The Canadian government is now openly discussing the possibility of making cyberweapons part of its official national defense strategy, a move that could have serious and unforeseeable consequences for not only Canada but also other nations, according to a research paper.
The government’s possible intent was revealed in a recent white paper, entitled “Strong, Secure, and Engaged” (SSE), which discussed working toward a “more assertive posture in the cyber domain by hardening our defenses, and by conducting active cyber operations against potential adversaries in the context of government authorized military missions” with an explicit commitment to developing cyberattack capabilities.
“Without good answers to the difficult questions this new direction could raise, the country could be headed down a very precarious path,” wrote Ken Barker, Ph.D., a professor of computer science at the University of Calgary, in the paper published by the university’s School of Public Policy.
In the paper, Barker acknowledged the “unique benefits” of cyberweapons: “Since they tend to be far less costly to deploy than kinetic weapons — such as missiles, bombs and guns — they can level the playing field between richer, stronger states and weaker, poorer ones,” he writes.
While several countries possess the power to unleash warfare through cyberweapons, Barker notes a seeming reluctance to use such weapons in place of missiles or bombs. “Furthermore, in those cases where cyberweapons appear to have been used by state actors, no state has accepted responsibility for using them,” Barker writes.
However, threats and accusations have escalated this year. “The Kremlin warned … that reported American hacking into Russia’s electric power grid could escalate into a cyberwar with the United States,” the New York Times reported in a story this June.
Energy power grids have turned into “an international battlefield.” In response to Russian accusations, “American intelligence agencies say that in fact, Russia is a major source of cybercrime and state-directed intrusion into American systems. Investigators have reported that Russian intelligence tried to gain access to American voting systems before the 2016 election, and in some cases succeeded.”
In his paper, Barker explored the consequences of a cyberattack, such as these weapons impacting targets that were not intended by the attacker. “For instance, when a virus-like computer weapon is unleashed on the Internet to exploit vulnerabilities in certain system software in a target country, there is a real possibility that the virus could also infect and damage computer systems inside the attacker’s own country that use the same software, or even infect the software of allies who use the software.”
In one terrifying scenario, launching a cyberweapon to disable an enemy’s supply-chain computer systems could accidentally infecting its nuclear systems, setting off a nuclear incident. Barker writes, “It might even rise to the level of a war crime.”
Barker makes an argument that the Canadian government is playing with fire simply by publishing a white paper on the nation’s possible direction.
“The mere act of announcing someday that we are developing cyberweaponry (which, to be clear, Canada has not done) will already carry risk, suddenly making Canada suspect in future unattributed attacks, and perhaps enticing other countries to disguise their attacks by routing them through Canada,” Barker warns.
The full study, “Cyberattack: What Goes Around, Comes Around: Risks of a Cyberattack Strategy,” can be accessed here.