Yesterday our friends at the Canadian Electricity Association (CEA) sent out a questionnaire regarding the government’s role in electricity, including “cyber security”. I’m pleased to reply with the Green Party position:
Enhancing Security Against Cyber Attacks
i) How would your Government provide leadership on cyber security?
A Green government would focus on cyber security from three perspectives: critical infrastructure, business, and personal.
We will immediately create a panel of experts to review the existing monitoring and evaluation of critical infrastructure.
We will review the business impact in a post-Snowden world regarding the trust of our businesses, as well as ensuring best practices are available to all business owners. There should also be a security testing tool available for business owners; one of our candidates wrote the first free web-based port scanning tool on the internet.
We will amend PIPEDA, allowing the Privacy Commissioner to proactively investigate an organization if a warrant was obtained based on evidence, since the current complaint-only driven system is ineffective. The reasonable standard for storage on portable devices should include public key encryption, where the private key is not stored on the device in question.
The Green Party would immediately begin to dismantle the surveillance culture created by the Liberals at the turn of the century, and escalated by the Conservatives in recent years. Canadians should not be surveilled without a warrant. We would ask for a third-party analysis of what could be done to protect and maintain Canadian Internet Sovereignty, to ensure that Canadians can securely communicate online without interception by foreign governments as the default procedure. Right now, the Communications Security Establishment (CSE) is casting a wide net for collection that knowingly includes innocent Canadians. Steps must be put into place to resolve this.
CSIS and CSE need proper oversight, by a parliamentary committee similar to our five eyes peers, as well as by the Privacy Commissioner. This oversight should be financed to a satisfactory level to achieve their basic mandate of oversight.
There are missed economic opportunities by not having secure data centres and enforced privacy laws in Canada. The Green Party envisions a Canada where the global digital community chooses Canada to store their sensitive data, and we have the infrastructure and trust in place to handle this.
A Green government will encourage the integration of digital identity, privacy, and security in the school system.
A data breach must be reviewed by an independent third party who will notify the Privacy Commissioner of the severity. When it has been discovered how a data breach occurred, measures will be put in place to ensure that type of attack can never happen again.
ii) Some countries have established specific targets for spending on cyber security and cyber defense for both government agencies and critical infrastructure. What actions would your government take to ensure that critical infrastructure owners and operators are investing sufficiently to protect critical cyber assets?
In order to ensure critical infrastructure owners and operators are sufficiently protecting critical assets, there needs to be regular testing by different independent third parties in the form of evaluation, vulnerability assessments, and penetration tests. These should be taken by competing third parties. Incentives, or bug bounties, should be paid to security auditors based on severity, at the expense of the critical infrastructure owners and operators .
iii) Given that cyber threats are on the rise, and that hackers attack around the clock, what is your plan for the Canadian Cyber Incident Response Centre (CCIRC), the agency charged with helping critical infrastructure and keeping Canadian cyber safe?
We would like an immediate review of CCIRC to evaluate their performance to date to understand its effectiveness. The Harper Conservatives have failed in their mandate to keep Canadians informed about security vulnerabilities affecting their businesses.
Kris Constable is an international data security expert, and is running against candidates Blair Lockhart (Conservative) and Joyce Murray (Liberal), whose parties were both strong proponents of Bill C-51, which the majority of Canadians were opposed to because of its violations of Canadian rights and freedoms. Joyce Murray was the lead advocate for Bill C-51 for the Liberal Party.
Download the position Green Party Cyber Security – Oct 14 2015 [DOC]