If you want to know how seriously Canada takes cyber defence, we spent two years on a bill that we accidentally invalidated via a parliamentary clerical error.
Welcome to the internet economy that has no meaningfully security, no forethought of consequences of failure and no-one who cares. It's one thing to have your Amazon account hacked so you can't order a part for your vacuum cleaner but another thing entirely when your bank account is compromised or critical infrastructure like food or electricity supply is threatened. We're drowning in data yet all it serves to do is generate more complexity and longer response times without delivering any benefit. Computers were originally designed to serve humanity but we now realize that humanity is serving computers.
That can’t be true that computers offer no benefit. Somebody must be benefiting, else there wouldn’t be computers. It’s not like Government tells businesses they have to computerize for no benefits.
Years ago, our family retail business had to close for two days every year to take inventory — physical counting or weighing, depending on how it was sold, of everything in the store, from paper clips to lawn mowers and ladies’ dresses. Every single employee spent two long days not selling anything, and we had no sales at all.
And we had to keep a lot of cash tied up in extra inventory in the basement (which we had to insure against fire) because we didn’t know when our mailed-in orders would turn into deliveries.
Now with point of sale terminals we know exactly what goes out the door, how much we paid for it, and the system automatically orders more to replace it which will be delivered just before we run out. No more parked inventory.
Did we pass on the operational savings to you our customers? Not if we can help it. If a flashlight is worth $4.99 to you it’s still worth $4.99 no matter how much it costs us to put it on the shelf. But if our competitor can sell it for $4.79, we’ll have to match his price.
Of course that whole business model has pretty much gone belly-up. Look at Hudson Bay Company. Creative destruction I guess.
I'm of two minds about this: cybersecurity continues to be an issue that doesn't get sufficient attention, but government regulation is going to be of limited benefit. Regulation is going to help raise awareness of the issue (by forcing organizations to address it), but can rapidly become a hindrance when regulators try to prescribe requirements: they aren't actually the experts and are often poorly placed to understand the trade-offs between cost and risk inherent in implementing cybersecurity.
Cybersecurity isn't a new problem. There's a number of industry standards like the ISO27000 series, IEC62344, and ISO/SAE 21434 for automotive applications. There's a large industry supporting cyber solution development. The problem has been that a lot of organizations continue to be unaware of the risk or don't pay enough attention to the risk until it bites them hard. Given the potential societal and economic impacts of cyberattacks, there's a good argument for government regulation mandating organizations to do something. I think regulators need to defer to industry on exactly what they should do, and how much cybersecurity is sufficient.
An area where governments *really* should get involved is in fighting cyber crime. Law enforcement organizations need to resource investigation of these crimes; the legal system needs to develop tools and approaches to prosecute them. Again, the problem is a general lack of awareness of the problem.
Thank you for this very important article. Canada is never ready for anything. Which means Canada will not be ready for it's own demise. If you are a prog zombie, keep voting "Liberals" for more of the same kak government we have had for far too long.
For food resilience, if you can't grow some of your own, support your local small-to-medium scale farmers, eat in season, and learn how to preserve what you can. If you have a freezer and can go in on bulk orders with some friends, it is cheaper, better quality, and more nutritious than the grocery giants. So many small-scale farmers doing good things are struggling, and people worried about food sovereignty + cost are struggling. . . and yet they don't seem to find each other.
With seven Likes, I have to ask them, How many of you (including PJ Alexander herself) actually do the things she suggests, and how many think, Yeah, that sounds like a good idea we should get more people to do more of that? Our famers' market is not cheaper than the grocery store less than a block away. People shop at the farmers' market because they think it is somehow "better" and they want to support local farmers -- fair enough. But the farmers say they can't undersell the grocery stores: their own transaction costs are high because they lack the economies of scale especially in transportation and in division of labour. When they personally are attending the farmers' market having driven there in their own vehicles, they can't be doing work at their farms which would occupy their time more productively. Let a truck driver pick up their produce along with the produce of 20 other farmers and drive it to the Ontario Food Terminal. Famers' markets are really a boutique hobby.
