"On mobile devices, TikTok collects your personal data, including:
• Contact lists
• Calendar entries
• Device location
• Hard drives, including external ones"
---
RT @csiscanada
🚨As of today, the TikTok app will be removed and blocked from use on all government-issued mobile devices. 🚨

This initiative is to ensure government information systems and networks remain secure and protected. #CdnNatSec
https://twitter.com/csiscanada/status/1630598411937259521

I can now confirm that I have been invited by #NDDN
@HoCCommittees
to appear as a witness for their study on #Cybersecurity and #CyberWarfare.

I am grateful and honored for the chance to speak about
@CanadianForces
#cyberdefense.

https://ourcommons.ca/DocumentViewer/en/44-1/NDDN/meeting-49/notice #cdnpoli #cdnnatsec

So what the hell happened to the 2022 NATO Cyber Defence Workshop that Canada wanted to host? 🤔

#cdnpoli #cdnnatsec #nato #cyberdefense

The Government of Canada has given a big ol' whopping $2.7 million for additional Integrated Soldier System end-user devices for the integrated soldier system project. Coincidentally, I am writing a paper about the integrated soldier system and cyber. So let's take a look together!

So what is the Integrated Soldier System (ISS)? (https://www.canada.ca/en/department-national-defence/services/procurement/integrated-soldier-system-project.html)

In modern warfare, when the military tries to connect everything to everything, the ISS is the military's (notably the Canadian Army) effort to turn soldiers into walking sensors.

But what does this mean?

Remember the game of telephone? Where a message moves along and changes little by little until, at the very end, the message is completely different. Now imagine a similar game of telephone when soldiers attempt to communicate intelligence to an aircraft or artillery.

A key part of the ISS is sensors-to-shooters, whereby you decrease the risk of miscommunication by reducing the need to be repeated. In essence, soldiers on the ground are able to transmit targeting data directly to the "shooter." Said shooter being plane, artillery, etc

This is about improving command and control at scale. Functionally, it removes some risk of miscommunication due to limiting the times it must be repeated. However, this introduces new risks. Bad operational security, poor verification procedures/protocol, cyber threats, out of date doctrine & training, are some

How do these things affect the Canadian Armed Forces and what should the Canadian Army in particular? Stay tuned in 2023 for the article! Beyond providing connectivity to soldiers, digitally transforming begins with capabilities but starts with doctrine.

#cdnpoli #cdnnatsec #cyberdefence #canadianarmedforces #canada

The Government of Canada has given a big ol' whopping $2.7 million for additional Integrated Soldier System end-user devices for the integrated soldier system project. Coincidentally, I am writing a paper about the integrated soldier system and cyber. So let's take a look together!

So what is the Integrated Soldier System (ISS)? (https://www.canada.ca/en/department-national-defence/services/procurement/integrated-soldier-system-project.html)

In modern warfare, when the military tries to connect everything to everything, the ISS is the military's (notably the Canadian Army) effort to turn soldiers into walking sensors.

But what does this mean?

Remember the game of telephone? Where a message moves along and changes little by little until, at the very end, the message is completely different. Now imagine a similar game of telephone when soldiers attempt to communicate intelligence to an aircraft or artillery.

A key part of the ISS is sensors-to-shooters, whereby you decrease the risk of miscommunication by reducing the need to be repeated. In essence, soldiers on the ground are able to transmit targeting data directly to the "shooter." Said shooter being plane, artillery, etc

This is about improving command and control at scale. Functionally, it removes some risk of miscommunication due to limiting the times it must be repeated. However, this introduces new risks. Bad operational security, poor verification procedures/protocol, cyber threats, out of date doctrine & training, are some

How do these things affect the Canadian Armed Forces and what should the Canadian Army in particular? Stay tuned in 2023 for the article! Beyond providing connectivity to soldiers, digitally transforming begins with capabilities but starts with doctrine.

#cdnpoli #cdnnatsec #cyberdefence #canadianarmedforces #canada

A little something that flew under the radar this week. A new office in the Department of National Defence/Canadian Armed Forces called the Digital Transformation Office. This is great news!

This has been a long time coming as information management throughout the Canadian military is very ad hoc. The new Digital Transformation Office merges the Associate Deputy Minister of Data, Innovation, Analytics and the Directorate of Knowledge and Information Management all under the IM Group.

A July 2022 audit of information management in DND/CAF noted the lack of commitment and prioritization of many of these files, and consolidation and increasing responsibilities will help to address some of this.

