ROADMAP FOR CYBERSECURITY
Liberals must ensure police have right tools, writes Pierre-Yves Bourduas.
In the fast-moving world of cybercrime, our law-enforcement agencies need to be well-equipped to better protect Canadians from the growing peril of cybercrime. — Pierre-Yves Bourduas, former RCMP deputy commissioner
The reported recent cyberattacks on the National Research Council time signal served as a reminder that the proposed review of cybersecurity by the Liberal government should be welcome news.
Three components will be considered in the review: securing government systems, partnering to secure vital cybersystems outside the federal government, and helping Canadians to be secure online. Considering that information technologies and the Internet provide criminals with innovative and highly sophisticated ways to commit a plethora of new crimes — and old crime in new ways — the government review should be broadened to determine whether or not law-enforcement agencies have the necessary tools to detect, deter, investigate and prosecute cybercriminals.
In 2014, the Canadian AntiFraud Centre received more than 14,000 complaints of cyber-related fraud for more than $45 million in reported losses. During the same year, the RCMP National Child Exploitation Co-ordination Centre received nearly 8,500 reported incidents concerning online child sexual exploitation.
These statistics only provide a partial picture of the magnitude of the problem.
Furthermore, individuals or organizations that are victimized by cyberattacks and crimes do not always report them. The fear of reporting is sometimes predicated upon loss of reputation and may create perceived vulnerabilities toward liabilities for companies that might have seen customers’ data compromised. Additionally, individuals may choose not to report a crime because of a lack of knowledge and confidence that the perpetrator who operated in the virtual world will be apprehended.
Police reporting of statistics is also problematic because it does not separate fraud by cyber vector from fraud generally, so there is a lack of statistics on reported cyberfacilitated crime rates.
Cybercrime is fluid in scope and magnitude, and public policy should require individuals and private-sector organizations to work together and openly share information on new and emerging threats. Working toward a more complete and collaborative appreciation of the scope and magnitude of cybercrime is an absolute must for lawenforcement agencies. Even with this, the timely analysis of seized digital evidence remains a problem.
A successful pilot project, the Digital Field Triage program, allowed front-line RCMP investigators in British Columbia to analyze expeditiously, on various digital devices seized as evidence. Canadian law-enforcement agencies should consider options to replicate this successful project in other parts of the country.
Last year, Canada ratified the Budapest Convention on Cybercrime, nearly 15 years after it signed the treaty. The current government intended review of cybersecurity should focus on the applicability of the convention in the Canadian context. Domestic issues such as lawful access by law-enforcement agencies of subscriber information should be revisited. Internationally, it will be important to enable Canadian law-enforcement agencies to request assistance and respond to foreign requests more rapidly.
It is clear that an increased level of reporting calls for the development of a national cybercrime centre. The e-crime committee of the Canadian Association of Chiefs of Police supports the development of such a program and has ongoing discussions with various federal and provincial partners to better co-ordinate investigations and avoid duplication of efforts. Undeniably, in the fast-moving world of cybercrime, our law-enforcement agencies need to be wellequipped to better protect Canadians from the growing peril of cybercrime.