Ottawa assessing risk of hacks in 2019
Review of cybersecurity will focus on disinformation, as in France, U.S. elections
OTTAWA— The Communications Security Establishment has begun a promised review into the risks of foreign interference in the 2019 election, the Star has learned.
CSE, Canada’s signals intelligence and cyberdefence agency, is conducting a “risk assessment” into how vulnerable Canadian elections are to foreign hacking and information operations.
The timeline for the review, and its eventual public release, appears to have been largely left up to the spy agency.
The review was ordered by the Liberal government in February as the scope of Russian meddling in the 2016 U.S. presidential election was being made public by U.S. intelligence agencies.
“CSE has been asked to provide a threat assessment of the cyber threat environment as it relates to the Canadian democratic process, including the electoral system,” wrote Ryan Foreman, a spokesperson for CSE, in a statement Wednesday.
“CSE will also provide Elections Canada and Canada’s political parties with advice and best practices on cybersecurity to help ensure the integrity of the Canadian democratic process and electoral system.”
The review is unlikely to focus on the security of the actual vote, which still relies on pens and paper rather than electronic voting. The greater risk is likely the kind of information — and disinformation — campaigns seen in the U.S. and the recent French presidential election.
In both countries, Russian-backed hackers have been accused of releasing damaging information about candidates in support of rivals friendlier to the Kremlin.
U.S. intelligence officials have publicly asserted that the information campaign was an explicit attempt to discredit Hillary Clinton and support President Donald Trump.
In France, newly-elected President Emmanuel Macron’s team told the New York Times they experienced similar hacking attempts — but set up dummy email accounts with fake documents to confuse the hackers. A cache of nine gigabytes worth of Macron’s team’s documents, with mundane authentic documents mixed in with the fakes, did not prevent Macron from handily winning Sunday’s election.
Sources in Ottawa told the Star they want to address the issue before the country is in the midst of a general election.
To do that, CSE will need buy-in from political parties typically very protective of their internal communications and networks.
One source told the Star that Democratic Institutions Minister Karina Gould has taken a personal interest in the file and has been discussing the issue with both cabinet colleagues and the other major parties.
In a statement Wednesday, Gould simply said the government is taking the threat seriously.
“CSE is currently assessing the risks of cyber hacking to Canada’s political parties and will report publicly,” read a statement attributed to Gould. “The assessment will help guide further actions we will consider to address the cyber threats facing Canada’s democratic process.”
Seva Gunitsky, a political science professor at the University of Toronto, said it will be difficult to combat “microtargeted” information campaigns from Kremlin-friendly sources.
“How do we actually counter these kinds of attacks? . . . It’s very difficult to put up any kind of credible defence,” Gunitsky said in an interview Thursday.
“There’s no easy answer that I can see. But that said, we’re really in the very early stages (of sophisticated information campaigns) . . . 2011, the protests against (Russian President Vladimir) Putin were a big turning point. That’s when the Russian government realized they cannot just resist against social media but co-opt social media for their own purposes.”
Neither Gould’s office nor CSE could say when the agency’s report will be released to the public. But with the clock ticking down to the 2019 election, it likely has to come sooner rather than later.