This follows a very similar recommendation I provided earlier this year. Which, if rumors are true about a lead at PMO to help steer DND/CAF digital transformation, is the start of some much needed change.

https://www.canada.ca/en/department-national-defence/maple-leaf/defence/2022/12/message-deputy-minister-digital-transformation-office.html

#cdnpol #cdnnatsec #canada

A little something that flew under the radar this week. A new office in the Department of National Defence/Canadian Armed Forces called the Digital Transformation Office. This is great news!

This has been a long time coming as information management throughout the Canadian military is very ad hoc. The new Digital Transformation Office merges the Associate Deputy Minister of Data, Innovation, Analytics and the Directorate of Knowledge and Information Management all under the IM Group.

A July 2022 audit of information management in DND/CAF noted the lack of commitment and prioritization of many of these files, and consolidation and increasing responsibilities will help to address some of this.

This follows a very similar recommendation I provided earlier this year. Which, if rumors are true about a lead at PMO to help steer DND/CAF digital transformation, is the start of some much needed change.

https://www.canada.ca/en/department-national-defence/maple-leaf/defence/2022/12/message-deputy-minister-digital-transformation-office.html

#cdnpol #cdnnatsec #canada

Some new training in digital forensics coming to the CAF next year!

https://canadabuys.canada.ca/en/tender-opportunities/tender-notice/pw-22-01014843

#cdnnatsec

#cdnnatsec
https://therealstory.substack.com/p/national-security-in-a-post-national

While it is good that there is now a discussion of foreign interference in Canada, it risks becoming distorted and carried away. Akshay’s thread is a much needed clarification. #cdnnatsec https://twitter.com/akshay_thinks/status/1594048456049721344?s=46&t=Oi2mIBIqQ5XDjQXkaYU72g

As my first actual substantive post, I am going to delve into MIT Technology Review's newest cyber defense ratings.

It gives a complete false impression of the state of cyber defense in Canada. Certainly Canada deserves a good score because of its private sector, but the federal government's policies and current direction of cyber defense is ad hoc, shallow, and broadly lacks any coherent direction or recognition of cyberspace as a threat environment.

On paper there is a lot of good that Canada has planned, it is working towards defense cloud in the Canadian Armed Forces (CAF), but last I heard is the estimate for delivery/completion is 2030. There is a lot of reasons for this major delay, one is Canada's procurement system overall, but the other is a general misunderstanding of how to treat cyber in the procurement system and governing policies that relate to the administration of the Department of National Defence (DND)/CAF networks and how to protect them.

This is directly coming into confrontation with the United States and Canada's plans for NORAD modernization.

While consultation does occur, the divide between the information security community and the government has not been breached in Canada. There is a deep level of mistrust in the community, and continued policies by the Government of Canada which deprioritize cyber defense and cybersecurity has the dual action of demotivating operators from working in government and the military, but also broadly reduces the cyber defense of Canada.

I would be very curious which policymakers the authors of this report actually consulted with, because it highlights the pressing failure in the Government of Canada in still not understanding the problem.

Foremost, Canadian cyber policy has been the primary thing holding back progress in cyber defense and cybersecurity at the federal level in Canada. There has not been a whole-of-government approach to this because cyberspace is viewed as a tool, not as a domain that must be managed.

Word is there will soon be a new lead at the Prime Minister's Office to address digitization in the Department of National Defence. I called for a similar in my most recent CGAI article (https://www.cgai.ca/when_empty_promises_are_literally_empty_canadian_cyber_defence_policy_by_ad_hoc), but this move highlights a higher level of attention being given than I even called for, which is potentially a positive sign. I have heard some word on who it is specifically, but I am trying to not be too optimistic.

The problem with such quantitative metrics like this from MIT Tech Review is that cyber defense cannot always be gauged by the baseline. The very nature of cyber defense is that your threat model will be different from my threat model. To rely on such models gives an incredibly false assumption of what is occurring and leads to additional poor policy.

Full report found here: https://mittrinsights.s3.amazonaws.com/CDIreport.pdf

#canadianpolitics #cdnpoli #cdnnatsec #cyberdefense

RT @MercedesGlobal@twitter.com

#BREAKING Exclusive: information obtained through an intl criminal probe into encrypted comms firm Phantom Secure (used by global criminal syndicates) produced evidence that led to investigation and arrest of the RCMP's Cameron Ortis https://globalnews.ca/news/5909401/rcmp-cameron-ortis-investigation-encrypted-phone-service/ #cdnnatsec #natsec

🐦🔗: https://twitter.com/MercedesGlobal/status/1173697405105135617