The University of Waterloo’s Cybersecurity and Privacy Institute (CPI) co-hosted an impactful event in Toronto that brought together government stakeholders, academic researchers and industry members from both the private and public sectors to explore how Canada can be a leader in AI innovation while respecting the important foundation of individual privacy.

In partnership with the C.D. Howe Institute, Canada’s top think tank, the cybersecurity policy conference was held on September 26 at their headquarters in Toronto — a first for CPI and the University at large in many aspects.

“The objective of this conference was to create more awareness of the work of some of our leading researchers and bring together other experts in the field of cybersecurity to discuss how we can best prepare for cyber-attacks. Besides this focus, the conference examined how rapid advancements in AI impact individual privacy,” said Dr. Anindya Sen, professor and acting executive director of CPI.

The idea for this collaboration stemmed from a mutual desire of both organizations to meaningfully contribute to the public knowledge space in cybersecurity and public policy. “The need for such alliances is becoming more evident on a daily basis as we see so many public and private sector institutions become victims to attacks from bad and malicious actors,” Sen said.

“The balance between security, privacy and innovation in developing new technologies is crucial,” said Daniel Schwanen, senior vice-president at the C.D. Howe Institute. “The research institute was very pleased to host this essential conversation, in partnership with CPI, as part of its Competition, Innovation and Growth initiative,” Schwanen added.

The conference fostered open discussions on crafting policies that promote the responsible development and adoption of digital technologies, with a focus on ensuring their safety for Canadians and their positive impact on the Canadian economy.

Sponsored by Mastercard, the day consisted of speakers and four engaging panel discussions featuring top experts in the field including:

  • Shaifa Kanji, Innovation, Science, and Economic Development Canada
  • Christopher Parsons, Information and Privacy Commissioner of Ontario
  • Daniela Spagnolo, Government Information Technology Ontario
  • and Charles Eagan, AIoT Canada.

As well as Waterloo faculty members:

Discussion topics  ranged from synthetic health data, building public trust, the importance of data sharing and data governance, preparing for future cyberattacks on public assets and positive usage of AI technologies in society.

According to BNN Bloomberg, a recent Canadian Internet Registration Authority (CIRA) survey found that over the last 12 months, 44 per cent of organizations experienced a cyber-attack — a statistic that demonstrates the growing need to unite leading policy, industry and academic experts in the type of forum created at this event.

Addressing the intersection of cybersecurity and public policy is key to developing insights into the strategies essential to secure Canada’s digital future.

Dr. Sebastian Fischmeister, professor in the Department of Electrical and Computer Engineering and cross-appointed to the David R. Cheriton School of Computer Science, highlighted two areas of particular importance where strong tactics should be developed and implemented: Tech R&D, and people and talent.

Fischmeister expressed that it should be a requirement for all business Request for Proposals (RFPs) – whether from the public or private sectors — to have quantitative cybersecurity requirements to eliminate threats to critical systems through the supply chain.

“To improve your security posture on supply chain cyber threats, there are a few key steps to consider. First, recognize that there are limits to a trust-based supply chain approach — filling out a questionnaire does not guarantee that the product, the network switch or the pager you receive is secure,” Fischmeister said. “Second, demand quantitative evidence. Perform hardware assessments and ensure written testimony from your supplier that the system you receive is unmodified. When purchasing hardware in bulk, make sure all items are identical.”

“Lastly, lead by example—be open to innovation as an early adopter and share your experiences with others," Fischmeister concluded.

An event of this nature is the first step of many future collaborations between different levels of government, academia and the private sector to learn from one another and properly identify key cyber threats.

“Cyber collaboration is a muscle and needs to be exercised,” said Jennifer Quaid, executive director of Canadian Cyber Threat Exchange. “Cybersecurity is not a competitive advantage in any industry. We need to work together to build resilience in each other. That's how we will prevent a cyberattack.”