DCITS Opening Remarks: Standing Senate Committee on Transport and Communications
Good morning, Mr. Chair and Members of the Committee. My name is Scott Jones and I am the Assistant Deputy Minister of IT Security, with the Communications Security Establishment. I am accompanied by Mr. Richard Pierson, Director General of Cyber Defence. It is our pleasure to appear before you today, as you undertake your study on the regulatory and technical issues related to the deployment of connected and automated vehicles.
The rise of the next generation of vehicles, with increased wireless connectivity and automated driving capabilities, is fast approaching. As such, it is timely and important that we consider the regulatory and technical issues surrounding their deployment.
As you have heard from other witnesses, the convergence of these technologies has the potential to provide many economic and social benefits for Canada and Canadians, from improving the movement of goods and services to road safety. At the same time, it risks exposing us and making us more vulnerable to cyber threats from nation-states, criminals, terrorists and hackers seeking to exploit those same technologies. The motivations of these cyber actors vary widely from financial gain, to creating havoc, to just doing it because they can.
As the head of IT Security for the government’s lead technical cyber agency, my goal this morning is to highlight the critical role that cyber security plays in keeping Canada and Canadians safe from cyber threats. Since this is my first time appearing before this Committee, allow me to begin by taking a few moments to clarify who we are, what we do and how we do it.
CSE is one of Canada’s key security and intelligence organizations. Our mandate and authorities are defined in the National Defence Act, and we report to the Minister of National Defence. Our mandate is comprised of three parts. The first part of our mandate, Part A, involves the collection of foreign intelligence in accordance with Government of Canada intelligence priorities. The second part of our mandate, Part B, involves providing advice, guidance and services to help ensure the protection of electronic information and of information infrastructures of importance to the Government of Canada. That’s the work I lead at CSE. And finally, the third part of our mandate, Part C, is the provision of technical and operational assistance to federal law enforcement and security agencies in the performance of their lawful duties.
With respect to cybersecurity, we use our cyber and technical expertise to actively defend federal government systems and to identify, prepare for, and respond to sophisticated cyber threats. We also work to support the private sector, including critical infrastructure operators, by sharing cyber threat information, advanced tools and mitigation advice.
As our networks converge and as more and more of our daily lives become dependent on connectivity, we can expect cyber threats to become more acute and impactful. Connected and automated vehicles will no doubt be an attractive target to many threat actors, making them especially vulnerable to theft and breaches. In this dynamic cyber-threat environment, cyber security is critical.
We believe that training and education is the key to enhancing cyber security. To this end, we have developed the Top 10 IT Security Actions to help reduce the threat surface and vulnerabilities for the government – and beyond. They are listed on our website along with much of our advice, guidance and alerts. Recently, we have also taken steps to better educate members of the public, including launching a Twitter account, posting new content to our website and producing public videos about our cyber defence work.
That said, no single entity can combat cyber threats alone. Cyber security is the responsibility of all of us and it will take cooperation, expertise and innovation to protect the security of Canada and Canadians.
Thank you for the opportunity to participate in this study. My colleague and I will be pleased to answer any questions that you might have.