It’s no secret that it’s election season in Canada. While there are a host of important issues which rightfully deserve their place in the spotlight, some are especially keen to see which parties will help cybersecurity and critical infrastructure emerge from the shadows.
Conducting an informal survey of platforms representing Canada’s four main parties on cybersecurity is one way to shed light on where each stands on this issue. As of this writing, a word search for cyber produces the following results (listed in order from greatest to least):
- Conservative Party of Canada: 17 occurrences
- Liberal Party of Canada: 5 occurrences
- Green Party of Canada: 2 occurrences
- New Democratic Party of Canada: 1 occurrence
While numbers may be important, they don’t always give us the full picture. For this reason, I decided to write the following to each of the four main political candidates in my riding:
I’m reaching out to each of the candidates for Regina-Lewvan to gain a better understanding of your position on cybersecurity in Canada. What, specifically, do you commit to doing to advance the security and privacy of Canadians amid an onslaught of cybersecurity threats?
Indeed, it’s a big question. In fact, as an esteemed colleague put it, the question was akin to “asking the tour guide not only about the history of the pyramids, but asking in detail how they could be built today.” Touché.
Candidate Responses
In the interest of transparency, I informed each candidate I would be publishing their response. Each response is listed in the same order as the bulleted list above, for consistency.
I note the views expressed are those of the candidates and do not necessarily represent the views or opinions of the author; neither does this post constitute an endorsement of any candidate.
Conservative Party of Canada
“Hi Brennen [-] in addition to today’s announcement, please find an outline of our position on this issue.
“Canadians are facing growing security threats. A global pandemic, great power rivalries, transnational criminal organizations, terrorism, disinformation campaigns and cyber-attacks all pose ongoing threats to Canadians.
“Canada’s Conservatives will:
“Mandate a Minister of National Security & Public Safety with securing Canadians from threats by addressing data and cybersecurity, information operations, threats from foreign actors against Canadian residents, extremist financing, space and surveillance, and industry and critical infrastructure.
“Protect Canadian democracy from foreign interference. The Trudeau government adopted limited measures to address disinformation and influence operations before the 2019 federal election. Those efforts ended with the election, and the government has not developed or implemented a permanent strategy to address the long-term threat.
“Canada’s Conservatives will recognize that information warfare and influence operations do not simply target our election cycles but are a persistent threat to our entire democratic system.
“To protect our democracy from foreign interference, we will:
“Establish a permanent task force to address foreign interference that will:
“Address disinformation and influence operations online and on our streets and will bring together National Defence, Global Affairs, CSIS, CSE, provincial and municipal agencies, civil society, social media platforms and media.
“Address threats from foreign actors against Canadian residents, including recently reported operations against diaspora communities in Canada.
“Engage our allies and other democracies to monitor, detect, and expose foreign disinformation attacks and threats from foreign actors.
“Pass a Foreign Agents Registry Act requiring individuals and companies acting as agents of designated foreign principals (country, corporation, entity or individual) in a political or quasi-political capacity including lobbying, policy development, advertising, and grassroots mobilization to register. Requirements for disclosure would include the amount of payment, the nature of the relationship, and the activities performed.”
Warren Steinley, Candidate
Liberal Party of Canada
“Canadians are looking to the government to secure the cyber world, and on the doorstep and through the phones I’ve been hearing the increased need for more cyber security. I am pleased to respond back to you today.
“Our Liberal government has done a lot to protect [link provided in original response] the security and privacy of all Canadians. With contributions to NATO’s cyber defence by working collaboratively with NATO to develop and expand NATO’s understanding of the cybersecurity threats facing the world. As well, by launching the Canadian Centre for Cyber Security to provide Canadian citizens and business with a trusted place for cyber security, and strengthen the RCMP’s National Cybercrime Coordination unit to bolster investigations in cybercrime our government has done this to meet the challenges of today and tomorrow. I fully support the Government’s actions on cybercrime and security, as well against malicious cyber actors. Which the government had done by partnering with CSE to have thousands of fraudulent sites or email addresses removed.
“I want to make it known that I absolutely trust and rely on Canada’s strong cyber security. I will support Regina-Lewvan constituents as a Member of Parliament by listening to the concerns on cyber security and working with our Liberal government to continue the work that has been done to strengthen Canada’s cyber security, now and in the future.
