Last month, a wave of cyberattacks launched by a group of pro-Russian hacktivists targeted around 20 Canadian websites, such as that of Prime Minister Trudeau or Hydro-Québec. Spectacular, such incidents are nevertheless only the tip of the great iceberg of digital insecurity in Canada.
“In space you can’t be heard screaming,” warned the 1979 poster for Ridley Scott’s film Alien. A stroke of advertising genius, this skilful catchphrase was to evoke for moviegoers of the time the loneliness and anguish of the individual faced with an immense, obscure and – as the spectators were to discover – hostile territory. More than 40 years later, the formula remains evocative and does not fail to inspire parallels with another universe, more accessible, but also harboring its share of perils: cyberspace.
Indeed, judging by the headlines, the “techno-optimism” that has long guided us seems to be contradicted every day a little more by the harsh reality of the digital universe: cyberattacks, viral disinformation, data theft, trolling and cyberbullying, surveillance technologies… today’s cyberspace seems a thousand miles from the humanist promises that its pioneers attributed to it. Like Ridley Scott’s “eighth passenger”, digital insecurity stalks more and more travelers of the virtual cosmos. And you can’t hear them all screaming.
Certainly, malicious virtual acts do not fail to make occasional headlines, like the recent cyberattacks by pro-Russian hacktivists.
A land of stealth and anonymity, it offers various actors, whether criminal or state, the possibility of harming others discreetly, from a safe distance and often with complete impunity.
Since 2020, our research team at the Multidimensional Conflict Observatory has been listing and analyzing geopolitical cyber incidents that have affected Canada, for example. These efforts have made it possible to identify – without claiming to be exhaustive – no less than 97 since 2010, including 14 for the year 20221 alone. Targeting government entities as well as private companies, the academic world or civil society actors, these actions are currently often unknown to the general public. Yet they affect the daily lives of many people in Canada.
In November 2022, for example, we learned that members of the Iranian diaspora living in Canada were the subject of a cyber-surveillance and intimidation campaign by the Tehran regime, on the sidelines of the protest movement that is shaking the Islamic Republic. Previously, in 2021, it was discovered that Chinese intelligence hackers had potentially compromised several hundred Canadian organizations, during a vast campaign of cyber espionage instrumentalizing Microsoft Exchange software. More recently, in early April, a leak of information revealed that pro-Russian hackers had compromised the pipeline management systems of a Canadian oil company, in order (the criminals claimed) to be able to trigger an industrial accident.
There are many reasons why the majority of victims of digital insecurity cannot be heard screaming. Ordinary citizens or civil society activists remain in many ways helpless and helpless, not least because traditional public security agencies remain ill-equipped to deal with virtual threats. Companies, apprehending the potential for bad press, most often prefer to camouflage rather than denounce the cyber incidents of which they are the subject. Governments themselves often prefer to keep silent about the existence of foreign cyberattacks, believing that such issues are best handled behind closed doors and under cover of state secrecy.
This code of silence, however, has its share of misdeeds, starting with this: until we know the true extent of the malicious acts affecting Canadian cyberspace, it remains difficult to correctly estimate the resources needed to curb the problem – and even more so to publicly justify these investments. In this regard, we observe that it took (too) many cases of cyber espionage of activists and dissidents on Canadian soil for Ottawa to decide, last March, to grant an additional $50 million to the RCMP to attack it.
It is therefore important that in the future we listen more attentively to those who shout in cyberspace. It is also essential that private and public actors, who on the contrary refuse to do so, work towards greater transparency. Alongside the burgeoning of technocentric solutions developed at great expense, it is also – and perhaps even above all – through a more open and frank public debate on these issues that we will make our digital environment safer.