Canada and the U.S. have been allies for over 150 years, enjoying a close and broad relationship not only geographically, sharing the world’s longest international border, but also across many policy priorities, from defense and security to trade and workforce development. The collaboration between the two countries is critical for global resilience and sustainability, to which cybersecurity is increasingly key.
President Joe Biden’s upcoming visit to Canada to meet with Prime Minister Justin Trudeau on March 23 will be an important opportunity to expand on binational cybersecurity efforts.
As the technology landscape continues to evolve — from clusters of siloed IoT devices to a more interconnected environment — cyber threats will continue to multiply.
Canada’s National Cyber Security Strategy, published in 2018, recognizes that embracing digital technologies subjects that nation to new threats, and that maintaining a resilient and prosperous Canada relies on strong, nimble, and comprehensive cybersecurity.The new U.S. National Cybersecurity Strategy, released this month, focuses on securing the digital ecosystem to reap the full benefits of it, and underlines the criticality of cyberdefense to America’s security, public safety, and economic prosperity.
Meanwhile, the Roadmap for a Renewed U.S.-Canada Partnership highlights a binational agenda to strengthen cybersecurity and protect critical infrastructure, particularly in the energy sector. While these important actions and commitments represent significant milestones, they may be insufficient to ensure Canada-U.S. binational security in today’s rapidly evolving digital world.
Next steps for binational resilience
In addition to the work that has already been undertaken and identified, there are key steps that Canada and the U.S. can take to continue to shape and strengthen their collaborative cybersecurity strategies:
Expand NORAD’s mission: Aerospace systems provide many potential entry points for cyber attackers, and that threat surface is growing. Given the extent of the technology in space and how dependent NORAD is on it — for providing connectivity, high-accuracy positioning, and more — NORAD must expand its mission to include emerging cybersecurity threats both in and beyond earth’s atmosphere (including those posed by adversarial infrastructure and interception activities) to ensure comprehensive national defense. This is even more important when you consider that, as well as supporting NORAD’s mission, space capabilities have become the backbone of our supply chain, banking and financial systems, power grids, transportation infrastructure, and other IoT environments.
Joint Defense of Critical Infrastructure: Whether it takes the form of investments in new high-technology borders like the Gordie Howe International Bridge between Ontario and Michigan, or the development of energy supply chains, critical infrastructure will be increasingly targeted by cyber threat actors. It is imperative that Canada and the U.S. jointly defend critical infrastructure from cyberattacks and, as part of that collaborative mission, consider a broader definition of joint critical infrastructure beyond just the energy sector, to include areas such as transportation, telecommunications, and financial services.
Friend-shoring for a resilient software supply chain: Software is at the forefront of technology innovation across the IoT ecosystem, which means it is now as critical to protecting a nation’s supply chain as physical goods, if not more. The U.S.-Canada Partnership Roadmap and U.S.-Canada Supply Chains Working Group already address supply chains in the context of hardware production, including semiconductors. That partnership should be expanded to include assuring that the software supply chain is equally resilient.
Collaboration on cybersecurity research and development: Protecting a nation from cyber threats is a feat that cannot be achieved by any single nation or organization acting in isolation. To help enable robust cybersecurity, Canada and the U.S. must invest in binational cybersecurity research and development. The two countries are well positioned to collaborate on research initiatives, particularly within academia, where such investments would present an additional benefit of STEM talent development. With over 3 million unfilled cybersecurity roles expected by 2025, the front line of cyberdefense will be grossly understaffed without a continued and significant investment in cybersecurity talent.
Partnerships with industry: Partnerships between the government and industry are also crucial to the success of binational security. The cyberthreats we face are increasingly complex and expanding rapidly, making cybersecurity technology and tools indispensable for preventing cyberattacks and automating cyberdefense. Furthermore, industry (particularly large enterprises who share the responsibility for cybersecurity with governments) must be required by Canada and the U.S. to build cybersecurity capabilities into their products, as opposed to omitting it from product designs so that it must be “bolted-on” later. Canada’s Communications Security Establishment and the U.S. Cybersecurity & Infrastructure Agency could facilitate such binational industry collaboration, and include companies of all sizes to foster secure technology innovation.
Cross-border technology interoperability: During an active cybersecurity threat or attack, Canada and the U.S. must be able to rely on seamless and resilient communications with one another. Adopting robust shared communications technologies that can be counted on during a binational event is key to resiliency.
The convergence of IoT and cybersecurity is critical to enabling a resilient and sustainable world, as the significant value of the IoT is harnessed to deliver benefits to society, while protecting national security. Achieving those outcomes requires the collaboration of allied partners, across geographical borders and across the boundaries between public and private sectors.
Neelam Sandhu is Senior Vice President Sustainability and Chief Elite Customer Success Officer at BlackBerry, a Canadian supplier of cybersecurity products and services to businesses and governments.
Have an opinion?
This article is an Op-Ed and the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email C4ISRNET and Federal Times Senior Managing Editor Cary O’Reilly.