Many of Canada’s closest allies have either firmly or softly blocked Huawei and ZTE from selling telecommunications equipment to Internet service providers in their countries over the past several years. After repeated statements from Canadian government officials that a review of Huawei equipment was ongoing, on May 19, 2022 the government announced its own bans on Huawei and ZTE equipment. The government published an accompanying policy statement from Innovation, Science, and Economic Development (ISED) Canada on the same day.

This post begins by summarizing the possible risks that Chinese vendors might pose to Canadian networks. Next, it moves to discuss the current positions of Canada’s closest allies as well as Canada’s actions and statements pertaining to Chinese telecommunications vendors leading up to the May 2022 announcement. It then proceeds to unpack the government’s “Securing Canada’s Telecommunications System” policy statement. Some highlight findings include:

• The government is unclear when it refers to “supply chain breaches”;
• The government may be banning Huawei and ZTE principally on the basis of American export restrictions placed on Chinese vendors and, thus, be following the same model as the United Kingdom which was forced to ban Huawei following American actions; and
• Establishing the security and protection of telecommunications systems as an “overriding objective” of Canadian telecommunications policy could have long-term implications for Canadians’ privacy interests.

The post concludes by discussing the policy and political implications of the policy statement, why any telecommunications security reforms must not be accompanied by broader national security and law enforcement reforms, and why the Canadian government should work with allied and friendly countries to collectively assess telecommunications equipment.

Prospective Risks Associated with Huawei and ZTE Equipment

Many Western governments are concerned about security and foreign influence risks associated with Chinese telecommunications vendors, such as Huawei and ZTE. Both of these companies have made a name for themselves as producing relatively high-quality equipment at a far reduced cost compared to their Western competitors. These characteristics have led many telecommunications providers to purchase the Chinese vendors’ equipment. While lower costs may be a boon for telecommunications providers, Western governments have raised numerous worries about the companies’ equipment and services, and their relationships with the Chinese government. Broadly, these worries are associated with:

• Cybersecurity: The Chinese government might compel Chinese companies to modify their products to enable Chinese cyber espionage or effects operations.¹
• Geostrategic leverage: If Chinese companies compose a significant fraction of a country’s telecommunications infrastructure the Chinese government might use this as leverage: either countries using Chinese vendors’ equipment must adopt China-friendly policies or else run the risk of being unable to access system updates or replacement equipment needed to service telecommunications networks.²
• Intellectual Property and Internet Standards: Ceding a significant fraction of the telecommunications ecosystem to Chinese vendors runs the risk of largely relinquishing the development of network-related intellectual property or international standards to Chinese companies. Should this happen non-Western values or norms might seep into the very protocols responsible for managing data traffic. Furthermore, intellectual property holdings might preclude or inhibit Western vendors from developing or selling competing equipment.³

It is important to note that while there have been numerous serious security deficiencies found in Huawei’s equipment there is no open source information which indicates that any of these deficiencies were created or maintained at the behest of the Chinese government. Similarly, I am unaware of a case where the Chinese government has explicitly leveraged the availability or use of Chinese telecommunications vendors’ products to pressure a foreign government to modify its domestic or international policies. There are, however, ongoing concerns about how the Chinese government and Chinese companies are seeking to ‘update’ the protocological nature of the Internet through work at the International Telecommunications Union. The “New IP” proposal, as an example, would build “intrinsic security” into the web. The proposal, if adopted, could provide telecommunications providers and states alike with the ability to better control the information available to telecommunications subscribers.⁴

Security Stances Adopted by Canada’s Allies

In the face of these risks, Canada’s Five Eyes allies have developed a varying set of mitigation policies. Australia banned Huawei from participating in the country’s national broadband networks and 5G networking infrastructures in 2018 based on national security, as opposed to privacy-related, worries.

The United States government has long warned about the security properties associated with Huawei and ZTE equipment, with alarms ringing ever since the publication of a 2012 House Intelligence Committee report. In 2018, legislation was passed that barred Huawei products (and those of other Chinese vendors) from being used by the U.S. government and its contractors, with the legislation coming into force in 2019. In 2019, the Federal Communications Commission barred telecommunications providers from using federal money to expand connectivity if the money would be used to acquire Huawei or ZTE equipment, and voted in 2020 to designate the companies as national security threats. A fund has been created so that smaller American telecommunications companies do not have to completely shoulder the burden of ‘rip and replacing’ the Chinese companies’ equipment from their infrastructures. As of February 2022, that fund had expanded from the initially allocated $1.9 billion to $5.6 billion (USD).

