Cyberattacks on infrastructure a 'major threat,' says CSIS chief
The head of Canada's main spy agency says he views the possibility of a cyberattack by ISIS or other extremist groups on the country's "critical infrastructure" as "a major threat."
"Cyber is one of our top priorities," Michel Coulombe, director the Canadian Security Intelligence Service (CSIS) told an Ottawa news conference on Wednesday.
Coulombe was responding to questions after Britain announced it is nearly doubling funding for cyber counterterrorism amid fears ISIS is looking to target Western infrastructure such as hospitals, airports or power plants by using the internet.
He was flanked by RCMP Commissioner Bob Paulson and Ralph Goodale, Canada's newly appointed minister of public safety.
"This is an area that I'm beginning to be further briefed on by the department," Goodale told reporters, deferring to his deputy minister and CSIS.
Britain's cyber war
Britain's Chancellor of the Exchequer George Osborne visited the U.K.'s electronic spy agency, GCHQ, on Tuesday to announce £1.9 billion ($3.6 billion) in new funding.
It's to develop tools to defend against cyberattacks, but also to facilitate offensive operations over the internet against extremist threats.
"The stakes could hardly be higher," Osborne told his spy audience. "If our electricity supply, or our air traffic control, or our hospitals were successfully attacked online, the impact could be measured not just in terms of economic damage but of lives lost.
"They have not been able to use it to kill people yet by attacking our infrastructure through cyberattack," Osborne said. "They do not yet have that capability. But we know they want it, and are doing their best to build it."
ISIS hacking capabilities
The Paris attack has been widely recognized as a failure by the world's surveillance agencies for not detecting any advance chatter or plotting. That lack of detection is also a testament to the growing sophistication of ISIS.
"The fact they've been able to conduct pretty sophisticated terrorist operations tells me that they have the ability to fly quote unquote 'under the radar,'" said Amos Guiora, a law professor and counterterrorism specialist at the University of Utah.
"The fact that they're able to do this successfully tells me that their cyber capabilities are very significant," he told CBC News. Guiora is the author of an upcoming book on law and policy around cyberterrorism.
Guiora could not identify any instances of ISIS attacks launched exclusively over the internet, but says ISIS has attracted legions of young, technically savvy adherents.
"ISIS has two ways of doing it. One, people who are signed up to ISIS. And [two] perhaps people who are going to be paid a lot of money by ISIS to bring their talents to ISIS. I mean money is not a problem for these guys. Neither is their desire, their capability and their reach.
Canada's electronic spy agency has been building a global system of sensors to monitor wide swaths of internet traffic to try to defend Canadian internet space.
Documents leaked by U.S. security whistleblower Edward Snowden reveal that Canada's Communications Security Establishment (CSE) has also been developing tools to fight back, including cyberweapons to disrupt online chat groups, shut down websites and even destroy computer networks.
But according to numerous observers, there are still major gaps in Canada's cyber-security strategy when it comes to protecting vital infrastructure. that is connected to the internet.
"I think it is true that area is relatively poorly defended," cautions David Skillicorn a computer studies professor at Queen's University and the Royal Military College in Kingtson, Ont.
He notes the federal government, CSE and industry are working to fix problems, but warns that vulnerabilities remain.
"Many of those things that you would think would run on separate systems are actually connected to the internet," Skillicorn told CBC News.
"Pipelines, power supplies, water treatment and things of that sort. We have had one example of a pipeline in Turkey that appears to have been exploded by remote control, by some kind of hack. So anyone who runs a pipeline is worried about things like that."
Public Safety Canada does lead the Canadian Cyber Incident Response Centre to help co-ordinate and share advice and intelligence in the event of major cyberattacks and breaches.
However, Skillicorn and numerous other observers outside of government said Canada is behind.
"It's certain that we are not where we want to be or where we should be," Skillicorn said.