Canada-United States: Binational Cybersecurity for a More Resilient Today and Sustainable Future
Canada and the U.S. have been allies for over 150 years, enjoying a close and broad relationship not only geographically, sharing the world’s longest international border, but also across many policy priorities, from defense and security to trade and workforce development.
The collaboration between the two countries, which is critical for global resilience and sustainability, is evidenced through bilateral trade of CAD 2.7 billion / USD 2 billion a day, as well as joint membership in the North Atlantic Treaty Organization (NATO) alliance, and partnership in the North American Aerospace Defense Command (NORAD), the world’s only binational military command, among other examples. Furthermore, The Roadmap for a Renewed U.S.-Canada Partnership was announced in 2021 to deepen the two countries’ binational economic and environmental collaboration.
These precedents have served both countries well. But they may not extend far enough to ensure the continued security of our respective nations in the highly connected and converged world we inhabit today. President Joe Biden's upcoming visit to Canada, to meet with Prime Minister Justin Trudeau on March 23, will be an important opportunity to expand on binational cybersecurity efforts.
Redefining Binational Resilience and Sustainability
Increasingly, the world we live in today and are building for future generations, runs on technology. The Internet of Things (IoT) is a leading example of how this technology has positively transformed the way we live and work, posing limitless opportunity for social, economic, and environmental development. However, amid technology innovation, we are also faced with exponential growth in the number and severity of threats to national security coming from cyberspace, which unlike traditional territories, has no borders. As the technology landscape continues to evolve — from clusters of siloed IoT devices to a more interconnected environment — these threats will continue to multiply.
Canada’s National Cyber Security Strategy, published in 2018, recognizes that embracing digital technologies subjects that nation to new threats, and that maintaining a resilient and prosperous Canada relies on strong, nimble, and comprehensive cybersecurity. The new U.S. National Cybersecurity Strategy, released this month, focuses on securing the digital ecosystem to reap the full benefits of it, and underlines the criticality of cyberdefense to America’s security, public safety, and economic prosperity. Meanwhile, the Roadmap for a Renewed U.S.-Canada Partnership highlights a binational agenda to strengthen cybersecurity and protect critical infrastructure, particularly in the energy sector.
However, while these important actions and commitments represent significant milestones, they may be insufficient to ensure Canada-U.S. binational security in today’s rapidly evolving digital world. We must do more.
Building on Binational Cybersecurity Efforts
In addition to the work that has already been undertaken and identified, there are key steps that Canada and the U.S. can take to continue to shape and strengthen their collaborative cybersecurity strategies:
- Expand NORAD’s mission: Aerospace systems provide many potential entry points for cyber attackers, and that threat surface is growing. Given the extent of the technology in space and how dependent NORAD is on it — for providing connectivity, high-accuracy positioning, and more — NORAD must expand its mission to include emerging cybersecurity threats both in and beyond earth’s atmosphere (including those posed by adversarial infrastructure and interception activities) to ensure comprehensive national defense. This is even more important when you consider that, as well as supporting NORAD’s mission, space capabilities have become the backbone of our supply chain, banking and financial systems, power grids, transportation infrastructure, and other IoT environments.
- Joint Defense of Critical Infrastructure: Whether it takes the form of investments in new high-technology borders like the Gordie Howe International Bridge between Ontario and Michigan, or the development of energy supply chains, critical infrastructure will be increasingly targeted by cyber threat actors. It is imperative that Canada and the U.S. jointly defend critical infrastructure from cyberattacks and, as part of that collaborative mission, consider a broader definition of joint critical infrastructure beyond just the energy sector, to include areas such as transportation, telecommunications, and financial services.
- Friend-shoring for a resilient software supply chain: Software is at the forefront of technology innovation across the IoT ecosystem, which means it is now as critical to protecting a nation’s supply chain as physical goods, if not more. The U.S.-Canada Partnership Roadmap and U.S.-Canada Supply Chains Working Group already address supply chains in the context of hardware production, including semiconductors. That partnership should be expanded to include assuring that the software supply chain is equally resilient.