Both New Zealand and the United Kingdom sought less confrontational approaches to securing their telecommunications infrastructures. In New Zealand, the country’s security services have blocked telecommunications companies from using Huawei equipment in 5G infrastructures on national security grounds. The assessments were done based on risks posed to national security and, as such, the policy doesn’t constitute an explicit ‘ban China’ policy. Moreover, the decision by New Zealand’s government was meant to demonstrate its independence from Australia and the United States: it could adopt a security program that addressed the concerns that the larger countries were raising without being forced to adopt identical policy solutions.

The United Kingdom is a unique case insofar as it first sought to manage Huawei equipment using a supply management and security assessment process and, later, shifted to barring the company’s products from UK 5G networks. Since 2011 the UK’s Huawei Cyber Security Evaluation Centre (HCSEC) has examined Huawei equipment to provide assurance that UK telecommunication providers can safely and reliably integrate Huawei’s equipment into their networks. Fast forward to January 2020 and the UK government set out conditions for telecommunications providers to use Huawei equipment: only 35% of company networks could include the vendor’s equipment and the equipment would have been barred from certain critical infrastructure.⁵ The position changed in mid-2020, however, following the US government’s technology and software bans on Huawei. Resulting from these bans, the UK’s National Cyber Security Centre (NCSC) did not believe it could successfully “manage the security risks of using affected Huawei technology in our future 5G networks.”

Canadian Debates and Assessments of Huawei

The Canadian government has been assessing Huawei equipment for at least a decade. In 2012, the government used a security protocol to bar Huawei from bidding on the government’s telecommunications and email network. Between 2011 and 2012 national security concerns were raised to the deputy minister of Public Safety Canada. Huawei products have also been assessed by EWA-Canada under the Common Criteria program, though this is notably less rigorous than the work conducted by the UK’s HCSEC. The government also conducted annual security assessments of Huawei equipment through the Communications Security Establishment’s Security Review Program.

In 2019, then-Public Safety Minister Ralph Goodale promised a decision on Huawei was forthcoming, though it wouldn’t be made prior to the 2019 election. In a January 2020 report, “Canada’s communications future: Time to act,” there was a section on network security that included recommended updates to the Telecommunications Act. The report found that the Telecommunications Act did not include a security objective. This absence stood in contrast to the United States Communications Act, German Telekommunikationsgesetz (TKG) of 1996, European Electronic Communications Code, UK’s decision to assign security issues to Ofcom, Australian assigning of national security assistance to the Australian Communications and Media Authority (ACMA), or New Zealand’s establishing a self-standing regulatory body through the Telecommunications (Interception Capability and Security) Act 2013. As a result, the report recommended that “the policy objectives of the Telecommunications Act be amended to include the promotion of the security and reliability of telecommunications networks and electronic communications services.” The amendment would advance Canada’s “National Cyber Security Strategy“⁶ and, arguably, also be in service of the “National Cyber Security Action Plan (2019-2024).”⁷

In late 2020, the official opposition passed a motion asking the government to ban Huawei by the end of the year; the government did not do this. Following the 2021 election, Prime Minister Trudeau stated that a decision concerning Huawei was coming “in the coming weeks”. This was flagged in the Minister of Public Safety’s Mandate letter, which included the direction to introduce “legislation to safeguard Canada’s critical infrastructure, including our 5G networks to preserve the integrity and security of our telecommunications systems” as well as in the Mandate letter for the Minister of ISED, which included the direction to work “with the Minister of Justice and Attorney General of Canada, Minister of National Defence and Minister of Public Safety, and with the support of the Minister of Foreign Affairs, continue to advance the National Cyber Security Action Plan, ensuring Canada is well positioned to adapt to and combat cyber risks, and ensure the security and integrity of Canada’s critical systems.”

In a joint announcement on May 19, 2022, the Ministers of Public Safety and ISED stated that Huawei and ZTE products would be barred from 5G infrastructures.⁸ Furthermore, the companies’ products would also need to be removed from existing 4G infrastructures in the coming years. There would be no remuneration to Canadian telecommunications companies to remove Huawei or ZTE equipment. The government then released a policy statement, entitled “Securing Canada’s Telecommunications System,” the same day.

