A purely defensive cyber posture is no longer sufficient. Accordingly, we will develop the capability to conduct active cyber operations focused on external threats to Canada in the context of government-authorized military missions. (Secure, Strong, Engaged, page 72)
But civilian experts warn that cyber weapons have the potential of being turned back on attackers:
It is software code and a weapon that can only be used once before it’s copied….It’s not like a grenade. You throw it. It explodes and disappears. When you use malware against someone, they can reverse engineer it.
The shift from defensive to offensive cyber development is a slippery slope, and one that Canada would do well to avoid. Besides the risk of spreading the very weapons we seek to defend against, the international community seems to be regressing into a new kind of arms race that is undermining international and domestic security.
Former Canadian Disarmament Ambassador Paul Meyer asks:
What about the effectiveness of not turning cyberspace into a battleground? Has the net benefit to Canada been assessed of promoting responsible state conduct in cyberspace through agreed restraint and confidence-building measures rather than encouraging expanded disruptive and destructive cyber operations? (Hill Times, 18 May 2016; subscription required)
With no clear rules of the road, the Trudeau government should be pushing for the establishment of a robust international legal framework to specifically govern the use of cyber weapons.
Common sense…argues for strong defenses, and the pursuit of global laws and norms to contain the military use of these technologies before they cause chaos and destruction. (Steve Coll)
Canada should focus on building a robust defensive infrastructure against cyber disruption. Otherwise, we may well end up like the United States, which spends 90% of its cyber budget on offensive programs, yet remains chronically under-prepared to defend itself against cyber attacks.
Photo credit: NATO