If the Apocalypse comes, there won't be any electricity for freezers anyway. The reason why the small-scale farmers and their worried would-be customers can't find each other is because there is no "market maker" who can put the buyers in contact with the sellers. Why not? Because the farmer is better off selling into the Invisible Hand supply chain, and the customer is better off buying from it. Forgoing that convenience and market efficiency just because you are worried is attractive only to the worriers. The rest of us figure that the businesses that will be harmed by cyber attacks will respond to their own incentives to harden their systems. But yes, doing something about cyber crime would be a good idea....if we can ever catch those nasty Russians working for Putin.
Even if you bake your own bread, which I have been doing for many years, you still have rely on the supply chain to get flour, yeast, oats, shortening, molasses and (sometimes depending on my mood) eggs. Remember when dry yeast disappeared from the store shelves during Covid? I don't bake enough bread to maintain a sourdough starter, though it did cross my mind and I like it. If there are small (or big) farmers that will sell *and grind* small lots of wheat and other grains for residential customers, they haven't put the word out. For a while, Bulk Barn was selling whole wheat flour but it was too low in gluten to make a dough that would hold gas bubbles to make it rise. Terrible stuff. So I went back to Robin Hood where at least the product was consistent.
"Farmers' markets are really a boutique hobby" Now there's an opinion for you. Didn't realise it was my 'hobby' that's been supporting me for 40+years but you know what they say about opinions and 2 bucks...otherwise your lengthy comments have made interesting reading.
I don't know about the others who liked it--I guess they'll let us know--but i don't suggest stuff I don't do myself. Buying a ¼ bison or beef has been cheaper for my family than the grocery store, I did the math. Buying from local farmers individually (not pretend farmer's markets) is what assures my nutrition upgrades and cost savings. Canning does not require a freezer if that is the concern, and can be a fun family or friend activity. If major cyber attacks or the zombie apocalypse comes then I don't know we have the infrastructure in place for much to save us. However: we would be more than capable of building the infrastructure, if we wanted to. I just saw a clip today about a salad greens operation in Ontario that is entirely automated, uses solar power, and replaces expensive and tasteless greens shipped from California or wherever. Cost effective, scaled solutions exist if we want them. I'm just not convinced that the political will is there to make it so.
OK, but why do you need political will (=tax money obtained by robbing Peter to pay Paul, over Peter's strenuous objections) to make any of these things happen? We've been seeing hydroponic salad greens in Ontario grocery stores. I doubt that they use much solar power in winter and so what? -- nuclear and gas power is just fine -- but yes they are an advance that rational customers should be willing to buy if they offer value for money. If demand is there, the supply will grow to meet it. Fresh salad greens in the winter? And cheaper than California or Mexico? What's not to like? No government incentives necessary, no political will needed. Surely you're not suggesting that government should subsidize the cost of these automated operations in order to undercut imported winter produce, not when it's already allegedly cheaper. But if you are, then that expenditure of tax dollars has to compete with other priorities we want government to provide, and that is a contest of political wills. If you have something in your mind that requires political will to bring about, you have to be willing to say what other government program should be cut to find the money, and make the case to those people who think their program is more important than fresh lettuce in February.
Rather than lack of political will, I think the barrier to adoption is that people need to be motivated to devote their own labour to sourcing and preparing food done this way. Canning is fine if you like it, a terrible time-wasting drudge if you would rather be doing anything else (and potentially fatal if you mess it up.) ...especially if you could be earning actual money instead of providing free labour to yourself, canning or driving around the countryside visiting farmers for bespoke agricultural products.
I increasingly wonder if all our amazing IT is ultimately worth it. Yes, it’s making tomatoes cheaper. But we’re paying for that in increased catastrophic risk.
Same thing with all online shopping and eHealth and everything else.