“Securing Canada’s Telecommunications System”

ISED’s policy statement is focused on 5G, 4G, and Gigabit Passive Optical Network (GPON) equipment. The statement, and forthcoming legislation to reform the Telecommunications Act, is driven by the need to “reap the economic and social benefits of 5G technology” insofar as achieving this outcome requires Canada to “continue to secure the foundation of its telecommunications system and adapt to the changing technological and threat environment” (Para 3). With regards to 5G technologies, the statement is forward looking on the basis that it will “introduce new security concerns that malicious actors could exploit” (Para 4) and specifically points to Huawei and ZTE as companies which could be “compelled to comply with extrajudicial directions from foreign governments” (Para 5). This is suggestive that, to date, security concerns associated with Canada’s 3G and 4G networks have been managed such that foreign nations have been unable or unwilling to exercise extrajudicial directions to target equipment being deployed in Canadian telecommunications networks.

Paragraphs six and seven are amongst the most significant policy-related paragraphs in the statement. The statement makes clear that security reviews are being implemented due to “potential cascading economic and security impacts of a telecommunications supply chain breach” (Para 6). The definition of what the government considers a ‘telecommunications supply chain breach’ is not provided, nor the kinds of cascades that might follow, with the effect that the specific impacts worrying the government are challenging to divine. What might a supply chain breach include?

1. The Chinese government compels Huawei or ZTE to deliberately tamper with hardware or software components of 5G, 4G, or GPON systems, or to make those systems available for tampering by state agents that might be employed by the companies;
2. The Chinese government compels the re-routing of Huawei or ZTE equipment mid-delivery, with or without either company’s knowledge, so that state agents could modify hardware or software components of 5G, 4G, or GPON systems;
3. The Chinese government leverages the adoption of Huawei or ZTE equipment by Canadian telecommunications providers to impose socio-economic pressures on Canada; or
4. Some combination of 1-3.

Turning to the “evolving international supply chain dynamics” associated with telecommunications equipment it is hard to positively assess what the government is communicating. The statement notes that there are “growing restrictions on access to certain components” and that shifts “from well-known inputs to others have implications for Canada’s ability to conduct assurance testing. This changing supply chain environment towards other components will make it increasingly difficult for Canada to maintain a high level of assurance testing for certain network equipment from a number of potential suppliers” (Para 7). As noted, previously, the UK’s NCSC reversed its position on Huawei following export restrictions that the United States placed on intellectual property, supplies, software, and equipment destined for Huawei. Is it the case that Canada’s position, like the UK’s, is linked to the United States’ “restrictions on access to certain components”? Huawei has sought to replace internationally-sourced or -linked software and hardware with Chinese-developed semiconductors and software; is this the “changing supply chain environment towards other components” that will make it challenging for Canada to undertake its assessments?

Per the statement, only Huawei and ZTE are explicitly barred from Canadian telecommunications companies’ 5G networks (Para 10). To date, the Communications Security Establishment has undertaken reviews of 3G and 4G/LTE networks, with the effect that Huawei equipment has been authorized for certain uses. Notwithstanding historical approvals, further restrictions are being placed on Huawei and ZTE equipment writ large:

• In the case of 5G equipment from ZTE and Huawei, new deployments are prohibited and existing equipment and managed services must be removed or terminated by June 28, 2024.
• In the case of 4G equipment, no new equipment or managed services can be adopted, and existing equipment and services must be removed or terminated by December 31, 2027.
• The cutoff date for adding new 4G or 5G equipment and services is September 1, 2022.

The removal dates for 4G and 5G equipment should mean that offending equipment that has been installed by Canadian telecommunications companies will have significantly depreciated in value between the installation and removal period. However, there will likely be heightened capital expenses for telecommunications providers that replace lower-cost Huawei equipment with higher-cost equivalent technologies and systems. This is a particular concern for smaller telecommunications companies and those operating in Canada’s north.

There is also a warning of forthcoming restrictions coming for GPON equipment but no specifics (Para 10). There is no suggestion that Huawei or ZTE handsets or end-point devices, or privatized networking equipment that might be adopted by private organizations, will be banned or captured as part of the forthcoming security review process (Para 9).

Also, updates to the CSE’s Security Review Program are forthcoming and will “consider risks from all key suppliers and apply more broadly to help industry improve the cyber security and resilience in Canada’s telecommunications networks” (Para 13).

