Like beauty, a covert security threat is often defined through the eye of the beholder. As such, it’s probably time to modernize what we consider as threats, and recognize that traditional statesponsored ‘espionage’, wherein military or political secrets are acquired, no longer uniquely defines the issue.
 

That’s not to say this traditional model no longer exists; Jeffrey Delisle taking cash to scoop up the badly protected naval plans of Canada and our allies for the Russians is undeniable proof of that reality. The same thing is true of the remarkable coincidence in similarity of design between the newly revealed Chinese fighter jets and their ­gazillion dollar US-developed counterparts. Hack and Steal is clearly China’s version of Research and Development when it comes to military equipment development.

Canada can expect these foreign state-led efforts to obtain confidential security-related government information to continue and even increase from both Russia and China as the global geopolitical situation remains in flux. Add to this, the interests of both of these countries in the newly relevant Arctic domain (or the North China Sea as the Chicoms like to call it) where they will clearly gain a strategic advantage if they know our plans, our deployments and our vulnerabilities.

What has changed, however, is the breadth of information that is now being sought, why it is viewed as being of importance, and who is seeking it. Additionally, the covert security threat to Western nations like Canada now includes more than learning about government plans, it includes influencing them and in some cases domestically subverting them from within.

Consider first the types of information that are being targeted by espionage and outright theft. Revelations of intellectual property theft from companies based in the U.S. or Canada (or both) have become a common occurrence which, although it usually gets prosecuted, seems to be shrugged off as a strategic security issue. When you’re dealing with a country like China, which deliberately creates and uses de facto stage agents dressed up as ‘state owned enterprises’, that’s not a good idea. Perceived increased corporate profit is not a substitute for public security.

Compounding the intellectual property and data theft issue is the total cyber dependence that now exists. This has created unprecedented security vulnerabilities which we are only just beginning to acknowledge. By working to dominate the cyber market so that they build, or are implanted into, the very systems they will use to steal what they want, our adversaries are several steps ahead.

Change your password as often as you want; it’s not a solution.

China has, of course, taken things even further by setting up a spidery network of dual country ‘business associations’ within Western countries, including Canada, whose purpose is to provide cover for the activities of state agents as they pursue the self interested goals of the Motherland. They also understand that, for us, signing a treaty with supposed obligations is a big deal which they happily sign onto with no intention whatsoever of restricting their actions as a result. They also understand that having achieved the ‘success’ of concluding such an agreement, like the recent Foreign Investment Promotion and Protection Agreement, the last thing a career-focused Canadian bureaucrat or self-promoting politician wants to hear about is the fact that the Chinese are violating its terms.

This internal ‘look the other way’ approach has a long history when it comes to Canada’s dealings with China. Arguably it began in the mid 90s with the suppression of the joint RCMP-CSIS Sidewinder Report which uncovered and reported on Chinese espionage, organized crime and corruption activities within Canada. That self imposed myopia was largely lifted ­several years ago when then CSIS Director Richard Fadden spoke bluntly… and publicly… about the Chinese espionage and security threat to Canada. Coming to grips with this is an ongoing challenge, but understanding why China acts as it does will help us appreciate both how and where they do it.

We are also now aware, thanks largely to Wikileaks and Edward Snowden, that our friend and ally to the south also likes to listen in on conversations, or acquire supposedly secret information from its friends and allies. While this snooping may lack the hostility or malevolence of other state actors, it is a fact of life that needs to be appreciated and dealt with to the best of our abilities. Ironically, one of the consequences of these revelations is to largely deprive the U.S. of the ‘white horse’ from which it accurately leveled cyber spying/hacking accusations against state actors like China and Russia.

The final piece in the changed covert security world is the presence of non state actors who use increasingly sophisticated techniques to achieve their goals. These groups include the nose-ringed ‘we know best’ issue activists as well as anarchist ‘hacktivists’ intent on causing havoc just to prove they can.

Of even greater concern are the purposeful ideological actors in pursuit of  subversion from within an Islamist agenda. For Islamists abroad, acquiring tactical opportunities by hacking critical infrastructure is an ordained mission. For those already here, the objectives include influencing government policies and operations through infiltration and deception, and trying to segregate the Islamic population away from the secular, rule of law, tolerant and integrated society that is Canada. Once again, understanding and acknowledging the security threat motivation will help inform the awareness of how it is being carried out.

The security threat environment is not static and, as such, our proactive and preventive counter measures must also be informed, targeted and adaptive. Anything less will not get the job done.

___
FrontLine Advisor Scott Newark is a former Alberta Crown Prosecutor who has also served as Executive Officer to the Canadian Police Association and a Security Policy Advisor to the Governments of Ontario and Canada.
© FrontLine Security 2014