The Monthly Rewire is a monthly newsletter that covers important or interesting topics and developments related to Canadian cyber defence.

• Canada Releases Government Guide on the Use of Generative AI

  • The Government of Canada released its Guide on the Use of Generative AI for use by public servants of the government. These Government of Canada-wide guidance documents do affect DND/CAF, so it will broadly be the policy which also affects the new DND/CAF AI Strategy.
    

    ---

• DND/CAF Artificial Intelligence Strategy

  • DND/CAF launched its AI Strategy this month, which has been broadly well received. In my opinion, it shows a great nuanced understanding of AI and its use in the military. Although most of these documents are written by consultants, I have concerns about how much this will be socialized and implemented across DND/CAF if it is not embedded into existing digital transformation efforts.
    

    ---

• Government of Canada Releases Main Estimates

  • The Main Estimates is a breakdown in overall spending authorities that the Government of Canada will be seeking for the coming year’s budget, which will be unveiled on April 16. There is a lot of movement of DND/CAF budget, particularly in infrastructure, which includes a lot of IT infrastructure and other assets. There is not a cause for concern yet, but is something to watch to see how this money is being redistributed within DND/CAF. I wrote a longer analysis here.
    

    ---

• Cyber attacks are getting easier, experts warn after 3rd federal incident

  • Every month in 2024 has had a new story about a major Canadian government organization being the victim of a cyber attack. This includes Global Affairs Canada in January, RCMP in February, and FINTRAC in March. This does not even include the many municipal attacks

  • I don't agree with the assessment that cyber attacks are “easier,” but likely, there is just easier access to the tools and knowledge to conduct attacks. More actors engaged in attacks, be they states or cybercriminals, means that the risk of intrusion is much higher. If anything, it means it’s harder for defenders.
    

    ---

• Britain and US race to expand Pacific defense pact before election turmoil

  • On March 19, Politico reported that Australia, United Kingdom, and United States are “rushing” to expand AUKUS, with Canada and Japan named as possible countries to join the defense pact. Pillar 2 broadly deals with developing advanced military technology, with AI, hypersonics, quantum, and cyber all mentioned at some point.

  • There is a strong case for Canada to join “Pillar 2” of AUKUS, which does have strong domestic research in AI and quantum, and CSE is increasingly regarded as one of the best cyber intelligence organizations. Canada is very eager to maintain its relative global leader position in AI, but the government has had a considerably difficult time to maintain this beyond making empty statements.
    

    ---

• CSE: Bill Dollar Budget

  • Bill Robinson wrote a short article on CSE's growing budget over the years and its potential to reach $1 billion in the next budget. Perhaps by no surprise, the cyber security part of CSE has grown the most over the years.

    ---

• Dafocom Solutions Awarded $1.8 million Cyber Network Security Contract

  • On March 27, Canadian Defence Review reported that Dafocom Solutions was awarded a $1.8 million contract to provide DND/CAF cyber assurance hardware to support Operation REASSURANCE in Latvia. What makes this contract so interesting is that the CAF is conducting a hunt forward operation as part of Operation REASSURANCE. Noteworthy here is that the contract is specifically for cyber assurance hardware. So it is not definitive that this is for the hunt forward operation, but it is one contract to track.

  • Operation REASSURANCE is Canada’s largest international mission and the largest committed to NATO. It is based in Latvia, where the CAF is conducting a hunt-forward operation. While initially conducted with the United States, it appears that this may have been to help CAF and Latvia establish an initial hunt-forward operation.

    ---

• Canadian Forces wants to expand offensive cyber capabilities, briefing says

  • On March 21, the Ottawa Citizen reported that the CAF is looking to expand its ability to conduct offensive cyber operations. Little is revealed in the article, but it is hinted that CAF Cyber Forces are looking to better develop and professionalize its offensive cyber capabilities by refining capabilities, practice, and doctrine by working with CSE. A Cyber Force Vision 2035 has been developed, but I am unsure of when it was released internally. Based on how the Government treats everything cyber, it’s going to be severely limited by over-classification and lack of proper consultation and outreach.

  • I have submitted an ATIP to hopefully see Cyber Force Vision 2035, but this is now my fourth active ATIP, so we’ll see if I get anything.