now we get a look at our military’s “cyber playbook”. From a Global News story:
Canada directs military to take more ‘assertive’ stance in cyberspace
By Marc-André Cossette & Alex Boutilier
The Canadian government has directed its military to take a more “assertive” stance in cyberspace in anticipation of electronic warfare becoming a more central component in conflict, documents obtained by Global News suggest.
A “cyber playbook” prepared by the Canadian Armed Forces and the Department of National Defence comes as Ottawa pushes for international rules and norms around cyber espionage and warfare.
The playbook, provided to Defence Minister Anita Anand earlier this year, noted that the threats facing Canada’s networks have “evolved significantly” since the government released its 2010 cyber strategy.
The document also makes clear that Canada is under increasing pressure from allies to be able to conduct joint cyber operations, either as standalone operations or as support for “conventional” military conflict [emphasis added].
Anand’s office “clearly recognizes” cyberspace as a domain for warfare and operations that Canada must grapple with, the document read.
Speaking at a conference of defence experts hosted by the Canadian Global Affairs Institute on Tuesday [May 10], Anand singled out cyberattacks as one of several pressing national security threats…
Since 2016, NATO has recognized cyberspace as a domain of operations in which the alliance must defend itself just as effectively as it does on land, at sea and in the air.
But Russia’s war in Ukraine has given new urgency to allied co-operation in cyberspace, with western governments having issued repeated warnings this year about the threat of Russian state-sponsored cyberattacks.
“It may not be as upfront as some of the other military operations, but absolutely, cyber is a part of this conflict and in fact, all conflicts,” said Stephanie Carvin, a former CSIS analyst who now teaches at Carleton University.
The department’s playbook notes that Canada’s allies are increasingly calling for operational co-operation, including as part of missions that would include “robust cyber responses [emphasis added].”
In particular, the playbook highlights the U.S. concept of “deterrence through resilience,” noting that it has seen “a major thrust within Canada” and could be reflected in Canada’s cyber priorities.
“Basically, it means being able to deny actors access because of good cybersecurity practices,” Carvin explained. “But also, if they are able to get in, to ensure that we have a quick response, that government systems or private sector systems can come back online quickly.”..
Carvin also noted that the Department of National Defence’s playbook mirrors another concept that has been promoted by Canada’s allies, particularly the U.S.
“I’m thinking of the concept of ‘defending forward’: the idea that you need to take a more aggressive stance in cyberspace,” Carvin said. “Not necessarily for offensive purposes, but for defensive purposes — perhaps to preempt any kind of threat that may be coming to your country [emphasis added, see this post on “defending forward” in the bigger NORAD context: “NORAD Chief Wants Defence (of what sort?) “Left of Launch” Focus, Russian Cruise Missiles (air- and sub-launched) Big Threat“].”
Just last month, western governments warned that Russia might ramp up its malicious cyber activity against critical infrastructure in response to sanctions imposed on Russia for its invasion of Ukraine.
It wasn’t the first such warning. In January of this year, Canada’s cyber defence agency urged those tasked with defending the country’s critical infrastructure to be on guard against Russian state-sponsored cyberattacks.
According to the defence department’s playbook, the need to better gather, use and share intelligence extends beyond the federal government and should engage industry, internet service providers and academia. That’s been a priority for the Communications Security Establishment – Canada’s main cyber defence and espionage agency, which also reports to Anand – particularly during the global pandemic.
Similarly, industry representatives have recently called on the federal government to make it easier for businesses to report cyber incidents — possibly through so-called safe harbour legislation, which would shield businesses that report a cyber breach from legal liability provided certain conditions are met.
Read more: Cyber defence agency gets significant boost in Liberals’ Budget 2022
Last month, the Canadian government published the country’s position on cyber warfare and international law. The document hints at what Canada is willing to do in both cyber espionage and warfare, but also when the government would consider a cyberattack to violate Canadian sovereignty.
“The scope, scale, impact or severity of disruption caused, including the disruption of economic and societal activities, essential services, inherently governmental functions, public order or public safety must be assessed to determine whether a violation of the territorial sovereignty of the affected state has taken place,” the document read.
In plain language, Carvin said, “not every action that crosses or affects a state is a violation” of sovereignty.
“So probing a system may not constitute a violation of state sovereignty, even if the action might be considered illegal,” Carvin said.
“If, for example, another country sent a spy to collect the same information, only in person, Canada’s state sovereignty wouldn’t be violated, but the action would be illegal – something like breaking and entering.”..
[DND spokesperson Jessica Lamirande wrote in a statement to Global News that] “Though we cannot release any further information on actual or alleged cyber operations, our Cyber Force is well positioned to plan and conduct cyber operations to defend military systems and infrastructure, and deliver effects outside of Canada, as authorized, in support of Canadian interests abroad.”..
Cyber Operator
Non-Commissioned Member | Full Time
Overview
Cyber Operators conduct defensive cyber operations, and when required and where feasible, active cyber operations [emphasis added]. They liaise and work collaboratively with other government departments and agencies, as well as with Canada’s allies to enhance the Department of National Defence (DND) and the Canadian Armed Forces (CAF) ability to provide a secure cyber environment. They monitor CAF communication networks to detect and respond to unauthorized network access attempts and provide cyber support to meet the operational requirements of the Navy, Army, Air Force, and joint enablers.
A Cyber Operator has the following responsibilities:
*Collect, process and analyze network data
*Identify network vulnerabilities
*Manage a computer network environment
*Conduct defensive and active cyber operations [emphasis added]
*Apply security and communications knowledge in the field of information technology…
And a 2016 post–it seems progress is being made but I believe that comparatively we spend a lot less on cybersecurity etc. matters than the US, UK or Australia (typical, eh?):
Mark Collins 3Ds Blog 