I kind of like that Elections Canada uses volunteer fellow citizens to look at ballots in a human way. They take it as a sacred duty to be honest and are not hackable.
I agree that our elections are unhackable and that’s a good thing. There are transparent bookkeeping safeguards built into the ballot printing and counting process that don’t even rely on the election employees being honest, which I agree all of them surely are.
Scrutineers from all the parties can watch the whole thing, not only the all-important count but the whole process beginning with sealing the demonstrably empty ballot boxes before the polls open to resolving clerical problems that voters have, such as the occasional one who is told she voted already when she insists she didn’t.
Having been a scrutineer twice I can tell you that even if an election worker wanted to be corrupt, not only could he not get away with it, but he couldn’t affect the result even if he wanted to. Of course the honesty and dedication of the election workers makes our volunteer job easier but the suspicious people are watching the process offer solid reassurance of the integrity of our manual system.
I worked for a major beer company during the covid years when BDL the joint distributor for most of the beer in western Canada was victim to a cyberattck. Absolutely flalined sales. Not critical like food but angry consumers, retailers, etc. Extremely chaotic. These attackshave been happening for years we need to take notice
The Federated Coop cyber attack impacted a lot of rural prairie grocery stores last year. Chunks of aisles were empty for quite awhile. Considering most rural food supply/grocery service is dominated by Coop is was definitely a thing. Most people were pretty affable or drove over an hour to a larger centre for more available inventory. I don’t recall any prominent or enduring headlines, likely as it wasn’t a complete failure and also it was a rural issue.
There is little doubt that the last decade of Liberal rule was marked by breathtaking political incompetence but it appeared that the basic operations of government limped along under a reasonably competent civil service despite the growth of DEI hiring. Now we are seeing failures within the civil service. Serious corruption and technical failures are now becoming more common. Ready for cyber crime? In a pig's eye.
A family member directs a municipal IT department that directly affects all municipal operations, from water purification to taxes, firefighting and snow removal to all functioning infrastructure. He explains that there is a significant disconnect between those who understand how IT systems operate and the ongoing and very real security risks they face and the politicians/bureaucrats who oversee operations and allocate funding; they speak entirely different languages. IT is not seated at the decision makers' table nor treated by public administration hierarchy as equal to any other but a minor element of every department. By practice and legislation, IT is seen as an expense and treated as such... somewhere lower on the pecking order that has to justify to each and every department head very real and much needed investment especially for security.
Digital security is not treated as vitally important by each department... unless and until it has failed. And then the money pours in! Quick! Fix the problem... one that is system wide and exposes just how wholly inadequate is the patchwork network cobbled together to stay functional in order to 'save money' using not-yet-fully-depreciated (stone age) equipment expected to function and meet the demands of a modern age 'convenience'.
A security collapse reveals the true cost of not taking cyber security seriously enough to fund it properly as its own administrative entity with independent power. But, right up until that moment of collapse, every dime allocated to IT function and security is deemed and then treated by the managerial class as an expense subject to reductions and cut backs by decision makers in the name of 'cost savings'.
The overall problem with the internet is that you have connections being made between clients and servers but no way to confirm that each is the responsible legal entity that you expect. The internet started half a century ago without security and since then it has had ad hoc security hacks and 3rd party apps to try and fill in the gaps.
I got a Gmail account a couple of decades ago and no one asked me for any kind of ID that would link to a real person. Cyber criminals can play with spam attempts that most of us find obvious but fool people occasionally because they are untraceable. What is required is a rethinking of the internet protocols to make sure there is a real legal entity on both ends.
Wow, this is absolutely terrifying. Why isnt this front page news everywhere? Goodness I hope this can slowed or stopped. I like the idea to buy/support local and perhaps to stockpile some frozen meals etc.
Maybe it’s a good idea to keep protecting the systems that sustain our last shreds of food sovereignty then? For a cyberattack at home, we at least have a chance at coordinating a cohesive resolution. Cyberattacks on foreign countries controlling our entire food supply, not so much.
