Reasons for concern about the new US cybersecurity strategy

Article content

As an American, I can say that in the US we are really good at making big promises.

Article content

Just ask anyone who watched the presidential debate.

The latest example of this comes courtesy of the Cybersecurity and Infrastructure Security Agency (CISA), which has developed a plan to “align cybersecurity operational priorities” for all U.S. federal agencies. Translation: we will fix cybersecurity by making it one giant government-sized blanket that somehow covers everyone.

But before you, my dear Canadian neighbors, roll your eyes and think, “Well, that's their problem,” let me tell you why our cybersecurity is largely your problem. In fact, when the United States botches cybersecurity – and trust me, we will – you can bet Canada will feel the shockwaves.

The United States loves a one-size-fits-all approach, especially when it comes to big, scary, technical issues like cybersecurity. CISA's latest plan is essentially a top-down directive to “unify” cybersecurity strategies across federal agencies. Sounds good, right?

Article content

Except for this most important thing: We're talking about a huge number of agencies, from the Department of Agriculture to the Department of Defense, all under the same security blanket. And spoiler alert – such blankets usually have holes.

Sure, some agencies may share common goals and infrastructure, but do the needs of the Federal Reserve and NASA really overlap enough for a single strategy to effectively protect them both?

I'm not holding my breath. By treating every agency as if it faces the same threats, you are sure to leave many security gaps. What happens when hackers find these holes?

Now I can hear my Canadian friends saying, “What does this have to do with us?” Well, everything. When America's cybersecurity systems stop working, it's not just our problem – it's yours too. Our economies are as intertwined as Tim Horton's coffee and a frosty morning.

Article content

Article content

And if U.S. agencies are hacked, Canadian companies, banks and even government agencies connected to our digital infrastructure could find themselves caught in the crossfire. It's not just about watching us from afar – you'll likely feel the aftershocks firsthand.

The stark reality is that America's cybersecurity is not limited by borders. Our digital economies, energy grids, supply chains and defense operations are so deeply interconnected that a breach in the U.S. could have catastrophic consequences for Canada.

Recommended video

We're sorry, but this video has failed to load.

Play the video

When a U.S. federal agency is hacked, critical information may be compromised. And given that the United States is Canada's largest trading partner – by a mile – you can bet that hackers who gain access to America's trade, defense and financial systems won't stop there.

Article content

The fact that Canadian infrastructure and data pipelines are closely intertwined with ours means that vulnerabilities in American cybersecurity could leave you vulnerable to attacks. When America slips, Canada is vulnerable by association.

And don't worry if you think it's just about digital threats. Cyberattacks can shut down pipelines, derail trading systems and even disrupt transportation networks. Remember the Colonial Pipeline ransomware attack in 2021? Stopped fuel deliveries on the US east coast.

Imagine the ripple effect if such an attack hit the energy or transportation systems serving both countries. The digital world is no longer limited to virtual space – it has real-world consequences.

Article content

With this new plan, CISA is not solely focused on U.S. soil. There's also talk of improving international cooperation on cybersecurity, which is a fancy way of saying, “We'll make it easier to share information across borders.” Which sounds great in theory – who doesn't want countries to work together to fend off cyberattacks? But here's the catch: by making international cooperation easier, you also make it easier for hackers to exploit the system.

International cybersecurity standards may seem like a diplomatic victory, but from a practical standpoint, they are like handing hackers a master key to a digital kingdom. When security protocols are too standardized, a hacker will find a weakness and can exploit it in multiple countries. A loophole in the U.S. system could easily translate into a loophole in the Canadian system.

Article content

If this all sounds a bit alarming, wait until you hear about the White House's brilliant solution to protecting America (and, by extension, Canada) from cyber threats: the Cybersecurity Recruiting Sprint. The plan is to fill 500,000 vacant cybersecurity jobs. Yes, half a million jobs. In a sprint. You can't make this up.

It's a Herculean task, to say the least.

Don't get me wrong, hiring more cybersecurity experts is crucial. But the notion that the U.S. government can not only quickly find, but also adequately equip and retain 500,000 experts in a highly technical, rapidly evolving field? Let's just say I'll believe it when I see it.

The bottom line is that the White House wants to do all of this in the context of diversity, equity, and inclusion (DEI) hiring practices.

Article content

Balancing DEI goals with the urgent need for cybersecurity professionals means we will likely see rushed, high-skilled, and under-trained staff in key positions. And that's a recipe for disaster, not only for U.S. systems, but also for Canadian systems, whose defense systems rely on airtight protection, not to mention the cybersecurity of citizens in both countries from malware and cyberstalkers and other threats.

As we approach the 2024 U.S. elections, one thing is clear: American cybersecurity will soon become an even bigger mess than before.

But Canadians should not sit idly by and watch with stunned detachment. The fact is that you have skin in this game. Whether it's the botching of the “one size fits all” plan, our ill-advised efforts at international cooperation, or the inevitable failure of our cybersecurity recruiting sprint, when the United States screws up, Canada feels it.

Article content

So while it's tempting to joke about American inefficiency and bureaucracy, the truth is that Canadians should be watching America's cybersecurity plans with growing concern. Decisions made in Washington on overall cybersecurity and other issues like artificial intelligence will impact the entire border, and if the US can't get its act together (and let's be honest, we probably won't), you may find yourself helping pick up the pieces of our digital mistakes.

Even “big tech” is experiencing some difficulties as the latest macOS 15 Sequoia update has encountered security issues while Google has tried to increase security by syncing access keys across all devices

After all, what happens to American cybersecurity doesn't just stay in America. And whether you like it or not, we're all in this together – whether it makes you feel safer or a little more uncomfortable.

— Julio Rivera is a business and political strategist, cybersecurity researcher, founder of ItFunk.Org, and political commentator and columnist. His writing, focusing on cybersecurity and policy, is regularly published by many of the world's largest news organizations.

Article content