE looks for anything within the federal cyber system capable of being exploited, such as software vulnerabilities – anything that could allow a state or individual to “open that door and get into our systems,” he said.
READ MORE: Canadian infrastructure sector made aware of potential effects of ‘insider’ cyberthreats
So while 100 million or even a billion potential attacks might seem like an enormous number, Jones said the threat only becomes big if he and his colleagues stop adapting.
“We have to be investing and paying attention to this because, as technology grows and becomes more pervasive in our lives, we’re starting to see that everything has some sort of cyber element to it,” he said.
“If we choose to ignore it and just continue to adopt technology and not think about how to secure it, and how to protect ourselves, it will become a really big problem.”