Last week I testified in front of the Canadian House of Commons Committee on Public Safety and National Security about cybersecurity risk and national security planning. I was invited to testify by The Honorable Pierre Paul-Hus, Member of Parliament representing the riding of Charlesbourg—Haute-Saint-Charles in Quebec and Vice-Chairman of the Committee. My written submission to the committee, "Defend Forward and Assume Breach: Preparing Canada for a Cyberresilient Future," is available here.
Below are four questions from members of parliament that kept me on my toes, along with video of my responses.
1. What should countries do about data manipulation, particularly for the internet of things?
You may be concerned about disruption, manipulation, or theft, but to overly focus on the end result is to take your eye off the most important thing you should do to protect yourself: companies should focus on controlling as much of their own terrain as they can. That begins with the data center – for all types of intrusions. "If an intruder can break into a data center, everything is on the table."