Russian programmers meddled with the U.S. presidential decision, and Prime Minister Justin Trudeau has entrusted a bureau serve with guaranteeing nothing comparable occurs in Canada – however it’s not governments who ought to be most worried about security on the web, it’s people, says Scott Jones, who is entrusted with protecting the government’s systems.
“When you look at cybercrime, it’s the huge impact that’s going to hit you and me,” said Jones, the assistant deputy minister at the Communications Security Establishment.
“And if I look at what’s the biggest threat online, it’s actually the growth of cybercrime. [It’s] the use of those tools that will undermine our confidence in this environment in general.”
If the public’s trust in the cyber world is damaged enough, Jones said, society will feel a desire to revert to behaviours predating the online world.
“If that undermines our confidence, then we move back to bricks-and-mortar shopping and a paper-based bureaucracy,” he said. “I don’t think that’s going to work.”
In essence, he said, while the security of the government’s information is pivotal, it’s not the only thing with which cybersecurity experts are concerning themselves.
“It’s about everything,” Jones said.
Forsaking privacy for ease
The security considerations individuals ought to take mirror those at the enterprise and government levels, Jones said in an interview on The West Block.
For example, the CSE has a “Top 10 Security Actions” list it published to help protect government information.
“Those are things … we can apply all the way from individual persons, citizens in the country, up to the largest enterprises like the government,” Jones said. “Those are [actions] you can take that actually make you a little bit safer online.”
Often, a person might connect networks or opt to skip a sign-in because it’s simpler or faster. “When you have the option of weakening security to make it easier, think about that,” he said.
Other tips Jones offered include uninstalling software no longer in use, updating software and ensuring operating systems are up to date.
Will Canada’s election be compromised?
On the national scale, CSE is tasked with supporting Democratic Institutions Minister Karina Gould in her new mandate to help defend the Canadian political system against cyber threats and hackers.
James said his role will helping shed light on how the government can maintain the integrity of the vote and assure Canadian elections continue to be open, transparent and free of interference.
While acknowledging there are always vulnerabilities online, Jones said Canada is “very robust” in terms of the democratic process.
“We’ve got a pretty savvy citizenry,” he said. “Really, this is about building that knowledge and not being caught unprepared.”
In terms of the big question – could what happened in the U.S. election happen in Canada? – Jones demurred.
“Well, it’s a different environment,” he said. “Cyber is a good means to get information that you could use to shape opinion, to change people’s minds … I think cyber is just a new means of doing something that’s been existing a long time.
“It’s just that it’s so much easier.”
100 million malicious attacks daily
Every day, the Communications Security Establishment blocks more than 100 million – some days more than one billion – malicious cyber “actions,” Jones said.
An “action” is not necessarily an attack, he said; an action is usually someone looking for vulnerabilities in the system, trying to poke holes and probing to see where any weaknesses might be.
Those daily occurrences come from everywhere – from states to “enthusiasts,” Jones said.
At the same time, however, CSE looks for anything within the federal cyber system capable of being exploited, such as software vulnerabilities – anything that could allow a state or individual to “open that door and get into our systems,” he said.
So while 100 million or even a billion potential attacks might seem like an enormous number, Jones said the threat only becomes big if he and his colleagues stop adapting.
“We have to be investing and paying attention to this because, as technology grows and becomes more pervasive in our lives, we’re starting to see that everything has some sort of cyber element to it,” he said.
“If we choose to ignore it and just continue to adopt technology and not think about how to secure it, and how to protect ourselves, it will become a really big problem.”