Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/822642
14 APRIL/MAY 2017 www.vanguardcanada.com Building a flexible response requires fast access to smart people, cutting-edge technologies and a deep understanding of the nature of the problem. c cYBersecurItY must consider how they develop their own cyber warriors and the expert partners that they can call in to help keep their organi- zations, people and information safe. agile, flexible procurement is a key to effective response Fundamentally, effective cyber operations are about building a flexible response sys- tem that can adapt quickly to the changing environment. The pace of change in tech- nology and the sophistication of attacks are such that static and linear solutions quickly become outmoded. To enable agile, flexible operations, the procurement process must move at the same speed as the cyber environment. Building a flexible response requires fast access to smart people, cutting-edge tech- nologies and a deep understanding of the nature of the problem. Smart procure- ment enables this flexibility and also deliv- ers capability cost effectively. Quantum computing and artificial intelli- gence are just two examples of cutting edge technologies that were science fiction until recently. Given the heavy demand for these technologies, securing access to the skills needed to maintain effective cyber capacity requires a commitment to investing in in- novation and constant evolution. As a result, related contracts and pur- chase agreements must avoid institution- alizing inflexible solutions that cannot be evolved. For example, the UK Ministry of Defence has one major agile procurement contract (CySAFA) that enables rapid evo- lution of services to meet the ever-chang- ing cyber threat. Robust, yet nimble governance provides sufficient contractual flexibility to enable in- novation. This enables organizations to take suitable risk and leverage expert partners. Industry will be ready to respond when there is a well-developed, understood and defined outcome, and all stakeholders share the risks and rewards. This will mean a transition away from "body-shopping'" procurement models which provide a compliant resource at the lowest rate, but don't allow industry to nurture and grow talent from within. Key tenants for a team approach There is no single provider, government department or commercial organization that can handle it all. Integration, trans- parency and aligned objectives are critical to making the team approach successful. Partnerships between government and in- dustry also must be created and nurtured with the understanding that the partners are in it for the long term. As stated above, enabling flexible re- sponse relies on several critical factors: • Cyber needs smart people. There is a global skills shortage of qualified cyber talent. Hence, you need to be able to access skills wherever they exist, creat- ing partnerships with industry and aca- demia, and structuring procurement to encourage sourcing collaboration, espe- cially when there is a surge of immediate requirements. • Innovation is essential. As adversaries innovate, so too defensive capabilities must adapt or even pre-empt. Access to innovators is the challenge, demanding that national capabilities access the lat- est thinking in academia, solutions from start-ups and agile integration and ser- vice delivery from industry partners. • Understanding the cyber landscape is imperative. This requires taking a global perspective, linking approaches used across friendly nations and corporations, and using threat intelligence gained from shared day-to-day observations of criminal and nation-state attackers. • Programs must align to priorities. It would be impossible to build a solution that immediately protects all of Canada's key information assets, including de- fence. All initiatives should start by pro- tecting core assets and then grow out to encompass peripheral organisations. As deployed and remote assets often prove to be the most challenging, the most effective approach is one that rolls out protection as needed to provide a quick return on early investment, and enables long-term protection as the programme becomes established. the power of partnership The most effective approach to cyber de- fence will require the combined strengths of both industry and government, along with a commitment to create a structure that allows all parties to work collabora- tively and transparently. When we achieve this, the collateral effects will be highly positive. In supporting the defence mission to- gether, we will grow talent and overall ca- pacity in Canada, support innovation that can be appropriately leveraged into com- mercial environments here and abroad, and reinforce that Canadian industry and defence are working collectively to create a safe and secure place to do business. As the VP of Global Cyber Security at CGI, John is responsible for CGI's global security portfolio and overall cyber strategy, which involves CGI's 1400+ security profession- als around the world. John leads the design and negotiation of large security opportuni- ties across the global organization, building and fostering client relationships through consistent excellence in delivery. With over 22 years of experience in the British and Canadian forces prior to joining the private sector, John is a qualified Intelligence Of- ficer, hUMINT operator, hostage/Crisis Negotiator, has served as aircrew flying he- licopters in the Royal Navy, and spent six years working with Canadian Special forc- es. John is a member of the Department of foreign Affairs ICT Advisory Board, is CGI's advisor to the Canadian Council for Chief Executives Cyber Security Advisory Council and is a member of the CATA Cyber Council.