A man makes his way through the city’s financial district in downtown Toronto. The federal government committed hundreds of millions of dollars in its recent budget to help reinforce Canada’s cyber defences — but if the effort fails to prevent a major attack, Ottawa can always turn to its little-known $102-billion emergency stash. The rainy day fund of highly liquid assets is available to keep the government running for at least a month should the country ever find itself confronted by a severe crisis, such as a cyberattack that impairs access to financial markets. (Photo by THE CANADIAN PRESS)

Spy agency chief says new powers would help stop cyberattacks before they happen

OTTAWA — The head of Canada’s cyberspy agency says new powers proposed by the Trudeau government would let her institution stop cyberattacks before they are launched — instead of having to sit back and wait for them to happen.

Communications Security Establishment chief Greta Bossenmaier made the comments to a parliamentary committee on Thursday as she revealed the agency has been working overtime to block attacks on federal networks.

“We’re now blocking over one billion malicious attempts to compromise government systems on average every day,” Bossenmaier said during an appearance alongside Defence Minister Harjit Sajjan. “One billion attempts.”

That equates to more than 11,500 every second, which the committee was told includes everything from minor pokes to assess the strength of a system, to malware, to dedicated hacking.

That is where the Trudeau government’s proposed national security legislation, Bill C-59, would come in, Bossenmaier said, and help nip some of those attacks in the bud by giving the CSE the power to launch offensive cyber operations.

“Instead of sort of standing back with a shield to try to protect against these billion malicious attempts per day and waiting for them to happen, we could actually go and say: ‘Let’s try to stop that cyberattack even from happening’,” she said.

“So there could be a server outside that we know is now trying to infiltrate a Canadian system and steal Canadians’ information, we could through this legislation … stop that attack before it actually gets to our shores.”

That ability to stop an attack before it happens is only one potential use for the CSEs’ proposed new powers; the agency could also halt a terrorist attack and support military operations.

But the move toward government-authorized cyberattacks has raised numerous questions: What if, for example, Russia or China were behind an attack? How much information does the CSE need before acting against a potential threat?

A December report by leading Canadian cybersecurity researchers, said there is no clear rationale for expanding the CSE’s mandate to conduct offensive operations.

It said the scope of the planned authority is not clear, nor does the legislation require that the target of the CSE’s intervention pose a meaningful threat to Canada’s security interests.

NDP public safety critic Matthew Dube, meanwhile, flagged a potential grey area when it comes to offensive cyber operations against foreign countries.

“It feels like there might be a slippery slope there in terms of international law as to what is military action and what is not,” he said.

The committee was told that the new law includes strict approval processes and oversight provisions when it comes to offensive operations, and that the law specifically forbids any action against Canadians or targets in Canada.

Sajjan said the proposed powers bring Canada in line with its closest allies, but he acknowledged that the government is, in some ways, still feeling its way through the issue.

“There is this nebulous feel because it is cyber and we need to be far better at understanding how these attacks occur, what their intent is, and then how do you deal with it,” he told reporters after the committee meeting.

Bossenmaier and Sajjan also faced questions Thursday about the CSE capturing information about Canadians, including whether it would be allowed to use the type of data purportedly obtained by Cambridge Analytica from Facebook users.

The committee was told that while the law does let the CSE use publicly available information about Canadians, it can only do so in very strict circumstances and that the exemption does not apply to data obtained illegally.

Just Posted

Hospitalizations jump in Red Deer due to opioid poisonings

Small city hospitals impacted more by opioid crisis

Central Alberta councils learn more about Bighorn Country proposal

A collection of central Alberta politicians are learning more about the province’s… Continue reading

High-speed chase led to fatal collision, jury hears

A Delburne man accused of manslaughter caused a fatal rollover collision during… Continue reading

‘Part of the solution:’ Alberta seeks proposals to build new refinery

EDMONTON — Alberta is looking for someone to build a new oil… Continue reading

Online ads spoil Christmas surprises, raising privacy concerns: experts

Lisa Clyburn knew she had found the perfect gift for her nine-year-old… Continue reading

Sebastian Giovinco, Jonathan Osorio and Adriana Leon up for top CONCACAF awards

Toronto FC’s Sebastian Giovinco and Jonathan Osorio are up for CONCACAF male… Continue reading

Huitema, Cornelius named 2018 Canadian Youth International Players of the Year

TORONTO — Canada Soccer has named striker Jordyn Huitema and defender Derek… Continue reading

Review: Too much Spider-Man? Not in the Spider-Verse

You might be forgiven for feeling superhero overload this holiday season. Had… Continue reading

‘Modern Family’s’ Sarah Hyland had second kidney transplant

LOS ANGELES — “Modern Family” star Sarah Hyland says she had a… Continue reading

Orlando SC acquires Canadian Tesho Akindele in trade with FC Dallas for cash

ORLANDO, Fla. — Canadian forward Tesho Akindele was traded to Orlando City… Continue reading

Koskinen notches third shutout, McDavid gets winner as Oilers blank Flames 1-0

EDMONTON — The Edmonton Oilers appear to have shored up their defence… Continue reading

Most Read