Earlier this month, I announced a few long-term projects that are presently in development. More on these projects will come in February. For now, another new undertaking for Canadian Cyber in Context is the Monthly Rewire. The monthly rewired will cover 5-10 news stories or events that are important to Canadian cyber defence.
To kick off the new year, the United States National Institute of Standards and Technology (NIST) released the final report on Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations.
So what? Why does a document from the United States’ standardization authority affect Canada? The reality is that Canada and Canadian industry rely upon NIST’s activities perhaps just as much as the Standards Council of Canada, in no small part due to the cooperation between the two and the integration of the US and Canadian economies.
The growth of AI/ML for productive use means it will increasingly be used for malicious purposes. Understanding this and mitigating the ability of threat actors to respond is important to protect Canadians. The more that it is integrated into regular business operations, it increasingly presents a threat environment that can be taken advantage
The Embassy of Canada helped organize a two-day conference in Makati City, Philippines, with the Stratbase Institute, a Phillippines-based think tank, on “Fortifying Cyber Cooperation Towards Digital Security.” Canada’s Indo-Pacific Strategy released in 2023 details a multi-pronged approach to renew and increase Canada’s engagement in the Indo-Pacific. Part of this strategy includes cooperation for cyber security.
Canada’s Ambassador to the Philippines David Hartman and Canadian Centre for Cyber Security Head Sami Khoury both made appearances, in addition to a range of other Canadian officials. (I am currently trying to determine who all
In addition to the conference, defence officials also took time to sign a Memorandum of Understanding (MoU) with the Philippines for defence cooperation.
When we consider this MoU with the Philippines’ Secretary of National Defense comments that the military is working to improve cybersecurity, Canada might be looking at the Philippines as one of the first countries to begin its greater cybersecurity collaboration. However, I have to question the CAF’s ability to do so versus CSE’s.
There were three major changes in the information management leadership of the Government of Canada
Raj Thuppal has already left the Department of National Defence. Thuppal was the ADM and Chief Information Officer at the Department of National Defence. Thuppal started officially in April 2023 and was in the job for less than a year, and is now the Executive Vice President of Shared Services Canada. As far as I know they do not yet have a replacement.
This is arguably the worst time to be without a CIO as the CAF is undergoing massive digital transformation at the moment. This again shows just how little policy support there is for CAF digital and cyber.”
“Catherine Luelo, former Chief Information Officer of Canada, Treasury Board of Canada Secretariat, becomes Senior Official at the Privy Council Office, effective January 15, 2024. In this capacity, she will advise the Clerk of the Privy Council on digital transformation and information technology sector talent management. Efforts are underway to identify the next Chief Information Officer.”
Dominic Rochon is the new Chief Information Office of Canada effective February 12, 2024.
The Canadian Armed Forces held a symposium on Pan-Domain Command and Control. Pan-domain is the CAF’s developing concept of data-powered command and control. In this way, pan-domain can be understood as the Canadian approach to combined joint all-domain command and control (CJADC2). This operating concept will have major implications for how the CAF fights and operates.
Initial concepts are incredibly strong, but they are currently receiving feedback to inform the full concept that will be released later this year.
On 18 January, the Toronto Star reported that the city of Toronto was moving to upgrade and consolidate its city-wide networks under a single organization to oversee the city’s cybersecurity. This decision comes after the Toronto Zoo and Toronto Public Library were both hit with ransomware, with the criminals demanding millions as ransom.
This effort by Toronto is going to be the direction more cities take as its networks are increasingly targeted. While large cities like Toronto are likely to have a relatively easy time doing so, small towns are likely to face greater difficulty due to cost, knowledge, and access.
On 26 January, NORAD announced that the Canadian Air Defence Sector (CADS) successfully carried out a demonstration of cloud-based command and control (CBC2). CADS, based out of 22 Wing/Canadian Forces Base North Bay (Ontario). CBC2 has many purposes, but the basic to understand is that under pan-domain and JADC2, data has supremacy. Data is used for targeting, command, intelligence, and much more. By incorporating AI/ML, they are able to process incoming data to better inform decision making.
NORAD’s Eastern Air Defence Sector stood up similar CBC2 last year.
On 30 January, CBC news reported that Global Affairs Canada is responding to a major “data security breach” following “malicious cyber activity.” Amid some high level incident disclosures over the past year, there is nothing yet to indicate if this breach is related to any of those or this is something new. Canada and Global Affairs Canada rarely release details of the incident.
A few years ago, Global Affairs Canada responded to a ransomware attack on the organization.
on 31 January, it was reported that Canada’s Minister for Innovation, Science and Industry François-Phillippe Champagne and the United Kingdom’s Technology Secretary Michelle Donelan signed a MoU collaborate on computer power needed to advance AI research and development.
This agreement is a big win for both countries as AI compute power is something not often discussed yet, but will be an increasing issue as AI/ML requires greater compute power. This will directly lead to a secondary market in the AI/ML to reduce the compute power needed to run models or to specifically provide compute power for AI/ML.