- Collaboration on cybersecurity research and development: Protecting a nation from cyber threats is a feat that cannot be achieved by any single nation or organization acting in isolation. To help enable robust cybersecurity, Canada and the U.S. must invest in binational cybersecurity research and development. The two countries are well positioned to collaborate on research initiatives, particularly within academia, where such investments would present an additional benefit of STEM talent development. With over 3 million unfilled cybersecurity roles expected by 2025, the front line of cyberdefense will be grossly understaffed without a continued and significant investment in cybersecurity talent. BlackBerry is, for example, collaborating with the Canadian and U.S. governments, and universities in each country respectively, on 5G security innovation and talent development. Combining and expanding such efforts and investments could deliver a greater, shared return.
- Partnerships with industry: Partnerships between the government and industry are also crucial to the success of binational security. The cyberthreats we face are increasingly complex and expanding rapidly, making cybersecurity technology and tools indispensable for preventing cyberattacks and automating cyberdefense. Furthermore, industry (particularly large enterprises who share the responsibility for cybersecurity with governments) must be required by Canada and the U.S. to build cybersecurity capabilities into their products, as opposed to omitting it from product designs so that it must be “bolted-on” later. Canada’s Communications Security Establishment and the U.S. Cybersecurity & Infrastructure Agency (CISA) could facilitate such binational industry collaboration, and include companies of all sizes to foster secure technology innovation.
- Cross-border technology interoperability: During an active cybersecurity threat or attack, Canada and the U.S. must be able to rely on seamless and resilient communications with one another. Adopting robust shared communications technologies, which can be counted on during a binational event, is key to resiliency. BlackBerry® AtHoc®, BBM® Enterprise (BBMe), BlackBerry® UEM, and Cylance® AI security solutions are examples of such tools. AtHoc has been adopted by both US and Canadian governments for critical event communications and response. The solution could also be connected across the two governments, uniting first responders, the public, and other stakeholders, for a singular coordinated response. BBMe is a secure messaging solution that has been proven to remain protected and online when email and other such communication tools are taken offline, such as during a cyberattack or network outage, and it can be integrated with AtHoc. BlackBerry UEM is used throughout the public and private sectors to provide secure, always-on, access to enterprise data on mobile devices. In addition, it was recently used to prevent access to TikTok on both Canadian and U.S. government-issued mobiles, in response to security and privacy concerns. Cylance is an artificial intelligence (AI) based cybersecurity platform that provides automated protection against advanced cyber threats, regardless of whether a system is online or offline.
Achieving a Resilient and Secure Converged World
Canada and the U.S. rank in the top 10 among nations for their commitment to cybersecurity, according to the Global Cybersecurity Index, an initiative led by the United Nation’s International Telecommunication Union (ITU). BlackBerry commends Canada and the U.S. on the strength of their relationship, and on their work to date in ensuring the security and prosperity of both countries. Nations are stronger when working in collaboration with like-minded allies and partners.
With the world at an inflection point in so many ways, including in the race to foster technology innovation and in the expansion of the threat landscape with cyberspace, we encourage Canada and the U.S. to broaden their focus and investments in binational cybersecurity, to help ensure a more resilient world today, and a sustainable future. A report from the Canadian Security Intelligence Service (CSIS) emphasizes the clear and urgent need to improve the cybersecurity posture of the increasingly connected IoT, and it recommends that allied nations partner to identify and address the risks posed by the growth in connectivity. With IoT technologies increasingly embedded in “smart city” infrastructure, new exploit opportunities are emerging for adversaries, reinforcing how the scope of the battlefield continues to evolve.
BlackBerry is proud to be a trusted partner of both the Canadian and U.S. governments, spanning IoT innovation, and next-generation cybersecurity solutions and intelligence. As the convergence of IoT and cybersecurity accelerates, we look forward to continuing our longstanding relationships with Canada and the U.S. Convergence is critical to enabling a resilient and sustainable world, as the significant value of the IoT is harnessed to deliver benefits to society, while protecting national security. Achieving those outcomes requires the collaboration of allied partners, across geographical borders and across the boundaries between public and private sectors.