OTTAWA, June 14, 2010 — The links between the United States and Canada are so strong that a cyber attack on one would be felt within milliseconds by the other, and both countries must work together to improve cybersecurity, the deputy defense secretary said here today.
During an interview following a speech to the Conference of Defence Associations, William J. Lynn III said there is an urgency in both nations to take on the cybersecurity challenge.
The United States and Canada are linked together in every way from military to infrastructure to economics. U.S. banks operate in Canada, and Canadian banks operate in America. Ford has auto plants in Canada, and Bombardier Inc. has U.S. plants. The Canadian and U.S. telecommunications sectors are so intertwined they couldn’t possibly be separated, and power from Canadian plants at Niagara Falls ensure New York City and much of the Eastern seaboard remains lighted. And Canadian and U.S. servicemembers man the North American Aerospace Defense Command to protect the continent.
All rely on information technology, and all possibly can be targets for rogue nations, terrorists or criminal groups, Lynn noted.
“A critical part of how we improve is working together with our allies,” the deputy secretary said. “We started with our closest allies – we’ve talked to the UK and Australia and Canada – and we will build out to a larger NATO audience as we work through this. But both geography and the closeness of the alliance with Canada, makes Canada a particularly important partner as we tackle these threats.”
Lynn met with Deputy Minister of National Defense Robert Fonberg and National Security Advisor Marie-Lucie Morin today. Accompanied by the U.S. Ambassador to Canada David Jacobson, Lynn said he had a good reception about defense developments and cybersecurity in particular.
The leaders discussed ways to increase partnership against the cyber threat. “I think it’s more a high-level exchange of experts right now,” Lynn said. “We need a better understanding of the policy issues. We already have a good technological exchange based on the signals intelligence sharing agreements.”
The United States and Canada need to work inside their own governments and with other nations to define the international norms that apply.
“The laws of war are frankly imperfect when you address cybersecurity,” Lynn said. “How do you adapt them? How do you have appropriate constraints and rules and processes that people can agree on?”
He pointed to the theory of deterrence in the cyberworld. Before a country can deter an enemy, it has to know who is launching the attack.
“In the nuclear arena … there were certain things that you had that you don’t have in the cyberworld. One is attribution,” he said. “Missiles come with a return address. You know who launched it.”
But in cyberspace it is often difficult to identify the attacker, and even when it can be done, it may take months, Lynn said.
Similarly, there is a lot of gray areas in exactly what constitutes an attack in this realm.
“In the nuclear world it was pretty clear,” he said. “In the cyber area, if they are stealing data, is that an attack? What if they shut down certain websites, is that an attack? You get to loss of life and huge economic damage – that people would agree [it’s an attack].
“And then what about countering?” he continued. “If you are not sure it’s an attack and you can’t attribute it, who do you go after?”
Most people are focused on high-end threats from nation states, but a moderately resourced terrorist group or criminal gang can develop and launch a pretty devastating cyber attack, Lynn said.
“Deterrence works if the other side has something to lose,” he said. “These groups may not have anything.”
The United States will continue these discussions with its closest allies and then roll them right into NATO.
“We’re looking to have mutually supportive approaches,” Lynn said. “How integrated that would need to be is something we need to define. In NATO’s new strategic concept, cyber plays a vital role, and NATO will be tackling this issue as an alliance. And that’s important. We need to work our way through this.
“We really do need a collaborative, joint approach,” he continued. “It won’t do to approach these things singly and independently.”
Lynn will continue meetings with Canadian officials tomorrow.
U.S. Department of Defense
Office of the Assistant Secretary of Defense (Public Affairs)