Cyber-threat is real and 'potentially devastating,' former CSIS spy warns

The Canadian Press
Associated Press

OTTAWA - A recently retired spy says a cyber-attack on key infrastructure such as the power grid could be "potentially devastating" for Canada.

Ray Boisvert, former assistant director of the Canadian Security Intelligence Service, has told a security conference an attack could mean malfunctioning cash machines, no gas at the pumps and empty store shelves.

But he says companies and governments are only now beginning to face the threat from rogue states bent on doing damage or stealing secrets.

Boisvert, now a private consultant, pointed to a list of "worrisome" countries including China, Russia, North Korea and Iran.

Boisvert, who left CSIS about six months ago, says some in the line of fire are wilfully blind to the cyber-problem because it's so complex and often there is no immediate pain when a computer network is breached.

The federal auditor general recently found the government had been slow to mount an effective response to the rapidly growing threat of cyber-attacks on crucial systems.

Michael Ferguson said the government had made only limited progress in shoring up computer networks and had lagged in building partnerships with other players.

There must be better links between government and business to share information and intelligence on cyber-threats, said Boisvert.

Governments should adopt methods now applied by businesses, such as banks, which have invested time and resources in better security, he said.

Revamped laws, diplomatic efforts and possibly military action to strike back against the more serious threats will also be necessary, Boisvert added. But money will be needed most of all.

"There are a number of solutions to help combat the whole cyber-threat," he said.

"But rest assured they will be expensive, they're complicated and they'll take continuous reinvestment of capital and attention from both governments and private sector (players) to eradicate the problem — or at least be able to counter it effectively."

In his report, the auditor general pointed out the federal cyber-incident response centre doesn't even operate around the clock.

Public Safety Minister Vic Toews quickly acknowledged that cyber-threats were not considered a priority until recently.