Small, medium-sized financial firms vulnerable to cyberattacks, says report
Commons committee report warns against allowing Huawei's equipment into Canada
Canada's small and medium sized financial firms could be vulnerable to the constant barrage of cyberattacks aimed at Canadian businesses, says the House of Commons public safety committee.
In a 51-page report, the committee found that large financial firms are well-defended from potential attacks — but smaller firms are not.
"Banks and other financial institutions are expanding and digitizing their service offerings, often partnering with financial technology (fintech) start-ups to do so," the committee wrote. "As small businesses, these fintech start-ups may not be in a position to fully protect themselves against cyber threats."
In an interview with CBC News, committee chairman and Liberal MP John McKay said hacking attacks against small financial sector firms are virtually "guaranteed."
"I think what gave us comfort was that the larger institutions in Canada are at the high end of the security spectrum," he said. "The middle and lower financial institutions, not quite so much."
McKay said the more the committee looked into the cybersecurity of Canada's financial sector, the more committee members felt they were just scratching the surface of the problem. The committee already has recommended the next Parliament set up a subcommittee specializing in cybersecurity.
"Cybersecurity is the new terrorism and in fact it's far more devastating than any terrorist action could be," said McKay.
In its report tabled Thursday, the committee warned that it's important for Canada's financial sector to maintain trust, and that means building cybersecurity into every new digital offering. Canadian companies increasingly have to embrace digital delivery and financial institutions are "a core element of this digitization process, facilitating secure online and mobile transactions," the report said.
"With an annual 55 per cent growth rate expected to continue through 2020, Canada has become a 'hotspot' for fintech start-ups," it said.
The report quotes Scott Smith, senior director intellectual property and innovation policy for the Canadian Chamber of Commerce.
"Mr. Smith drew attention to the fact that most of these fintech start-ups are mobile payments-focused SME's (small and medium-sized enterprises) and warned that these smaller players 'collectively constitute a very large attack surface,'" the report said.
The Huawei factor
Chinese tech giant Huawei is another threat to Canadian businesses, the committee found.
"Huawei's leadership may have articulated good intentions, but its government's past and recent actions are deeply problematic," the committee wrote, saying it questions to the wisdom of using communications technology produced in China.
Artificial intelligence and quantum computing present both opportunities and potential perils, the committee said.
Experts told MPs that there are "growing signs that AI is is being used to assist, if not conduct, cyber attacks."
"Some suspect it will not be long before humans step out of the loop and AIs battle other AIs directly," the committee wrote. "When this happens, organizations that rely on traditional perimeter defence systems to protect themselves will be dangerously exposed."
Quantum computers are being developed that are much more powerful than conventional computers and offer more secure encryption. However, they also could be used to attack other computer systems, the committee warned.
China is investing heavily in a bid to become a quantum computing superpower by 2030.
MPs said Canada has to invest in quantum computing and developing a workforce with the skill set needed to allow Canada to compete in a post-quantum world.
"The committee recommends that the Government of Canada increase this country's existing quantum skills capacity and continue to support research and development of quantum technologies and encryption standards that will ensure Canada's electronic information and information systems remain secure in a post-quantum world," the report said.
The committee also recommended the government develop a comprehensive cybersecurity skills and training strategy to address staffing shortages in the field, encourage Canadians and companies to report all incidents of cybercrime and explore ways to ensure that sensitive data moved within Canada follows a route that remains within Canada.
Elizabeth Thompson can be reached at elizabeth.thompson@cbc.ca