Finally, the Telecommunications Act will receive amendments intended to “prohibit the use of equipment and services from designated suppliers where necessary to protect Canada’s telecommunications system” as well as “other measures under a holistic telecommunications security framework” (Para 12). It will be essential to assess these when introduced but, on their face, they are not inherently controversial (and, indeed, will put ISED on a common legislative footing as many of our closest allies). However, the amendments to the Act are meant to “ensure that promoting the security and protection of our telecommunications system is an overriding objective of Canada’s telecommunications policy” (Para 12, emphasis added). Such amendments might significantly reshape the nature of Canada’s telecommunications policy. For reference, section 7 of the Telecommunications Act sets out the following as Canada’s formal telecommunications policy:

1. It is hereby affirmed that telecommunications performs an essential role in the maintenance of Canada’s identity and sovereignty and that the Canadian telecommunications policy has as its objectives
   (a) to facilitate the orderly development throughout Canada of a telecommunications system that serves to safeguard, enrich and strengthen the social and economic fabric of Canada and its regions;
   (b) to render reliable and affordable telecommunications services of high quality accessible to Canadians in both urban and rural areas in all regions of Canada;
   (c) to enhance the efficiency and competitiveness, at the national and international levels, of Canadian telecommunications;
   (d) to promote the ownership and control of Canadian carriers by Canadians;
   (e) to promote the use of Canadian transmission facilities for telecommunications within Canada and between Canada and points outside Canada;
   (f) to foster increased reliance on market forces for the provision of telecommunications services and to ensure that regulation, where required, is efficient and effective;
   (g) to stimulate research and development in Canada in the field of telecommunications and to encourage innovation in the provision of telecommunications services;
   (h) to respond to the economic and social requirements of users of telecommunications services; and
   (i) to contribute to the protection of the privacy of persons.

An argument might be made that without a secure telecommunications network it is impossible, or at best challenging, to satisfy 7(a)-(i). Nevertheless, should security become “an overriding objective” of Canada’s telecommunications policy that could have cascading effects on how the government subsequently establishes regulations or the CRTC conducts regulatory proceedings. As an example, a security-first objective could open the door to more intrusive or pervasive methods of assessing telecommunications equipment and communications traffic more generally. Such reforms might better facilitate the CSE’s ability to work with Canadian telecommunications companies to deploy network-based sensors by prioritizing the security benefits of the sensors over the privacy-related concerns linked with the sensors scanning Canadians’ traffic.⁹ I’m sure that there are many other implications of prioritizing security over other policy objectives, and hope that other scholars and analysts who spend more time with the Telecommunications Act than I do can find time to reflect and write about what this change in telecommunications priorities might mean. Finally, I hope that ISED widely consults with experts of the Telecommunications Act ahead of passing legislation to reform the Act.

Policy Implications of Telecommunications Act Reform

ISED’s policy statement has a number of potential policy implications of varying scale and significance. First, and somewhat obviously, would be that reforms to the CSE’s Security Review Program are certain to follow. The current publicly available policy, dated November 2, 2018, indicates that a “government review is underway” for 5G networks and technology. Presumably this review is either finished or nearing completion, and whatever emerges from the review will replace the existing Program. Hopefully an updated policy will be published and include meaningful details concerning how future assessments are to be conducted. As Huawei will be banned from future telecommunications equipment sales it will remain to be seen how willing it is to participate in ongoing security reviews between now and when its equipment must all be removed from Canadian companies’ networks, and especially when doing so may have financial costs to the company..

Second, it is plausible that we could see updates to the Canadian Security Telecommunications Advisory Committee’s “Security Best Practices for Canadian Telecommunications Service Providers (TSPs).” As drafted, many of the best practices “should” be undertaken by TSPs; with a stronger mandate in hand it is possible that a similar document might someday be released that includes more “must” statements.

Third, by adding security as an overarching policy priority there will need to be a method by which security is clearly assessed against Canada’s other telecommunications policy objectives. This might, in part, entail adding security as just another of the objectives as opposed to as “an overriding objective”. However, should the government persist and make security the dominant telecommunications objective it must disclose how and why it came to this conclusion, as well as make apparent why it cannot be one objective amongst many others. To be clear: I do not think that security should be an overriding objective and think that the prioritization of security over all other policy objectives would unnecessarily securitize Canadian telecommunication policy writ large.

