Cybersecurity: decisive action needed by government

Published On: November 2019Categories: CSPC 2019 Panels & Speakers, EditorialsTags:

Author(s):

Dr. Uwe Glässer

Simon Fraser University, BC

Professor of Computing Science

Dr. Uwe Glässer

Cyberattacks are increasing in frequency, severity and sophistication. Is Canada well-positioned in this arena and ready to take on the growing cybersecurity challenges? After two trips to Israel on official cyber missions, visiting leading academic institutions and commercial organizations driving cybersecurity innovation globally, I feel we are too far behind in the Canadian context.

Canada is oblivious to both the security challenges and economic opportunities arising from cyberspace. There may be growing awareness recently that we need well-orchestrated initiatives to catch up—but progress is slow in light of the scale of the problem. Is it too little, too late? Do we really need to experience a catastrophic event before something changes?

Security breaches routinely compromise the protection of sensitive data and information. Personal identities are exposed, intellectual property is siphoned and financial assets are jeopardized in ways that potentially ruin lives and businesses. Even more troublesome is that advanced attacks can go unnoticed for extended periods of time, maximizing their impact by leaking huge quantities of data.

In other cases, ransomware attacks have caused entire city administrations like Baltimore, Maryland and critical hospital operations (three hospitals in Alabama and seven in Australia) to come to a grinding halt. The results include mounting damages in the hundreds of billions of dollars and an erosion of trust in conducting business and collaboration online.

Things can get a lot worse when attacks target the control systems commonly used for the continuous operation of our critical infrastructure. Electric power grids, public water utilities and smart transportation networks routinely rely on supervisory control, with increasing integration of computation, networking and physical processes. Automation enhances cost efficiency, the quality of service delivery and the safe operation of critical assets. Yet, increasing reliance on automation also increases our vulnerability to multiple attacks from advanced persistent threats—typically states or state-sponsored organizations—and amplifies the risk of cascading effects that can cause complete service disruption.

While there may be growing political will, the prevailing reality in the business world is that cybersecurity is considered something to “bolt on” to a new product or service after-the-fact, rather than an integral part of design and development that turns a challenge into a competitive advantage.

A particularly unsettling example is the Internet of Things (IoT). With the Fourth Industrial Revolution just around the corner, one can expect another significant increase in cyberattacks as billions of devices connect to smart homes and smart cities. IoT is a playground for hackers where they capitalize on Internet-connected, remotely controlled devices—or botnets—to launch distributed denial-of-service attacks, send spam and steal data. The highly competitive IoT market has seen exponential growth rates for years, but security is not a feature many customers pay extra for. The result is a flood of new devices without adequate protection against misuse.

Cybersecurity Ventures estimates the global damage from cybercrime and cyber terrorism could be a staggering six trillion USD by 2021. This dire prospect is triggering enormous investments in information and computer security. The expected economic opportunities for the Canadian market arising from cybersecurity seem to easily justify and finance decisive federal investment into programs that protect Canadians and our economy.

Canada is one of the most connected countries in the world. Our security and prosperity depends vitally on a safe and secure cyberspace, especially when facing a cyber threat landscape that will only get worse. Continuing to build the equivalent of interconnected paper houses when an onslaught of lit “cyber” arrows are coming our way is no longer an option.

Decisive action is needed now. Boosting the development and future growth of a thriving cybersecurity ecosystem needs to be driven by innovation in education, science and technology, successful start-ups, and international collaborations with global leaders. It is only if the government takes action that Canada can hope to play a role in this booming market.