Security threats pose major risks to pandemic recovery, internal notes warn PM

Internal government briefing notes warn Prime Minister Justin Trudeau that economic-based national security threats — from espionage to cyberattacks — pose "significant risks" to Canada’s post-pandemic recovery, long-term prosperity and competitiveness.

The notes, obtained by The Canadian Press through the Access to Information Act, say Canada’s ability to rebound from COVID-19, and its future economic growth, lie in the development of updated legislative and regulatory regimes, new tools, technologies and business models.

The blunt assessment is included in material prepared for Trudeau immediately after the Liberal re-election victory last September and now released under the access law.

The Trudeau government served notice early last year that it was pressing ahead with efforts to counter economic-based threats to national security, such as theft of valuable intellectual property and damage to critical energy and inxjmtzywformation networks.

The internal notes point out that foreign investment and global trade are critical drivers of the Canadian economy and those of allies.

Given Canada’s population, geography, highly skilled workforce, world-leading scientific and academic institutions, and advanced economy, access to international markets and capital are critical for economic growth and recovery, the notes add.

"Ensuring Canada has a modern and comprehensive framework to counter efforts by hostile actors to exploit Canada’s economy is essential to ensuring Canada’s long-term economic prosperity and national security, including rebuilding after COVID-19."

Hostile tactics range from foreign direct investment in sensitive sectors, including critical infrastructure and emerging technology, to the theft of advanced research, the briefing notes say.

Pilfering can occur through the hacking corporate networks or the transfer of sensitive technology with military and intelligence applications.

National security concerns extend to the purchase of goods and services by all levels of government, the notes warn. For example, procurement activities can provide adversaries with access to sensitive sites or data, and products or services procured for critical infrastructure can open the door to espionage and disruption.

Canadian academic and research institutions are targeted by hostile states who leverage their nationals, including students and visiting faculty, as well as foreign talent recruitment programs and research partnerships to gain access to sensitive knowledge and research, the briefing notes add.

National security agencies have made efforts in recent years to raise awareness among potential target organizations and to provide advice on easing these threats.

The government has also issued national security guidelines for research partnerships, and the Investment Canada Act national security review guidelines were updated with the aim of increasing transparency about the kind of investments that might prompt a security review.

Public Safety Canada is examining "gaps in legislation, regulation and governance," the notes say.

The federal department is also completing a review of Canada’s cybersecurity strategy.

The committee of MPs and senators that oversees federal security policy recently highlighted blind spots in Canada’s cyberdefences that could leave many agencies vulnerable to state-sponsored hackers from China and Russia.

The National Security and Intelligence Committee of Parliamentarians said while nation states are the most highly developed threats, any player with malicious intent and sophisticated capabilities puts the government’s data and the integrity of its electronic infrastructure at risk.

The notes prepared for the prime minister warn that the cyberthreat landscape is rapidly evolving, often outpacing governments’ ability to adjust regulatory and policy frameworks.

As a result, governments are "increasingly being challenged" to both secure their networks and information holdings, manage the most pressing threats and help victims of cyberincidents.

Cybersecurity "can no longer be seen as the sole responsibility of governments," the notes caution.

Canada, in consultation with its like-minded partners, will need to continue to emphasize the need for international norms and the prevention of safe havens where cybercriminals "can operate without consequence."

"Crime facilitated by the internet is the most significant risk to economic recovery, as it can impact everyone from individual Canadians to small and large enterprises, through to municipalities and critical infrastructure systems."