Preparing for a political cyberattack is a good idea, says former top U.S. spy

Canada has made a prudent decision to assess the risk to its political system from cyberattacks and hackers, given what happened recently in the United States, says a former top U.S. spy.

There are ways to make a foreign attack on key Canadian databases more difficult, if not impossible, said Michael Hayden, who has served as head of both the U.S. National Security Agency and Central Intelligence Agency.

The disclosure of stolen Democratic party emails, published by WikiLeaks, proved embarrassing last year to U.S. presidential contender Hillary Clinton.

American intelligence officials said Moscow led the attack, though the Russian government has denied involvement.

• Why the spy trade is such a booming industry: Brian Stewart
• Trump's skepticism on hacking puts cabinet picks on tightrope

The Liberal government said this week it plans to ask the federal Communications Security Establishment, the NSA's Canadian counterpart, to advise political parties and Elections Canada on good cybersecurity practices.

"I think it's very legitimate to be concerned," Hayden said after appearing at an Ottawa conference on disaster prevention. "What happened to us was unprecedented and awful. We've never experienced that before in the United States.

"I think your government is just taking the prudent step to make sure everyone understands we view our electoral processes to be critical infrastructure for the nation, just like the steel industry or transportation."

Hayden suggested it would be a challenge to completely thwart such attackers. But he said it's possible to slow them down and "make them less agile, less capable."

Who to protect?

It's wise to look at digital vulnerabilities to the Canadian political sphere, said Dick Fadden, the former director of the Canadian Security Intelligence Service.

Agencies like CSE can offer advice and provide "a sense of what the environment is like," he said after a panel discussion with Hayden about cybersecurity.

But Fadden, who also served as national security adviser before retirement, drew the line at the government actively protecting political parties from attacks. "I think political parties have to do their own work, just like companies in the private sector."

The possibility of a cyberattack that could affect an actual election outcome is tempered by the fact most ballots in Canada are on paper and are counted manually, he added.

Electronic assault aside, various countries have been known to try to influence foreign elections through financial contributions, Fadden said. "Where does diplomatic encouragement stop and where does infiltration begin? I'm not sure it's very clear."