07/09/2013 04:12 EDT | Updated 09/08/2013 05:12 EDT

Global alliances key to safeguarding cyberspace, says Canadian study

OTTAWA - International alliances are key to protecting countries — including Canada — from cyberattacks since it is "close to impossible" to fight the worrisome scourge alone, says a new study.

The federally commissioned report found that efforts to safeguard the digital realm have a growing military dimension that might culminate in a global cyber-treaty.

The research, prepared for Public Safety Canada by Ryerson University's Privacy and Cyber Crime Institute, was released under the Access to Information Act.

The study focuses on approaches taken by Canada's closest allies — the U.S., Britain, Australia and New Zealand — as well as Germany, France, Finland, Norway, Russia and China.

It says many of Canada's international partners have turned their focus from the prevention of cybercrime like financial fraud to the protection of key national infrastructure, such as electrical grids and water systems.

In order to co-operate effectively with its allies, the study concludes, Canada must also focus on protecting crucial facilities. However, it warns such a shift may result in weakened co-operation with non-traditional partners, such as Russia and China, on preventing run-of-the-mill cybercrime.

Though there are international agreements on co-operation in cyberspace, the report points out that a piecemeal web of treaties and arrangements exists between the countries studied. For instance, Canada and the United States have promised to work more closely on cyberthreats as part of the recently negotiated perimeter security deal.

There is heated international discussion about the need for a global treaty that would prevent rival powers from going to war in cyberspace, or at the very least come up with rules of engagement, the study notes.

Considering the difficulty in detecting cybercrime and estimating the damage of digital attacks, some countries "may still have some illusions" about the extent of the risk, says the report. However, it adds that large-scale attacks on Estonia in 2007 and Georgia in 2008, along with more recent international viruses, have led the public to see cyber-incidents as increasingly sophisticated.

"This increased public concern, coupled with public accounts of classified cyberattacks on businesses and corporations worldwide, has led Western governments to become more concerned with cyberspace security and to increasingly militarize their cyber-responses."

Assaults that crippled computer systems at the Finance Department and Treasury Board three years ago have been linked to efforts — possibly originating in China — to gather data on the potential takeover of a Canadian potash company.

In 2010, the federal government announced a national cybersecurity strategy, with $90 million in funding over five years and $18 million a year thereafter.

In a report last fall, Auditor General Michael Ferguson pointed out the strategy did not yet have an implementation plan, making it difficult to determine whether its objectives had been met.

Overall, Ferguson said the government had been slow to mount an effective response to the rapidly growing threat of cyberattacks on important systems — making only limited progress in shoring up vital computer networks and lagging on partnerships with other players.

Public Safety spokesman Jean Paul Duval said Tuesday the department has no plans to respond to the latest study's recommendations, saying it commissioned the research simply to keep abreast of current issues.