Toews won't name countries that pose cybersecurity threats
Minister announces $155 million to protect internet infrastructure
Public Safety Minister Vic Toews says that some countries are more of a threat than others in terms of cyberthreats and that the government knows who they are. But he won't name them.
"We are constantly being briefed by our allies on developments in that respect. If there is a national security interest that requires the disclosure of some of those names and companies, that will be done in due course."
Toews's comments came as he announced $155 million in cybersecurity funding Wednesday morning in Ottawa.
The funding, which was included in last spring's budget, is to ensure Canada has "secure, stable and resilient" information technology infrastructure, Toews said.
But Toews wouldn't speculate about concerns regarding Chinese telecommunications company Huawei supplying high-speed networks and equipment for Canada's internet infrastructure.
When asked, Toews declined to say whether the government intended to ban Huawei from bidding on the government's internet contracts, given that the Americans have blocked the Chinese tech giant over worry about cyberspying.
Toews said he had no intention of discussing specific corporations, adding that the Americans can make their own decisions and he will make decisions in the best interests of Canada.
Asked if he shared U.S. Defence Secretary Leon Panetta's fear of a "cyber Pearl Harbor," Toews replied he did not know whether Panetta was overstating the issue or not.
"Cybersecurity is something that every developed nation had to be worried about, given the nature of technology and the rapid change of technology."
Cybersecurity expert David Skillicorn of Queen's University noted the kind of language employed by Panetta shows how seriously the U.S. views the possibility of a devastating cyberattack.
"There's a lack of awareness in the Canadian context about how serious a problem this is, even after the hacks of government departments a year and a bit ago, and even after the Nortel gutting. I think people are prepared to believe that the U.S. might be hit by some large-scale cyber event, but they don't see why Canada would be included in that. And I think the Americans are nervous because everything in Canada tends to be connected to everything in the U.S., so they see it as a northern vulnerability."
Skillicorn also questioned how far $155 million can be stretched. The numbers announced in the U.S. and the U.K. are much larger than this number, he said. "They have many, many zeros after them, they're in the multi-billions."
Opposition NDP Leader Tom Mulcair accused the government of evasion, saying, "They're not providing us with any objective information that would permit us to judge the situation."
Interim Liberal Leader Bob Rae said that the government should be more transparent." If the government says, 'Here are the agencies around the world that are posing a threat, a risk' … then we should name names." But, he added, "I don't think it [cyberspying] is confined to any one country. I think it's a much broader problem than that."
Toews emphasized the $90 million over five years the government has already spent on cybersecurity, as well as the $18 million announced in October 2010. He added that Canada has signed on to the U.S.-based Stop Think Connect campaign, which educates the public about the hazards of cyberhacking.
Some of the new money announced will be spent, in part, on increasing the capabilities of the Canadian Cyber Incident Response Centre (CCRIC), which helps ensure the security and resilience of non-government cybersystems.
The minister also urged Canadians to consider the security of their own activities online and to visit the government's website getcybersafe.ca.
Recent cases have highlighted the need to improve the federal government's electronic infrastructure in order to better protect sensitive databases and other information.
Public Safety Canada has declared October "Cyber Security Awareness Month" and launched a public awareness campaign for internet security issues.