Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/1283033
www.vanguardcanada.com AUGUST/SEPTEMBER 2020 25 CYBER H owever, this only explicitly speaks to new procurement, while the need to develop protection for existing cyber-assets should also produce an immediate call to action to assess all assets. Unfortunately, the docu- ment appears silent on the protection of legacy systems currently in place and the potential threat to them for a number of reasons. Risks to Current Assets There are a number of risks associated with the apparent omission of the protec- tion of legacy systems, namely: • Potential attack surfaces are already in place in the form of flaws in existing software and hardware assets currently deployed. Many of these systems are well beyond their anticipated lifetime and remain critical parts of our military's capacity. Cyberattacks on these systems should be carefully assessed and appro- priate changes made either to the exist- ing asset, or better, by replacing it with a current, state-of-the-art version. • Maintenance of these legacy systems will likely require software alterations that may open new attack surfaces either embedded in the alterations themselves or because of unanticipated interac- tions between the original software and the update. Legacy heterogeneous sys- tems are notoriously difficult to protect from unanticipated attacks because they may be vulnerable due to: the legacy software/hardware, the updates made to modernize the systems, or from the interaction of the old systems with the new ones. • As legacy hardware becomes more diffi- cult to procure or there emerges a desire to increase the functionality of deployed military assets, novel risks from the new technology will open up additional at- tack surfaces. For example, an IoT (In- ternet of Things) device with enhanced communication ability will bring signifi- cant advantages to an asset, but may do so at the risk of making other, older ele- ments in the asset vulnerable to cyber- attacks that it would otherwise not be exposed to. A critical risk raised in the SSE, but not ad- dressed adequately by it, is the protection of currently deployed assets and how the impact of new technology, which will be required to maintain its functionality, can best be protected from cyberattack. The real novelty in the SSE's policy goes further than the clearly mandatory need for cyberdefence on existing and new as- sets by explicitly calling for the develop- ment of "active cyber capabilities and (their) employ(ment) … against potential adversaries in support of government- authorized military missions." It is well known that some states have been devel- oping cyberattack capabilities for many years and there is also clear evidence that these attacks have been deployed in the past. However, the decision to do so as a part of an endorsed strategy of a state is significant. Cyberattacks, by their very nature, are often delivered from multiple sources and are deployed through complex and difficult-to-trace virtual modalities. A combination of network hops around the world and a co-ordinated cyberattack launch could be authorized in one part of the world but appear to come from any- where in the world. Tracing the source of the attack may be impossible to verify with complete certainty, which might make it impossible to hold the real culprit to ac- count. Current state-of-the-art forensics may be able to identify the author of mal- ware, but it is exceedingly difficult to iden- tify the precise deployment source. Thus, the technology necessary to definitively identify cyberweapon deployments does not exist and modern cyber-infrastructure does not provide sufficient traceability primitives to identify the source of cyber- weapon use with sufficient certainty. In fact, this actually "encourages" the use of these weapons because their deployer would be difficult to detect. However, there is a substantial risk of other states launching cyberattacks by routing them through Canada to make it appear as if the attacks had originated from here. Thus, before adopting a cyberattack-capacity- building strategy such as the one proposed in the SSE, Canada should develop suffi- cient checks and balances on the use of cyberweapons to ensure that an attack by another state using Canadian infrastruc- ture can be plausibly denied. This might require difficult changes to the current internet infrastructure or sufficient trans- parent overhead on the valid use of cyber- weapons that are seen as very compelling to the rest of the world. Although there are likely many other risks, the final issue raised here is related to the appropriate management of the devel- opment of cyberweapons. Unlike physical weapons, cyberweapons typically exploit