Welcome to the internet economy that has no meaningfully security, no forethought of consequences of failure and no-one who cares. It's one thing to have your Amazon account hacked so you can't order a part for your vacuum cleaner but another thing entirely when your bank account is compromised or critical infrastructure like food or electricity supply is threatened. We're drowning in data yet all it serves to do is generate more complexity and longer response times without delivering any benefit. Computers were originally designed to serve humanity but we now realize that humanity is serving computers.
That can’t be true that computers offer no benefit. Somebody must be benefiting, else there wouldn’t be computers. It’s not like Government tells businesses they have to computerize for no benefits.
Years ago, our family retail business had to close for two days every year to take inventory — physical counting or weighing, depending on how it was sold, of everything in the store, from paper clips to lawn mowers and ladies’ dresses. Every single employee spent two long days not selling anything, and we had no sales at all.
And we had to keep a lot of cash tied up in extra inventory in the basement (which we had to insure against fire) because we didn’t know when our mailed-in orders would turn into deliveries.
Now with point of sale terminals we know exactly what goes out the door, how much we paid for it, and the system automatically orders more to replace it which will be delivered just before we run out. No more parked inventory.
Did we pass on the operational savings to you our customers? Not if we can help it. If a flashlight is worth $4.99 to you it’s still worth $4.99 no matter how much it costs us to put it on the shelf. But if our competitor can sell it for $4.79, we’ll have to match his price.
Of course that whole business model has pretty much gone belly-up. Look at Hudson Bay Company. Creative destruction I guess.
I'm of two minds about this: cybersecurity continues to be an issue that doesn't get sufficient attention, but government regulation is going to be of limited benefit. Regulation is going to help raise awareness of the issue (by forcing organizations to address it), but can rapidly become a hindrance when regulators try to prescribe requirements: they aren't actually the experts and are often poorly placed to understand the trade-offs between cost and risk inherent in implementing cybersecurity.
Cybersecurity isn't a new problem. There's a number of industry standards like the ISO27000 series, IEC62344, and ISO/SAE 21434 for automotive applications. There's a large industry supporting cyber solution development. The problem has been that a lot of organizations continue to be unaware of the risk or don't pay enough attention to the risk until it bites them hard. Given the potential societal and economic impacts of cyberattacks, there's a good argument for government regulation mandating organizations to do something. I think regulators need to defer to industry on exactly what they should do, and how much cybersecurity is sufficient.
An area where governments *really* should get involved is in fighting cyber crime. Law enforcement organizations need to resource investigation of these crimes; the legal system needs to develop tools and approaches to prosecute them. Again, the problem is a general lack of awareness of the problem.
Thank you for this very important article. Canada is never ready for anything. Which means Canada will not be ready for it's own demise. If you are a prog zombie, keep voting "Liberals" for more of the same kak government we have had for far too long.
For food resilience, if you can't grow some of your own, support your local small-to-medium scale farmers, eat in season, and learn how to preserve what you can. If you have a freezer and can go in on bulk orders with some friends, it is cheaper, better quality, and more nutritious than the grocery giants. So many small-scale farmers doing good things are struggling, and people worried about food sovereignty + cost are struggling. . . and yet they don't seem to find each other.
With seven Likes, I have to ask them, How many of you (including PJ Alexander herself) actually do the things she suggests, and how many think, Yeah, that sounds like a good idea we should get more people to do more of that? Our famers' market is not cheaper than the grocery store less than a block away. People shop at the farmers' market because they think it is somehow "better" and they want to support local farmers -- fair enough. But the farmers say they can't undersell the grocery stores: their own transaction costs are high because they lack the economies of scale especially in transportation and in division of labour. When they personally are attending the farmers' market having driven there in their own vehicles, they can't be doing work at their farms which would occupy their time more productively. Let a truck driver pick up their produce along with the produce of 20 other farmers and drive it to the Ontario Food Terminal. Famers' markets are really a boutique hobby.
