The Canadian government has directed its military to take a more “assertive” stance in cyberspace in anticipation of electronic warfare becoming a more central component in conflict, documents obtained by Global News suggest.
A “cyber playbook” prepared by the Canadian Armed Forces and the Department of National Defence comes as Ottawa pushes for international rules and norms around cyber espionage and warfare.
The playbook, provided to Defence Minister Anita Anand earlier this year, noted that the threats facing Canada’s networks have “evolved significantly” since the government released its 2010 cyber strategy.
The document also makes clear that Canada is under increasing pressure from allies to be able to conduct joint cyber operations, either as standalone operations or as support for “conventional” military conflict.
Anand’s office “clearly recognizes” cyberspace as a domain for warfare and operations that Canada must grapple with, the document read.
Speaking at a conference of defence experts hosted by the Canadian Global Affairs Institute on Tuesday, Anand singled out cyberattacks as one of several pressing national security threats.
“Canada’s geographic position has kept us safe for much of our history, but new threats such as advanced cruise and hypersonic missiles, cyberattacks and climate change demand that we innovate and invest in state-of-the-art defences for our continent,” Anand said.
Since 2016, NATO has recognized cyberspace as a domain of operations in which the alliance must defend itself just as effectively as it does on land, at sea and in the air.
But Russia’s war in Ukraine has given new urgency to allied co-operation in cyberspace, with western governments having issued repeated warnings this year about the threat of Russian state-sponsored cyberattacks.
“It may not be as upfront as some of the other military operations, but absolutely, cyber is a part of this conflict and in fact, all conflicts,” said Stephanie Carvin, a former CSIS analyst who now teaches at Carleton University.
The department’s playbook notes that Canada’s allies are increasingly calling for operational co-operation, including as part of missions that would include “robust cyber responses.”
In particular, the playbook highlights the U.S. concept of “deterrence through resilience,” noting that it has seen “a major thrust within Canada” and could be reflected in Canada’s cyber priorities.
“Basically, it means being able to deny actors access because of good cybersecurity practices,” Carvin explained. “But also, if they are able to get in, to ensure that we have a quick response, that government systems or private sector systems can come back online quickly.”
The importance of being able to bounce back quickly from cyber strikes was again highlighted earlier this week, when Canada joined its allies in pointing the finger at Russia for a massive cyberattack conducted in late February against the Viasat satellite internet network.
The digital assault took tens of thousands of modems offline in the early days of the Russia-Ukraine war.
U.S. Secretary of State Antony Blinken said Tuesday that the attack was intended “to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries.”
“They were down and down hard. They had to go back to the factory to be swapped out.”
Carvin also noted that the Department of National Defence’s playbook mirrors another concept that has been promoted by Canada’s allies, particularly the U.S.
“I’m thinking of the concept of ‘defending forward’: the idea that you need to take a more aggressive stance in cyberspace,” Carvin said. “Not necessarily for offensive purposes, but for defensive purposes — perhaps to preempt any kind of threat that may be coming to your country.”
Just last month, western governments warned that Russia might ramp up its malicious cyber activity against critical infrastructure in response to sanctions imposed on Russia for its invasion of Ukraine.
It wasn’t the first such warning. In January of this year, Canada’s cyber defence agency urged those tasked with defending the country’s critical infrastructure to be on guard against Russian state-sponsored cyberattacks.
According to the defence department’s playbook, the need to better gather, use and share intelligence extends beyond the federal government and should engage industry, internet service providers and academia. That’s been a priority for the Communications Security Establishment – Canada’s main cyber defence and espionage agency, which also reports to Anand – particularly during the global pandemic.
Similarly, industry representatives have recently called on the federal government to make it easier for businesses to report cyber incidents — possibly through so-called safe harbour legislation, which would shield businesses that report a cyber breach from legal liability provided certain conditions are met.
Last month, the Canadian government published the country’s position on cyber warfare and international law. The document hints at what Canada is willing to do in both cyber espionage and warfare, but also when the government would consider a cyberattack to violate Canadian sovereignty.
“The scope, scale, impact or severity of disruption caused, including the disruption of economic and societal activities, essential services, inherently governmental functions, public order or public safety must be assessed to determine whether a violation of the territorial sovereignty of the affected state has taken place,” the document read.
In plain language, Carvin said, “not every action that crosses or affects a state is a violation” of sovereignty.
“So probing a system may not constitute a violation of state sovereignty, even if the action might be considered illegal,” Carvin said.
“If, for example, another country sent a spy to collect the same information, only in person, Canada’s state sovereignty wouldn’t be violated, but the action would be illegal – something like breaking and entering.”
In a statement, the Department of National Defence said its primary focus is on defending networks against cyberattacks.
“Being assertive doesn’t just mean going on the offensive, but ensuring our networks, systems and applications are well protected. This is where our focus primarily lies,” DND spokesperson Jessica Lamirande wrote in a statement to Global News.
“Though we cannot release any further information on actual or alleged cyber operations, our Cyber Force is well positioned to plan and conduct cyber operations to defend military systems and infrastructure, and deliver effects outside of Canada, as authorized, in support of Canadian interests abroad.”
Both in the document and in its statement, DND stressed that cyber operations are only carried out “on the direction of the Government of Canada.” Like the CSE, the department declined to discuss any details of actual cyber operations.
“To safeguard our national security and operations, DND/CAF does not release information related to specific incidents, vulnerabilities, or details about measures taken to defend against cyber threats,” Lamirande wrote.