Canadian and U.S. military equipment vulnerable to cyberattacks, top officials say

OTTAWA — Canada and the United States are working together to make their high-tech military equipment less hackable, top defence officials said in Ottawa Thursday, but they have a lot of work to do.

Speaking to the Ottawa Conference on Security and Defence, Ellen Lord, the U.S. undersecretary of defence for acquisition and sustainment, suggested American military officials have long made excuses for not addressing the vulnerabilities in their equipment.

“That is no longer acceptable,” Lord said. “We are going to start shutting equipment down if they are not brought up to standards because every day we see the intel, we see how much has been compromised in what we do.”

Lord’s comments follow a growing recognition about the extent to which cyberattacks threaten not only targets such as computer networks, but all manner of devices — including fighter jets and warships — in an increasingly connected world.

An audit by the U.S. Defense Department’s inspector general in 2018 found those vulnerabilities extended to American nuclear-missile facilities.

Lord and Troy Crosby, who oversees military procurement at Canada’s Department of National Defence and also spoke at the conference, said officials in both countries are seized with protecting new military equipment from potential attacks.

“We have a variety of organizations now that are looking at cyberassurance,” Crosby told The Canadian Press in an interview. “We certainly don’t want to be acquiring new capability with issues.”

While he also insisted the government would not ignore potential weaknesses or vulnerabilities identified in existing equipment, Crosby could not say whether Canada has conducted a detailed audit in the same way as the U.S. has.

Crosby nonetheless insisted officials are “constantly assessing threats and risks to the organization from whatever angle, whether it’s cyber or otherwise. So I think people are paying attention.”

Lord said while U.S. assessments found officials had been lax in applying cybersecurity requirements for military equipment in the past, she said it will no longer be acceptable to trade such requirements in favour of cost or schedule savings or better performance.

“There is an absolute requirement,” she said.

The threat posed by cyberattacks figured prominently during the two-day defence conference, with numerous Canadian military officers and outside experts specifically flagging Russia and China as North America’s top cyberadversaries.

“Cybersecurity is the area that has moved the fastest and changed the most in the two-and-a-half years that I’ve had this job,” Lord said.

“The bottom line is I don’t think the average American citizen understands that we are at cyberwar every day. And it is problematic not only in the area of defence, but our entire nationwide infrastructure and everything we do.”

— Lee Berthiaume

This report by The Canadian Press was first published March 5, 2020.

News from © Canadian Press Enterprises Inc. 2020