Since December 2017, we’ve seen a real change in Canada’s cyber foreign policy. In the first instance, we’ve seen Canada increasingly call out the malicious activity of certain states, such as Russia, Iran, North Korea and China. Secondly, in 2018, Canada took a leading role in trying to develop mechanisms to better coordinate multilateral action on calling out this malicious activity with other like-minded states at the G7 summit. And this is very important because Canada is a middle power and we live and die by the international norms that exist. One of the big problems here is that we’re faced with what’s been called a “splinternet” — that is, there’s kind of three different approaches that are being taken by states and regions around the world. The EU, for example, takes a very highly regulated approach, whereas the United States doesn’t have very many regulations at all. And, of course, there’s China, which has a lot of regulations and, in fact, censors a lot of material online. So, Canada needs to figure out where it fits in in this space and the approach that it wants to take.
There’s great economic potential for Canadian innovators to build services in this space; however, in order for Canadians to use these services they have to know that their private information is going to be protected and that it’s safe online. In order to make this happen, ideally, you would have policies, standards and regulations put in place so that Canadians could know that their information was indeed protected. Unfortunately, the government hasn’t really legislated or regulated in this space so there’s really little to nothing for Canadians to go on and this could actually impede development in this area.
So, how does the Canadian government and the private sector move forward?
Well, I think there’s a number of steps that could be taken. In the first instance, we need agile policies that can evolve with changing technologies, and, secondly, we need robust review and oversight mechanisms that can help enhance public confidence so that Canadians feel that their information is being treated securely and appropriately.
And, finally, we need to ensure there’s a diversity of companies working in this space, for a number of reasons. If there’s a lack of competition, then there’s not a lot of incentive for companies to invest in cyber security because they don’t have to worry about their reputation. And, secondly, if these companies dominate the market in their areas, they easily become targets for cyber criminals.
In the end, for the Canadian economy and society to thrive online, we need to ensure that there are cyber policies that basically protect our security, our privacy, innovation and trust.
So, then the question becomes, are we going to be bold enough to act?