OTTAWA – Canada and the United States need a new cyber defence program – like their joint Norad air defence – to prevent hackers from hobbling their economies, says the former head of the U.S. National Security Agency.
Retired general Keith Alexander told The Canadian Press that the two countries need a joint system to prevent cyberattacks and he said it should be modelled on Norad, the shared Canada-U.S. military alliance that protects North America’s airspace from incoming missile attacks.
The Liberal government’s main plan for spurring growth is to encourage investment and innovation in new and emerging technologies, including artificial intelligence.
But all of the potential gains of that initiative are at risk of being stolen and undermined by hackers, Alexander said.
“The things that you guys invent – don’t lose them,” Alexander warned in an interview Thursday at the large CANSEC military industry trade show, where he was a keynote speaker.
Alexander said threats from Russia, China, North Korea and Iran need to be mitigated.
“How do we take that off the table? It’s by creating a better defensive architecture in getting countries to work together.”
Alexander was the head of the NSA when contractor Edward Snowden blew the whistle on its phone surveillance program and he has also briefed U.S. President Donald Trump on cybersecurity.
Establishing a joint cyber command on the scale of Norad will pose formidable challenges in both countries, he said.
“Our governments were built in the industrial age, not the information age. Now you’re looking at: how do you organize in the information age, to leverage and protect ourselves?” he said.
“The decision-makers really don’t understand the technology we’re talking about. It’s not something that they grew up with.”
Norad was established at the height of the Cold War between the West and the Soviet Union in the late 1950s.
Now, Russian-U.S. tensions have reached new heights with accusations from U.S. intelligence agencies that Russia hacked Democratic party emails to help Trump win the presidency.
Trump has rejected allegations that his campaign collaborated in any way with Russia, calling them a “witch hunt.”
In the face of the swirling allegations and uncertainty, Alexander said Trump should be given the benefit of the doubt.
“We have this great democratic principle: innocent until proven guilty,” he said.
All incoming U.S. presidents have had to reach out to Russia and that includes Trump, he said.
“The question is: were people trying to do the right thing and maybe took a misstep?”
Russian President Vladimir Putin said Thursday that there has never been any state-level hacking by his government, but he said that didn’t rule out some individual “patriotic” hackers carrying out attacks.
Alexander said it is crucial for private-sector companies to partner with government to share data on hacker threats in real time in order to prevent them.
He suggested the 2014 cyberattack on the American bank JPMorgan Chase that compromised an estimated 80 million accounts could have been prevented through co-operation with other banks, which were unsuccessfully hacked.
That’s because those banks had data on the threats embedded in the logs of their firewalls and sharing it would not have not compromised their commercial competitive advantage, he said.
The energy and transportation sectors should also be partnering with governments to do a better job of detecting breaches from hackers who constantly scan networks looking for breaches, he said.
“They’re not competing to defend themselves. They wouldn’t compete if there were terrorists on the street. They would defend, as they should.”