Forth, if security is to be either added as a policy objective or becomes an overriding objective, then it will be imperative to communicate to the CRTC just what this means for the regulator. It may even be appropriate or necessary to further establish the role(s) of the Office of the Privacy Commissioner of Canada in advocating on behalf of privacy-related matters at the Commission, as well as other departments and agencies (e.g. Heritage) who’s mandates might be impacted by the change in the Telecommunications Act‘s priorities.

Fifth, I hope that the government releases an equivalent to the UK’s “Telecoms Supply Chain Review Report,” which set out the lay of the land in the UK. In issuing a similar Canadian report, ahead of proposing specific legislative reforms, the government would be doing two things. First, it would be setting out the facts on the ground, as opposed to just publishing a government analysis of those facts, and thus help to build confidence in legislative and policy reforms. Second, such a report would broadly comport with the national security transparency efforts that are being undertaken by the government and further reify the government’s commitment to transparency in the national security space. Failing to issue such a report or white paper would perpetuate the incessant secrecy associated with national security affairs in Canada and suggest that its national security transparency efforts are not being substantively adopted when it comes to major legislative reforms that are meant to address security concerns.¹⁰

Political Implications of Banning Huawei and ZTE

Politically, I think that when and how the announcement was made has both positives and negatives. First, waiting until Michael Kovrig and Michael Spavor were home, and until the United States reduced its public pressure campaign to block Huawei from Canadian networks, meant that Canada could that assert it had made its own sovereign decision. This said, if the government was signalling in its policy statement that its decision was partially the result of US export restrictions to Huawei and ZTE then our ‘sovereign decision’ may largely have been compelled by actions that were undertaken by Canada’s closest friend, ally, and neighbour.

Second, while the headline news is that Huawei and ZTE are going to be banned, the actual policy statement indicates that a broader review of all critical telecommunications equipment will be performed. The framing of the announcement, and policy statement, was almost certainly designed to communicate to allies that Canada was going to block the Chinese vendors but arguably hedges closer to the UK or New Zealand models of banning certain vendors based on security reviews rather than due to explicitly stated political considerations. The result is that Canadian security officials and foreign service officers will have wiggle room to say the ‘ban’ is due to non-partisan security assessments and thus give them leverage to try and defuse China’s reaction to the bans on Huawei and ZTE.

Third, it must be understood that while joining with our allies means we are all in the same clubhouse, the way in which we communicated our decision is a slap to China’s face. Huawei is a national champion and outright declaring that Canada is banning their products, instead of adopting a blander way of communicating the same outcome as was done in New Zealand, means that Canada and Canadians should expect some kind of response. The decision on telecommunications equipment is magnified by the new national security reviews for academic research which will likely impair Huawei’s ability to work with some Canadian scholars on next-generation research. Exactly how, and when, China will respond remains an open question.

Fourth, I suspect this decision by the government is predominantly a geostrategic decision. Though cast through the lens of security, I can’t help but reflect on the comments that came from the UK’s NCSC in 2020 that:

Placing ‘backdoors’ in any Huawei equipment supplied into the UK is not the lowest risk, easiest to perform or most effective means for the Chinese state to perform a major cyber attack on UK telecoms networks today.

Simply put, banning Huawei or ZTE equipment will not ‘solve’ Canada’s cybersecurity challenges. Hopefully the broader review program will work to address these challenges.

Fifth, it remains unclear how exactly the government’s decision to reform the Telecommunications Act will fit within its broader strategic direction(s). While the reforms will satisfy security-related recommendations from the “Canada’s communications future: Time to act” report they do not clarify Canada’s actual foreign policy strategies pertaining to cyber, security broadly construed, or China. Moreover, where will the reforms will fit into a Canadian industrial policy? In what ways, if at all, should assessing the security to telecommunications equipment be linked to efforts promote Canadian involvement in standards bodies such as the International Telecommunications Union, which is debating “New IP”, at the 3GPP that is developing 5G and 6G standards, or even at the Internet Engineering Task Force or Institute of Electrical and Electronic Engineers?

Legislative Redlines

The government is clearly committed to reforming the Telecommunications Act. It will be imperative that any legislative package is designed to just update telecommunications equipment security-related language in the Act. Government drafters should not use this as an opportunity to expand the scope of lawful interception or access powers, provide additional powers to the Canadian Security Intelligence Service, or otherwise expand the powers of the Communications Security Establishment or other members of Canada’s security and intelligence community. A robust debate will be, and should be, had on any security-related reforms to the Act but such debate will be poisoned from the get-go if the government uses this as an opportunity to broadly expand the powers assigned to law enforcement, security, or intelligence agencies.

