The U.S. and Canada share an extensive bilateral relationship, as reflected in the $1.8 billion a day in flow of goods and services. In regards to cybersecurity, both the U.S. and Canada have recognized the intensification of cyber threats in recent years. In the early 2000s, Canada viewed cyberattacks as a low-risk threat but today cyberattacks are regarded as high of a threat level as terrorism.
Because of the geographical proximity of the two countries, they share similar views on threat, which undoubtedly has been affected by events such as 9/11. Cybersecurity cooperation between the U.S. and Canada is fairly well developed and has increased over the years, but a capabilities gap remains along with the need for more public awareness.
Canada’s National Cybersecurity Strategy
The Government of Canada’s approach to cybersecurity includes Canada’s Cybersecurity Strategy, the Get Cyber Safe initiative, Public Safety Canada’s Cyber Incident Response Centre, the Cybersecurity Cooperation Program, and a Cybersecurity Awareness Month campaign in October.
Canada’s Cybersecurity Strategy aims to make cyberspace more secure for Canadians. This includes securing government systems, partnering to secure vital cyber systems beyond the federal government, and helping Canadians to be secure while online. These three pillars are specific initiatives that recognize the different ways in which cyberspace can pose a threat and include ways of addressing vulnerabilities.
In efforts to increase the resiliency, the strategies have targeted multiple sectors and emphasize the need for cooperation between the public-private sectors as stakeholders. The strategy also aims to reflect Canadian values including the rule of law, accountability, and privacy.
U.S.-Canada Cybersecurity Cooperation
Defense arrangements between the U.S. and Canada have integrated cybersecurity onto the agenda. Both countries recognize that the Internet lacks traditional borders and that there are mutual interests in protecting shared infrastructure. The 2010 Canada-U.S. Action Plan for Critical Infrastructure lays out initiatives to promote cooperation in strengthening the security and resiliency of critical infrastructure. This includes information sharing, developing protocols to protect sensitive information, and creating a virtual infrastructure cell for risk management tools and information.
The 2012 Cybersecurity Action Plan Between Public Safety Canada and the Department of Homeland Security outlines the enhanced cyber incident management collaboration, the joint engagement and information sharing with the private sector, and the continued cooperation on public awareness efforts. These were built on the 2011 declaration “Beyond the Border: A Vision for perimeter Security and Economic Competitiveness.” Announced in 2011, the Beyond the Border agreement outlines the framework to enhance cooperation to protect government and critical digital infrastructure. It also aimed to increase the two countries’ ability to respond to cyber incidents. The joint Action Plan followed the Canadian Get Cyber Safe campaign and the American Stop.Think.Connect. Campaign, which both promoted public awareness for safer online usage.
The U.S. and Canada have well developed cybersecurity cooperation, especially through the Five Eyes alliance. The alliance dates back to World War II and includes the U.S., United Kingdom, Canada, Australia, and New Zealand. The U.S. has fairly advanced cyber-intelligence capabilities and cooperation with the Five Eyes allows a greater volume of information. Canada’s cybersecurity landscape is fairly well developed and does resemble the guiding principles and priorities of the U.S., the United Kingdom, and Australia. This makes it more efficient when cooperating; however, a capabilities gap does exist between the U.S. and other Five Eyes partners due to the limitations to sophisticated technology. The U.S. is the most well resourced partner and with Canada’s limited sophisticated technology, Canada uses NASA capabilities including hardware, software, and personnel to manage some of the missions.
While resource sharing poses cost benefits and efficiency, it does increase the likelihood of cyberattacks spreading to partners as seen in the case of Titan Rain from 2003 to 2005. With these increased vulnerability prospects, it is increasingly important to strengthen the resiliency of all members within an alliance.
Canada is ranked highly for cybersecurity action and awareness but because these rankings are based on whether national security strategies are in place, the effectiveness of the actual cybersecurity measures is less certain unless an attack occurs. Experts point out that perhaps the most effective cybersecurity strategy would be to educate the youth and older generations about online threats to increase the effectiveness against cyberattacks, especially following the recent WannaCry incident.