If the Apocalypse comes, there won't be any electricity for freezers anyway. The reason why the small-scale farmers and their worried would-be customers can't find each other is because there is no "market maker" who can put the buyers in contact with the sellers. Why not? Because the farmer is better off selling into the Invisible Hand supply chain, and the customer is better off buying from it. Forgoing that convenience and market efficiency just because you are worried is attractive only to the worriers. The rest of us figure that the businesses that will be harmed by cyber attacks will respond to their own incentives to harden their systems. But yes, doing something about cyber crime would be a good idea....if we can ever catch those nasty Russians working for Putin.
Even if you bake your own bread, which I have been doing for many years, you still have rely on the supply chain to get flour, yeast, oats, shortening, molasses and (sometimes depending on my mood) eggs. Remember when dry yeast disappeared from the store shelves during Covid? I don't bake enough bread to maintain a sourdough starter, though it did cross my mind and I like it. If there are small (or big) farmers that will sell *and grind* small lots of wheat and other grains for residential customers, they haven't put the word out. For a while, Bulk Barn was selling whole wheat flour but it was too low in gluten to make a dough that would hold gas bubbles to make it rise. Terrible stuff. So I went back to Robin Hood where at least the product was consistent.
"Farmers' markets are really a boutique hobby" Now there's an opinion for you. Didn't realise it was my 'hobby' that's been supporting me for 40+years but you know what they say about opinions and 2 bucks...otherwise your lengthy comments have made interesting reading.
I don't know about the others who liked it--I guess they'll let us know--but i don't suggest stuff I don't do myself. Buying a ¼ bison or beef has been cheaper for my family than the grocery store, I did the math. Buying from local farmers individually (not pretend farmer's markets) is what assures my nutrition upgrades and cost savings. Canning does not require a freezer if that is the concern, and can be a fun family or friend activity. If major cyber attacks or the zombie apocalypse comes then I don't know we have the infrastructure in place for much to save us. However: we would be more than capable of building the infrastructure, if we wanted to. I just saw a clip today about a salad greens operation in Ontario that is entirely automated, uses solar power, and replaces expensive and tasteless greens shipped from California or wherever. Cost effective, scaled solutions exist if we want them. I'm just not convinced that the political will is there to make it so.
OK, but why do you need political will (=tax money obtained by robbing Peter to pay Paul, over Peter's strenuous objections) to make any of these things happen? We've been seeing hydroponic salad greens in Ontario grocery stores. I doubt that they use much solar power in winter and so what? -- nuclear and gas power is just fine -- but yes they are an advance that rational customers should be willing to buy if they offer value for money. If demand is there, the supply will grow to meet it. Fresh salad greens in the winter? And cheaper than California or Mexico? What's not to like? No government incentives necessary, no political will needed. Surely you're not suggesting that government should subsidize the cost of these automated operations in order to undercut imported winter produce, not when it's already allegedly cheaper. But if you are, then that expenditure of tax dollars has to compete with other priorities we want government to provide, and that is a contest of political wills. If you have something in your mind that requires political will to bring about, you have to be willing to say what other government program should be cut to find the money, and make the case to those people who think their program is more important than fresh lettuce in February.
Rather than lack of political will, I think the barrier to adoption is that people need to be motivated to devote their own labour to sourcing and preparing food done this way. Canning is fine if you like it, a terrible time-wasting drudge if you would rather be doing anything else (and potentially fatal if you mess it up.) ...especially if you could be earning actual money instead of providing free labour to yourself, canning or driving around the countryside visiting farmers for bespoke agricultural products.
I increasingly wonder if all our amazing IT is ultimately worth it. Yes, it’s making tomatoes cheaper. But we’re paying for that in increased catastrophic risk.
Same thing with all online shopping and eHealth and everything else.
I kind of like that Elections Canada uses volunteer fellow citizens to look at ballots in a human way. They take it as a sacred duty to be honest and are not hackable.