Concluding Thoughts

After years of waiting it is positive to see the Government of Canada finally move forward with a decision on Chinese telecommunications vendors and national security reviews of telecommunications equipment more broadly. However, while the government’s policy statement outlines activities we can expect the government to take up, questions remain about the underlying facts driving some elements of the statement and, also, on the specifics concerning the modification of objectives in the Telecommunications Act. Furthermore, analysis of the policy statement is suggestive that Canada’s hand was forced to bar Huawei due to American export restrictions on the company, which may dilute the Canadian government’s ability to assert it arrived at a genuinely sovereign decision.

I’ve written elsewhere that any decisions concerning Huawei should be accompanied by a broader set of strategies concerning the foreign dimensions of cyber power, foreign policy towards China and the world more broadly, as well as an industrial strategy. While some kind of an international cybersecurity strategy is forthcoming there’s no indication the others are in the works, which has even prompted the US Ambassador to Canada to state that his government is “waiting for Canada to release its framework for its overall China policy”. Canadians are waiting, too.

Finally, as Canada moves forward with its new security reviews of telecommunications equipment I hope that work is afoot to ensure that the government works with our allies and friends to broadly undertake security reviews of telecom equipment and share the results. Canada is not large enough to fully assess the security properties of all major vendors’ equipment; even the United States, with all its resources, would likely be challenged to do so. Ideally we would see nations create the equivalents of the UK’s HCSEC, but which were focused on different vendors and their products. These equivalents would produce annual classified to share amongst allied nations as well as publish open source reports. This kind of defensive information assurance work would ensure that critical networks around the world were better protected and have the effect of keeping residents and citizens of Western nations safer from the threats that are accumulating daily. Cybersecurity must be an international team sport and the Canadian government should work to ensure that cooperation and sharing takes place; if we are truly to be a ‘convening nation‘ then let us start convening meetings on this topic post haste.

---

NOTE: This post was updated on June 8, 2022 to correct the press release of the Huawei ban and the release of the policy statement, both of which took place on May 19, 2022. I apologize for the error. Thanks to Bill Robinson for catching and alerting me to this mistake.

---

1. For more, see Section 6 of “Huawei & 5G: Clarifying the Canadian Equities and Charting a Strategic Path Forward.” ↩︎
2. For more, see Section 5 of “Huawei & 5G: Clarifying the Canadian Equities and Charting a Strategic Path Forward. ↩︎
3. For more, see Section 4 of “Huawei & 5G: Clarifying the Canadian Equities and Charting a Strategic Path Forward. ↩︎
4. For a detailed description and analysis of New IP, see the Internet Society’s FAQ. ↩︎
5. In January 2020, the National Cyber Security Centre (NCSC) wrote that due “to the UK’s mitigation strategy, which includes HCSEC as an essential component, our assessment is that the risk of trojan functionality in Huawei equipment remains manageable. Placing ‘backdoors’ in any Huawei equipment supplied into the UK is not the lowest risk, easiest to perform or most effective means for the Chinese state to perform a major cyber attack on UK telecoms networks today.” However, the NCSC assessed that “the national security risks arising from the use of ZTE equipment or services within the context of the existing UK telecoms infrastructure cannot be mitigated. The NCSC’s advice to operators in relation to ZTE has not changed as a result of this analysis” (23, emphasis not in original). ↩︎
6. Specifically, under ‘Secure and Resilient Canadian Systems‘, which includes: “Some cyber systems — such as electricity grids, communications networks, or financial institutions — are so important that any disruption could have serious consequences for public safety and national security. The federal government will work with provinces, territories, and the private sector to help define requirements to protect this digital infrastructure.” ↩︎
7. Specifically, this could be linked to efforts to support Canadian Critical Infrastructure Owners and Operators. ↩︎
8. For those counting at home this was 33 weeks after the Prime Minister stated a decision was coming in the coming weeks and almost 3 years after Minister Goodale’s announcements in 2019. ↩︎
9. For more on CSE’s host, network, and cloud-based sensors, see “Unpacking NSICOP’s Special Report on the Government of Canada’s Framework and Activities to Defend its Systems and Networks from Cyber Attack.” ↩︎
10. Ideally such a report would, also, be linked to preparing the ground for the government to release updated foreign policy, cyber security, and industrial policy strategies. ↩︎