“At this time in our country and the state of past elections around the world. I want to make it clear that Canada and our government have championed principle 3 of the Paris Call for Trust and Security in Cyberspace, aimed at protecting election integrity. As well, by updating the Canada Declaration for Electoral integrity Online, a collaborative initiative with major social media and digital platforms to strengthen integrity, transparency and authenticity in our elections.
“The work that the Liberal government has done in its term has strengthened and protected Canada’s security and privacy in Cyberspace. I as your Member of Parliament will listen and work to maintain that security, privacy, and advance the work that is currently and will be done by Liberal governments.”
Susan Cameron, Candidate
Green Party of Canada
“In particular, cybersecurity threats from the government of China have been raised with me by concerned voters. When I was an EAL teacher at Luther College High School in Regina, I had multiple students from China that were concerned about being monitored remotely for their opinions about the government. I am committed to prioritizing the security and privacy of everybody who lives in Canada.
Our party has said that a Green government will prohibit warrantless intrusions on Canadians’ communications, ban cyber surveillance programs that use bulk data collection, end the routine surveillance of Canadian protesters and NGOs, and significantly increase the powers of the Privacy Commissioner. We will require companies to respect the “right to be forgotten” and create mandatory data breach reporting for all government departments, companies, banks and political parties. I stand by these policies.”
Michael Wright, Candidate
New Democratic Party
“Tria here. Honestly, I would want to reach out to experts on the topic like yourself [to] better equip myself to deal with this important issue. This is not an area I am well versed in, and I am [constantly] learning about how vulnerable we all are to cybersecurity [attacks]. If you have any reading or [recommendations] you would like to send me for background reading, I would be happy to learn more. I am not sure if that answers your question, but thanks for reaching out[.]”
Tria Donaldson, Candidate
A Need for Clarity, Consistency, and Visibility
I had the opportunity to sit down with Connor O’Donovan with Global News Regina to discuss the current state of data security this election. At one point, I was asked to share a few words of advice about what could be done within the first 90 days of the government’s mandate.
I said it all starts with getting a hold of what today’s cybersecurity climate is looking like, both from a national security standpoint as well as from their own political party’s perspective.
We need clarity, consistency, and visibility into the cybersecurity practices of parties and Canada’s government institutions.
Clarity
Canadians need a clear picture of what kind of information may be, or has been, put at risk. For political parties in particular, this might mean placing a renewed focus on identifying the Crown Jewels of data the Canadian electorate has entrusted them to keep safe.
Political parties in Canada should clearly articulate how information may be collected and put to use — including its management from what’s termed “cradle to grave.” We must dig deeper into the platitudes of “taking the privacy and security of data seriously.” Failing this, threat actors will presumably unearth something; if not now, later.
Consistency
What’s more, we need to move beyond what author and national security expert Juliette Kayyem calls “the bifurcation of cyber and physical security which is a legacy that can no longer hold.” As she candidly calls out, responding to cyber attacks is about “minimiz[ing] the losses, keep[ing] the system going, [and] have[ing] more than an on/off switch.”
Political parties in Canada shouldn’t consider themselves immune from risk. If we can accurately and consistency compile campaign finance information for auditing purposes, it isn’t a stretch to require political parties to do the same for the ones and zeros of data.
Cloud service providers are often required to disclose this kind of information; it should apply to parties with access to what should be considered highly sensitive information.
Visibility
Lastly, there is an opportunity to clearly and consistently report on data security and privacy the same as what is produced for audited financial statements which keep track of donations and spending. We should be able to quickly and easily access a like-for-like comparison of the privacy and security controls each party either claims, or is required, to have in place.
Of course, there may sometimes be a need to keep this kind of information protected from public disclosure. After all, we don’t want to run the risk of giving away a playbook of known vulnerabilities; however, Elections Canada should have the ability to monitor how identified gaps are being addressed.
The Chief Electoral Officer may even be granted the authority to impose limitations, either in whole or in part, for parties who fail to comply with data governance requirements.
A Call to Action
We stand at a pivotal time in history. The issues we face ranging from the global pandemic through to climate change and social justice are cause not only for concern, but for action.
Perhaps one of the few things we do have control over, though, is the flow of data. This election, I encourage Canadians to ask candidates and political parties how each plans to address an onslaught of threats to Canada’s cybersecurity and critical infrastructure.
If you’ve ever been interested in making a career change to technology or cybersecurity, this is your moment. Together, we have an opportunity to thwart threat actors both locally and abroad. Our future depends on it, especially as we continue navigating the dis/mis-information age.
0 Comments