OTTAWA – As Ottawa studies national security implications of allowing Chinese tech giant Huawei to equip Canada’s next-generation 5G telecommunication networks, two U.S. intelligence and cyber security experts told parliamentarians Wednesday that the risk is real.
“I understand in principle why, particularly for government networks that you’d want all of your telecom equipment made by your own country or by your own ally,” said Christopher Porter, chief intelligence strategist for cybersecurity firm FireEye Inc.
A former Central Intelligence Agency cyber threat analyst, Porter was testifying at Public Safetey and National Defence committee along with Jonathan Reiber who previously worked for the Pentagon as it assembled a “cyber-mission force” of more than 6000 hackers for counter cyber-insurgency and cyber-warfare.
Reiber, head of strategy for cyber security firm Illumio “wouldn’t speak to Huawei specifically.”
On securing a nation against hostile cyber actors, Reiber said that, “for certain elements, say a national security community or public safety community, I think it’s perfectly reasonable to say ‘now we’re going to manufacture a certain amount of chips (hardware) on our own.’”
In November of last year the United States asked allies to ban Huawei’s 5G hardware technology from their domestic telecommunication networks. Austrailia and New Zealand have since agreed – both are part of the Five Eyes surveillance network that includes the U.S., UK and Canada. Britain may also abandon its 5G telecom deal with the Chinese company – like Canada it is studying the matter and no decision is expected until April or May.
On ferreting out suspect equipment already in circulation, as well as preventing additional hardware from entering the field, Reiber said it’s possible but only on a limited scale. “I don’t think you could possibly do so in any kind of global way across sectors, across an entire economy. I do think you could do it in certain sub-sectors.”
Under a cloud of diplomatic tensions between China and Canada over our arrest of Huawei executive Meng Wanzhou, facing extradition to the U.S. for alleged violations of American sanctions on Iran, Porter told MPs that Canada remains a prefered cyber espionage target. Already, domestic institutions have fallen under cyber attack by Iran, China and Russia, Porter said.
“Government, defence, high-tech, non-profit, energy, telecommunications and media have all been impacted much like they have in many western countries,” he noted.
Reiber’s testimony also offered a chilling window into the future of cyber crime and cyber warfare that could escalate into military confrontation, even noting that some in the previous U.S. administration believed Russian cyber-meddling in the 2016 election constituted grounds for a military response.
“I would say the Russian attack on the 2016 presidential election, looked at historically, certainly qualified as an instance where a counter offensive action by the military would have been warranted,” Reiber said. “And there are others from the Obama administration that would’ve said the same thing.”
Porter told the committee that in his FireEye experience, some 95 per cent cyber attacks on Canadian targets were aimed largely at private sector interests, primarily at financial institutions and that beyond regulating cyber security standards for Canadian industry he would “put a great emphasis on diplomacy.”
“This foreign (cyber) threat is to get back at Canada for something we did,” he said.
However, Porter warned of more “destructive attacks aimed at permanently disabling financial services or altering data in ways that undermine trust in the global financial system.”