Embedding Canadian values, including protecting the vulnerable, into cybersecurity policy could bridge a growing global chasm and create prosperity.
It feels like not a week goes by without a news report about a major corporation being hacked. Target, JP Morgan, Home Depot, Sony, Hilton Hotels, Equifax and Uber are some of the most well-known companies that have made headlines for having their critical systems penetrated, allowing valuable customer data to end up in the hands of criminals. The magnitude of the threat and the scale of the potential damage in this field are rarely overstated.
Canada’s most notable cases were in our public sector, where foreign actors breached the digital defences of the Ontario transportation agency Metrolinx and the National Research Council. Large Canadian firms seem to have avoided major hacks, or maybe just the scathing news reports about them. Regardless, Canadians have been and continue to be victimized. Fifty-five percent of Canadian small businesses polled by Ipsos in 2017 stated they either were hacked or suspect they may have been.
It’s no wonder that Gartner, a leading research and advisory firm, estimates that US$86.4 billion was spent worldwide on cybersecurity products and services in 2017 and believes that number will increase to US$93 billion in 2018.
It also shouldn’t come as a surprise that both governments and the private sector, working hand in hand in leading innovation nations like the US, Israel and the Netherlands, are prioritizing support for cybersecurity industries through coordinated strategies. These include applied research and development, educational programs and training (including curriculum geared toward students in elementary school), procurement schemes that enable cross-sector co-development and providing patient growth capital.
Their logic is multidimensional: on the defensive side, the need to protect domestic industries and critical public and private data and infrastructure is enough to justify these investments. However, it’s the export opportunity in this nascent, high-margin, intellectual-property-heavy industry that creates the high-paying employment that shrewd business and political leaders are looking forward to.
For the Canadian government, prioritizing cybersecurity in the 2018 budget was an obvious choice. A 2017 report by the International Telecommunication Union, a UN agency, found that Canada ranked behind countries with significantly lower GDPs, like Malaysia and Oman, in its cybersecurity readiness. Canada scored low even though we got high marks for having a national cybersecurity plan dating back to 2010. While the investment of half a billion dollars in the coming years is a good start, focus is going to be required if these investments are to be impactful.
On the bright side, we’re not starting from scratch. Canada has a growing cybersecurity industry. The Cybersecurity 500, a global ranking of companies providing innovative solutions and services, listed 13 Canadian companies in 2017. Dozens more Canadian cybersecurity firms are at early stages, developing everything from tools that leverage quantum computing to secure networks, to the next generation of user authentication approaches.
Both our governments and our large traditional industries are expressing more interest in pursuing a collaborative approach, similar to what seems to be working elsewhere. While this is an encouraging sign, focusing on areas where Canada can have uncontested market space globally will be key if our companies are to succeed in this highly competitive industry.
One advantage that we can develop may be counterintuitive to those who think cybersecurity is simply a matter of technological capabilities protecting data and financial assets. Technology at its best is the manifestation of human advancement while preserving or enhancing the best of society’s values. Bringing Canada’s fundamental values to the centre of our cybersecurity investments and development could bridge a growing global chasm while protecting vulnerable populations and creating prosperity for generations to come.
In the United States, a number of the large platform technology companies have introduced what they suggest is impenetrable, end-to-end encryption on both their software and hardware, and they are locating some of their cloud data centres abroad. This has only served to exacerbate American political culture’s long-standing fear of the abuse of power.
This new layer of technology has caused havoc for police agencies in the US and Canada and in fact around the world as they try to investigate the areas of crime that are growing in the digital age, such as child sexual exploitation, human trafficking, radicalization leading to terrorism, and fraud. It’s important to note that those who commit such crimes prey on vulnerable populations, like children, seniors, temporary foreign workers and those affected by mental health challenges.
On the other side of the political spectrum, many authoritarian governments and the “cybersecurity” firms they employ are developing and deploying mass surveillance technologies that put citizens’ privacy in peril. As the University of Toronto’s Munk School of Global Affairs’ groundbreaking research has shown, many of them are calling on such technologies to track political opponents, the media and civil society and using their outputs, or trumped-up findings, to justify persecution of these actors.
The world, at least the liberal-democratic parts of it, will have to come to grips with the fact that there is no unlimited right to privacy for individuals if we also value security for our society. The advent of the Internet didn’t change this axiom. Canada’s tradition of peace, order and good government and our desire to protect vulnerable populations, combined with our technical abilities in the cybersecurity sphere, could open up an important third way.
Canadians have long understood the need for this balance, especially when it comes to maintaining a secure and just society. If we take the initiative at this juncture and embed these principles both in our broad technology development strategies and in how our cybersecurity firms approach their own development, we could be at the forefront of building a strong and trustworthy industry that protects civil liberties and the vulnerable in the digital age while contributing to our long-term national prosperity.
Do you have something to say about the article you just read? Be part of the Policy Options discussion, and send in your own submission. Here is a link on how to do it. | Souhaitez-vous réagir à cet article ? Joignez-vous aux débats d’Options politiques et soumettez-nous votre texte en suivant ces directives.