I agree that our elections are unhackable and that’s a good thing. There are transparent bookkeeping safeguards built into the ballot printing and counting process that don’t even rely on the election employees being honest, which I agree all of them surely are.
Scrutineers from all the parties can watch the whole thing, not only the all-important count but the whole process beginning with sealing the demonstrably empty ballot boxes before the polls open to resolving clerical problems that voters have, such as the occasional one who is told she voted already when she insists she didn’t.
Having been a scrutineer twice I can tell you that even if an election worker wanted to be corrupt, not only could he not get away with it, but he couldn’t affect the result even if he wanted to. Of course the honesty and dedication of the election workers makes our volunteer job easier but the suspicious people are watching the process offer solid reassurance of the integrity of our manual system.
I worked for a major beer company during the covid years when BDL the joint distributor for most of the beer in western Canada was victim to a cyberattck. Absolutely flalined sales. Not critical like food but angry consumers, retailers, etc. Extremely chaotic. These attackshave been happening for years we need to take notice
The Federated Coop cyber attack impacted a lot of rural prairie grocery stores last year. Chunks of aisles were empty for quite awhile. Considering most rural food supply/grocery service is dominated by Coop is was definitely a thing. Most people were pretty affable or drove over an hour to a larger centre for more available inventory. I don’t recall any prominent or enduring headlines, likely as it wasn’t a complete failure and also it was a rural issue.
There is little doubt that the last decade of Liberal rule was marked by breathtaking political incompetence but it appeared that the basic operations of government limped along under a reasonably competent civil service despite the growth of DEI hiring. Now we are seeing failures within the civil service. Serious corruption and technical failures are now becoming more common. Ready for cyber crime? In a pig's eye.
A family member directs a municipal IT department that directly affects all municipal operations, from water purification to taxes, firefighting and snow removal to all functioning infrastructure. He explains that there is a significant disconnect between those who understand how IT systems operate and the ongoing and very real security risks they face and the politicians/bureaucrats who oversee operations and allocate funding; they speak entirely different languages. IT is not seated at the decision makers' table nor treated by public administration hierarchy as equal to any other but a minor element of every department. By practice and legislation, IT is seen as an expense and treated as such... somewhere lower on the pecking order that has to justify to each and every department head very real and much needed investment especially for security.
Digital security is not treated as vitally important by each department... unless and until it has failed. And then the money pours in! Quick! Fix the problem... one that is system wide and exposes just how wholly inadequate is the patchwork network cobbled together to stay functional in order to 'save money' using not-yet-fully-depreciated (stone age) equipment expected to function and meet the demands of a modern age 'convenience'.
A security collapse reveals the true cost of not taking cyber security seriously enough to fund it properly as its own administrative entity with independent power. But, right up until that moment of collapse, every dime allocated to IT function and security is deemed and then treated by the managerial class as an expense subject to reductions and cut backs by decision makers in the name of 'cost savings'.
You see the problem.
The overall problem with the internet is that you have connections being made between clients and servers but no way to confirm that each is the responsible legal entity that you expect. The internet started half a century ago without security and since then it has had ad hoc security hacks and 3rd party apps to try and fill in the gaps.
I got a Gmail account a couple of decades ago and no one asked me for any kind of ID that would link to a real person. Cyber criminals can play with spam attempts that most of us find obvious but fool people occasionally because they are untraceable. What is required is a rethinking of the internet protocols to make sure there is a real legal entity on both ends.
Wow, this is absolutely terrifying. Why isnt this front page news everywhere? Goodness I hope this can slowed or stopped. I like the idea to buy/support local and perhaps to stockpile some frozen meals etc.
Excellent article....and te governance of ths country is stright up embarrassing.
The federal government is to blame for screwing around for years and not banning china from our infrastructure.
Maybe it’s a good idea to keep protecting the systems that sustain our last shreds of food sovereignty then? For a cyberattack at home, we at least have a chance at coordinating a cohesive resolution. Cyberattacks on foreign countries controlling our entire food supply, not so much.