Cyber spying is the new face of espionage
Are Canada's secrets safe? Experts say all governments need better cyber vigilance
When many people think of espionage, the image that readily comes to mind is of the furtive spy, clad in black, taking photographs of secret dossiers with a camera disguised as a cigarette lighter. It's an image that seems quaint and dated, especially since the end of the Cold War. But the recent controversy surrounding Conservative MP Bob Dechert's flirtatious email exchanges with a Chinese journalist remind Canadians that the threat of international espionage did not vanish with the fall of the Iron Curtain.
If anything, the threat to Canadian secrets has strengthened in recent years and is something the federal government is fighting on a daily basis.
P.O.V.How safe do you feel?
Christian Leuprecht, an associate professor of political science at the Royal Military College of Canada in Kingston, says the Dechert case represents a textbook example of international espionage.
"It is an active, long-standing intelligence tradition to use journalists, because it's easy to place them on temporary assignment somewhere for a period of time," he said. Journalists ask questions, meet people, learn things. "There seems to be something more to the story than meets the eye." But although they are still used, the need for such field operatives is declining in the online age.
Leuprecht suggests that these days online espionage represents the greatest threat to Canada's security.
"Cyber espionage is probably the single greatest emerging threat because it's hard to figure out who's doing it and very hard to protect yourself against it," he said.
"[Canada does] a reasonably good job with protection. But as we recently saw, a cyber attack can take down three major departments in a matter of hours and it takes months to bring those networks back online."
Computer networks at the Treasury Board, Ministry of Finance and Defence Research and Development Canada were hacked earlier this year.
Dave Lewis, a security adviser with the SecTor security conference in Toronto and founder of the online security digest Liquidmatrix, says cyber attacks will become increasingly common because they are relatively easy to carry out but difficult to trace.
"Geography is pointless at this juncture," he said. "If someone is properly motivated, they can go after the information because it is out there.
"In the past where they might have had to go behind enemy lines, now they just pick up a computer and log on to the internet."
The targets of espionage have also changed. Lewis says the secrets that are most coveted today tend to be of an economic nature and not necessarily the state secrets that proved to be so valuable during the Cold War.
"It's more of a shift towards economic secrets as opposed to military ones — information is the new currency," he said.
This increasing threat of cyber espionage from shadowy sources is enough to make one nostalgic for the days of Igor Gouzenko, a code clerk at the Soviet Embassy in Ottawa who defected to Canada in 1945 with the identities of numerous Russian spies. Wesley Wark, a professor at the Munk School of Global Affairs at the University of Toronto, says the threat of espionage still comes from various nation states, although the federal government is always loath to mention specific countries.
"Governments tend to be fairly coy about this because if you start naming states you can find yourself in diplomatic battles," he said. "Among the names have been states like China and Russia, but from time to time you will also find some muted references to states like Iran.
"On occasion, there will be some disquiet about friendly states like Israel, who practise a fairly aggressive set of foreign intelligence operations and don't always distinguish between enemies and friends when they're on the hunt for information."
Leuprecht says one of the problems for those battling modern espionage is that it has become increasingly difficult to track down spies who ply their trade over the internet.
"The challenge with cyber espionage is that it is so hard to trace" he said. "When we do trace it back to China, the Chinese put the blame on a rogue group of hackers — they're very careful to make sure it never gets traced back to intelligence or defence sources."
Lewis, however, points out that the nature of cyber espionage does not lend itself to rigid political allegiance.
"Everyone seems to think it's Russia or China that are the players, but they've been vilified as the bogeymen," he said. "Geography is out the window when it comes to the internet."
More preparation necessary
Prior to the tenth anniversary of the Sept. 11 terror attacks, the Rideau Institute, based in Ottawa, issued a report detailing Canada's spending increases on security in the past decade, including the tripling of the budget for the Canadian Security Intelligence Service. Leuprecht said this spike in CSIS funding is indicative of the threat posed by cyber espionage.
"Cyber security is changing the whole intelligence game because it's opened every computer in the country to being vulnerable," he said. "It's not necessarily a growing problem but a rapidly changing problem and the nature of the threat posed is greater than in the past."
Wark says protecting against a cyber attack, no matter the amount of funding, is increasingly difficult because the nature of the beast is constantly changing.
"At the moment, the offence has the upper hand and the defence is scrambling to catch up." he said. "It's very difficult to satisfactorily protect even government communications systems against the kind of range of intrusions and attacks that they encounter.
"There's no state on the face of the Earth that's managed a successful defence yet."
Lewis says the challenge is exacerbated because no matter what sort of elaborate protection the federal government puts in place, it only takes one government employee to make a small mistake in order to forge a clear path for attack.
"A lot of these problems come from people just doing one wrong thing and it just has a cascade effect," he said. "You need to begin addressing proper computer conduct with people who have access to information that is sensitive.
"As long as you can attack the root problem, you can make progress."
Leuprecht says the need for increased protection is dire.
"With a targeted cyber attack, you can do anything from taking down our entire air traffic control network to taking down the electrical grid," he said. "It's the single greatest threat and we're all a target."