Article content

As an American cybersecurity researcher who keeps a close eye on Canada’s digital security initiatives, I am filled with a mixture of skepticism as well as dread whenever I read about Canada’s latest funding initiatives.

Article content

It’s an old story: grand promises, large sums of money and the lingering doubt that this will result in real, effective changes or if ultimately we end up with a Justin Trudeau ice sculpture instead of robust digital defences Canada so desperately needs.

Let’s begin with recent reports that the Canadian government is increasing its cybersecurity efforts.

They’re throwing a lot of money at the problem. They acknowledge that cyber threats are on a rise and that Canada’s existing defences are as solid as a paper leaf in a storm. The big question is, will this money make a difference or is it merely political posturing?

Microsoft’s news website paints a rosy image of Canada’s cybersecurity companies, which are allegedly poised to save all of us with the magic of AI. These young, innovative tech companies are our knights in shining armour. They are working on solutions to protect our data from cybercriminals. It’s a nice thought, but I’m a little sceptical about how this will all turn out.

Article content

Article content

Let’s start with the elephant in the living room: government expenditures. The Trudeau government is known for turning golden chances into bureaucratic nightmares. Think about the Phoenix payroll system. It was supposed streamline payments for federal workers, but instead became a national joke with thousands of employees not getting paid or overpaid. We’re now entrusting the same people to safeguard our digital frontier.

Cybersecurity is not about throwing money at a problem. It’s about hiring the right talent, and maintaining flexibility to adapt to evolving threats. We need a proactive system, not a reactive one. The agility of government agencies is not exactly a well-known trait.

Article content

There’s a lot going on in the private sector about AI-powered products. Don’t misunderstand me, AI is fascinating and has a lot of potential.

But let’s be honest, it’s not a magic bullet. AI systems need a lot of data to be trained effectively, but guess? They can be fooled. Elon Musk called for governments to regulate AI technology more closely because hackers are constantly evolving and AI can be just one step behind.

The reliance on AI also brings with it its own set of issues. AI is only good as the data and algorithms that it’s been trained on. We could end up with AI that is biased, flawed or worse, vulnerable to manipulation if we are not careful. Remember the Tay Microsoft chatbot that became a PR disaster within 24 hours? That’s what happens when artificial intelligence goes wrong. Imagine that happening in the context national cybersecurity. Cybercriminals themselves are increasingly relying on AI.

Article content

Let’s talk about startups. It’s great to see innovation and entrepreneurship flourishing in Canada, but startup companies are risky. Many startups don’t make it past their first couple of years. It’s a little like putting the entire cybersecurity of Canada in the hands of a few untested high-tech companies. What if these startups fail or their technology doesn’t deliver?

Then there is the issue of scale. Startups may have brilliant ideas but scaling them to protect a nation is a different beast. It’s easy to secure a small or large business, but protecting government infrastructure, health care systems, financial institutions and critical utilities can be a daunting task.

Article content

What are the possible consequences if the Canadian Government doesn’t get it right?

The stakes are much higher than a few embarrassing breaches of data. In the worst-case scenario we could see essential services being disrupted — imagine hospitals not being able to access patient records or financial systems failing, or power grids going black. Not to mention that the public’s trust in our institutions is already on shaky grounds. Imagine the chaos that would ensue if a cyberattack powered by AI managed to disrupt the upcoming federal elections, whether in Canada or the U.S. Consider the economic impact of a cyber heist on major banks. We’re talking billions of dollars in damage, not to mention long-term reputational damage.

Article content

Let’s not forget about privacy. Canadians are rightfully concerned about the use and protection of their personal data. If cybersecurity measures are insufficient, not only government and corporate data is at risk, but also private information. Identity theft, financial fraud, and personal data breaches are on the rise as a result from password phishing scams.

Canada must remain vigilant, even though it is encouraging to see the private and public sectors step up their cybersecurity efforts. It is important that funds are allocated wisely, and that they’re not simply spent on shiny new technologies that don’t have any limitations or risks. Canadians should demand accountability and transparency in the way these resources are spent.

As an American, I can see both the potential for success and the potential for significant mistakes. It’s time to be assertive when it comes to protecting Canada’s digital assets. The great Canadian cybersecurity push in 2024 could end up being a costly boondoggle that leaves my northern neighbours vulnerable, cold and wondering, “What happened?”

— Julio Rivera, a business and politics strategist, cybersecurity researcher and founder of RivITMedia.Com is also a political commentator, columnist and political commentator.

Article content