Q& A: CYBERSPACE TOP GUN TALKS STRATEGY
Chief of staff of the Cyber Task Force speaks to the media for the first time since taking the job
OTTAWA — In a secret corner of the military’s national headquarters in Ottawa is the office of Lt.- Col. Francis Castonguay. He has a crucial role — heading the task force struck three years ago to drive changes to the Canadian Armed Forces so the army, navy and air force could operate in cyberspace.
While other countries have created their own cyber- units — the Chinese are said to have a sophisticated team of military hackers and the Americans house their cyber soldiers inside the NSA — Canada is taking a different path.
“We don’t have a commander of cyber, nor do we think we necessarily need one,” Castonguay said. “We need to make some adjustments on how we manage things … but it does not mean we need to create new entities or completely transform the Canadian Forces to be effective,” he said. “We had success for all these years and I think we’re making some minor course corrections to make sure we’re getting it right.”
How long it will take to get there was one of the questions Castonguay answered in an interview with Postmedia News, the first time he had spoken to the media since coming into his job as chief of staff at the Canadian Armed Forces Cyber Task Force. Here is an edited transcript of the interview.
Q One of your first tasks was to come up with a definition of the cyber environment and what it means for the military. What is that definition? A The definition for cyber for us is slightly different than others may have used. The part that complicates things is we use the same terms, same words, but mean different things. For us, anything that moves zeros and ones — that allows us to communicate and share message or data — is part of this cyber environment. Q How is cyber- environment different from cyberspace? A It involves all the communications infrastructure, all the processors, controllers — we include the software and the data in our definition. Even the most basic military capabilities we put in the field rely on the cyber infrastructure. Whether it’s undersea cables, satellites, microwave towers, wireless networks — even our guns for the artillery use very sophisticated software and operational calculations to determine their target. As far as the ones and zeros are concerned, whether it’s an email or a phone call, the cable that carries that message is formatted the same way. The Internet protocol has become the common language of all the devices that talk to each other.
Q When you’re talking about developing skills, are there any that have been identified as needing development in the military to have a cyber- ready force?
A This is an evolving problem where the training has been ongoing. We’ve leveraged a number of opportunities. In some cases if we’re talking about a newer system, it may require training from the manufacturer — if we buy a newer aircraft that obviously has new software, you won’t have that built- in training. We have a culture where we tend to give our own training as much as we can, repackage it so it suits the personnel at the right level for the job they’re asked to do. That’s not always possible in cyber because it’s such a dynamic thing. Q Is there a discussion about offensive capabilities as well? A It’s a little bit about what our mandate is, which is force development. Whether it’s for cyber, for maritime or for land, we basically have the same process. We start looking at what we call the future security environment. This is a document that defence scientists and some good research has been put forward to look at what capabilities we need for the future. You don’t look at it from a defensive, offensive ( perspective) — it’s an academic view of doing operations. A tank can be used for defensive or offensive purposes. Our mission is to be responsive to the government’s tasks. I don’t know if there’s a lot of value in discussing is that offensive or defensive other than from a legal perspective. The rule of law is at the heart of everything we do. Because we wield so much power, we are very careful; we plan to extreme detail of how things will go and before we do anything, we make sure it’s within international law, domestic laws, the laws of the host country. Q There are no borders online. How does that legal framework apply to cyberspace where things are happening at network speed?
A That is in essence the problem we have. It is a constraint that we have and it is part of our calculus of how and when we utilize certain capabilities.
Q In the U. S., the Pentagon and defence department have entered into public- private partnerships for cybersecurity. Is the Canadian Forces considering that option?
A That is something we are looking into. There’s recognition that the leading edge of technology comes less from defence research work and more from industry. If you can conceive it today, there’s an app for that. There is always an analysis of what’s the best option if we want to upgrade: Do we buy that off- the- shelf tool or do we get someone to design something for us?
Q Canadian Forces officials told a Senate committee last year that creating a cyberready military is going to take time. When do we meet the goal?
A We have a plan. The timelines are a bit movable, as you can appreciate … On the education piece, we saw some very early wins to hit 120,000 people through online learning. … That was one aspect that moved very quickly and will be rolling out this fall. On the human resource piece … how we attract, retrain, train and utilize those people that have those skill sets is a very tough problem that will take us a number of years.