New cybersecurity rules coming this winter amid year of massive hacks: Ralph Goodale
Public Safety Minister Ralph Goodale says the government is poised to unveil a new set of measures this winter that will tighten up the security of Canadian critical infrastructure after a year of unprecedented hacks on both private and public systems around the world.
The question of whether the government is doing enough to protect Canadians from malicious hackers and cyberattacks has come up multiple times over the course of 2017. Headlines from the United States to Europe sounded the alarm over revelations of thousands — and in some cases, millions — of individuals having their private information compromised in attacks. They included the hack of the U.S.-based credit bureau Equifax, which affected 8,000 Canadians in September, to the global ransomware attack that crippled Britain’s National Health Service last spring.
While C-59, the bill Goodale appeared before the House of Commons public safety committee to talk about on Thursday morning, would give enhanced powers to the Communications Security Establishment to launch cyberattacks against foreign hostile actors who try to compromise Canadian systems from abroad, it does not offer new protections or powers for the CSE to act in cases of attacks that come from within Canada and which target Canadian infrastructure.
As recently as on Monday, officials have sounded alarm bells over the devastating effect such an attack could have on banking systems, electrical grids, health-care databases and emergency response systems.
Goodale said Thursday that the government will present three new initiatives this winter that will specifically take aim at protecting Canadians and Canadian cyberspace from attacks.
“You will see from the government through the course of this winter at least three specific initiatives to enhance our governance arrangement around how we deal with cyber, enhance the resources that are provided to deal with cybersecurity, and to make our response mechanisms a lot more nimble,” said Goodale in a scrum with reporters following the committee.
C-59 seeks to overhaul the foundations of the Canadian national security landscape through 130 pages of proposed legislation that would do everything from authorizing the CSE to launch offensive cyberattacks against hostile actors to undoing several controversial elements of the former Conservative government’s national security bill, C-51.
The bill also creates a new expert review body that will review national security activities carried out by government agencies and departments and tasks a new Intelligence Commissioner with authorizing the warrants granted to the CSE and CSIS, the Canadian Security Intelligence Service.
It comes amid a climate of growing concern over both the capabilities of adversaries to launch attacks that defy conventional defences and questions over whether governments and the private sector are doing enough to protect citizens and clients when their networks are compromised.
Last year, the annual Global State of Information Security survey put out by PricewaterhouseCoopers found a 160 per cent increase in the number of cyber incidents reported in Canada in 2016 compared to 2015.
And as Global News reported last week, news that Uber concealed a hack of the accounts of 57 million users and paid off the hackers to keep quiet raised renewed calls for the government to change the rules to require companies to notify users when their personal information is compromised.
WATCH BELOW: Uber reveals it was the victim of a hack
It is not clear at this time if the three initiatives Goodale referenced Thursday will include tougher requirements for businesses to protect and notify consumers, but experts have long said the path forward on strengthening cybersecurity will require much deeper cooperation and collaboration between the government and the private sector, which controls a significant amount of both Canadians’ data and the critical infrastructure networks that keep day to day operations moving.
Terrorist groups like ISIS as well as the hacktivist group Anonymous have also shown willingness to launch cyberattacks against the networks of governments they disagree with.
Anonymous claimed responsibility in 2015 for an attack that shut down several government of Canada websites including the sites for Foreign Affairs, Transport Canada, Citizenship and Immigration and Justice Canada. The group also took down dozens of departmental sites and was reported to affect the BlackBerries of government employees and internal network services.
That attack was in retaliation for the former Conservative government’s controversial anti-terrorism legislation, C-51.
If individuals such as returned ISIS fighters or hacktivists were to try again from within Canada, the enhanced powers CSE will be getting under the Liberal national security bill to shut down attacks coming from abroad would not apply.
“CSE’s mandate is external,” Goodale said.
WATCH BELOW: Goodale says number of returning foreign fighters “essentially the same” as two years ago
Roughly 180 Canadians have left to take part in conflicts abroad and the government has said “about 60” have returned to Canada over the past several years.
Those numbers do not refer specifically to individuals returning from fighting with ISIS in Iraq and Syria, and Goodale took aim at efforts by the Conservatives over the past two weeks to paint the government as soft on terror because of its creation of the Canada Centre for Community Engagement and Prevention of Violence, which focuses on preventing radicalization and coordinating tools that can be used to re-integrate extremists into society.
While the tone of the meeting overall was genial and curious, with most of the Conservative members indicating support for the government’s efforts and willingness to listen to ideas on how to improve the legislation, party firebrand Cheryl Gallant took up party talking points by asking the minister to name a favourite piece of poetry being used in extremist counselling.
The Conservatives have focused for weeks on the fact that counter-radicalization centres and family support groups supported through the centre across the country use a variety of counselling techniques, one of which can include poetry.
However, there is no evidence any of the individuals who have actually returned from fighting with ISIS have actually been reading poetry.
In response, Goodale called the characterization a “complete misstatement of the government’s position” and emphasized the challenges in turning intelligence used in monitoring returning extremists into evidence that can actually be used in a court of law.
“You cannot always use what might be perfectly valid intelligence in court proceedings,” he said. “If you have a particular piece of information about an individual and you submit that in a court of law, the defence counsel will want to cross-examine the source of that evidence … if the origin is confidential information from a source in the midst of a terrorism operation or activity, if you disclose the identity of your source that person is likely dead. That’s the challenge in the conversion of intelligence into evidence.”
Goodale also noted that under the Liberal government there have been two charges laid against returning foreign fighters.
There were none laid under the former Conservative government.
© 2017 Global News, a division of Corus Entertainment Inc.