Archived — Professional Engineers Ontario Response to Digital Economy Strategy Consultation: Communications Infrastructure Engineering

Archived Information

Archived information is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Some of the information on this Web page has been provided by external sources. The Government of Canada is not responsible for the accuracy, reliability or currency of the information supplied by external sources. Users wishing to rely upon this information should consult directly with the source of the information. Content provided by external sources is not subject to official languages, privacy and accessibility requirements.

Submitted by Professional Engineers Ontario — Communications Infrastructure Engineering Task Group 2010-07-13 20:29:22 EDT
Theme(s): Digital Infrastructure

Summary

Professional Engineers Ontario (PEO) is the self-governing professional body that licenses Ontario's 73,000 professional engineers and regulates the practice of engineering in Ontario, in the public interest. Under the Professional Engineers Act, its statutory mandate is to serve and protect the public interest where engineering is concerned. PEO is one of the twelve constituent associations that make up Engineers Canada.

This submission has been prepared by volunteer members of the Communications Infrastructure Engineering (CIE) subgroup of PEO's Emerging Disciplines Task Force. It seeks to inform Canada's digital strategy in terms of:

  1. regulation of digital infrastructure, and
  2. skills required to safeguard digital infrastructure.

There is a clear need to extend broadband digital infrastructure to all Canadian households and businesses so that they can participate effectively and productively in the digital economy. However, there is also a clear need to regulate more effectively the design and operation of digital infrastructure in order to protect the public and the economy from harm arising from both inadvertent failures and deliberate attacks.

Our submission makes the following main points with respect to digital infrastructure:

  1. Canadians are utterly dependent on our digital infrastructure. Our ability to communicate with each other, receive necessary information, conduct business, and receive essential services all depends on the availability, reliability, and security of our digital infrastructure.
  2. Digital infrastructure underpins all other critical infrastructures such as energy, finance, health care, transportation, food, and water. Failures or compromises of digital infrastructure can effectively disable the other critical infrastructures.
  3. There are huge risks to society associated with our dependence on digital infrastructure. Digital infrastructure is subject to failure or compromise from a variety of threats including hardware and software errors, natural disasters, human error / oversight, and deliberate attacks by criminals and cyber-terrorists. As a society we are much more vulnerable to such failure than we were before the advent of the Internet.
  4. Canada needs federal policy and legislation to ensure that competent professionals take responsibility for the design and operation of its digital infrastructure. Licensed communications infrastructure engineers will have the knowledge and skill necessary to perform these important tasks in the public interest.

Canada's engineering profession is being proactive in ensuring that professional engineers working in the field of digital infrastructure have the skills necessary to make Canada a world leader in digital infrastructure — not just in terms of access, but in terms of reliability, availability, security, and privacy. We would welcome the opportunity to work with the Government of Canada to develop demand side legislation to ensure that all persons involved in the design and operation of critical digital infrastructure are appropriately qualified, and that this important field of engineering is appropriately regulated.


Submission

Who Are We?

Professional Engineers Ontario (PEO) is the self-governing professional body that licenses Ontario's 73,000 professional engineers and regulates the practice of engineering in Ontario, in the public interest. Under the Professional Engineers Act, its statutory mandate is to serve and protect the public interest where engineering is concerned. PEO is one of the twelve constituent associations that make up Engineers Canada.

An important part of PEO's mandate is the establishment and maintenance of standards of knowledge and skill for competent practice in the various engineering disciplines and sub-disciplines. Its Emerging Disciplines Task Force examines new and emerging fields of engineering with a view to recommending the steps that governments and the profession should take to ensure that practice in these fields is regulated effectively in the public interest.

This submission has been prepared by the Communications Infrastructure Engineering (CIE) subgroup of that Task Force. Its volunteer members are:

  • Colin Cantlie, P.Eng., Ottawa
  • Corneliu Chisu, P.Eng. — Genivar Inc., Toronto
  • Major John Clark, P.Eng. — Royal Military College, Kingston
  • George Comrie, P.Eng., CMC, Toronto
  • Peter DeVita, P.Eng., — DeVita Associates, Richmond Hill
  • Jim Finch, CMC, FCIPS, I.S.P., ITCP — Independent Consultant, Toronto
  • Roger Jones, P.Eng. — Toronto
  • Tyson Macaulay — Bell Canada, Ottawa
  • Changiz Sadr, P.Eng., CTP, CTME — ICT Consultant, Toronto

We are keenly interested in collaborating with the Federal Government to properly regulate this new critical field of engineering practice.

What Is Communications Infrastructure Engineering?

Communications Infrastructure Engineering is concerned with the design and operation of the electronic networks that support messaging and communication of data of all types. Since most of today's communications infrastructure is digital (as opposed to analogue), we will refer to it as digital infrastructure throughout this submission.

Communications Infrastructure Engineering deals with data in transit, as opposed to in repository. It is focused primarily on the reliability, availability, security, and privacy of networks, rather than on their physical aspects (such as cabling, microwave and cell towers, transmission and receiving devices, etc.) which are within the purview of other established engineering disciplines.

Canadians Are Utterly Dependent On Our Digital Infrastructure

According to a 2002 Canadian Case Study1, Canadians are, on a personal level, heavily dependent on digital infrastructure:

  • Telephone service extends to virtually every home in the country;
  • 72 per cent of homes are wired for cable TV;
  • Computers are installed in 54 per cent of homes;
  • Modems are installed in 47 per cent of homes;
  • 42 per cent of homes have Internet access.

Canadians are frequent users of telephone touch-tone services for banking, bill payment and information services. They are also heavy users of credit and debit cards, for which virtually all merchants have on-line verification facilities.

With the proliferation of wireless personal communications devices such as the BlackBerryTM and i-PhoneTM, and the rapid evolution of new services available through them, Canadians are becoming increasingly dependent on digital infrastructure to carry on their day-to-day lives and conduct their business. This dependence will increase over time.

But personal communications is only the tip of the dependence iceberg — other critical infrastructures that we take for granted are themselves dependent upon digital infrastructure.

Digital Infrastructure Underpins All Other Critical Infrastructures

The following are designated by Public Safety Canada as critical infrastructure (CI) sectors2:

  • Energy and Utilities (electric power, natural gas, oil production, and transmission systems)
  • Communications and Information Technology (telecommunications, broadcasting systems, software, hardware, and networks, including the Internet)
  • Finance (banking, investment, securities, payment processing)
  • Health care (hospitals and other health care facilities, blood supply, laboratories, pharmaceuticals)
  • Food (production, processing, distribution and safety)
  • Water (drinking water and wastewater treatment / management)
  • Transport (aviation, rail, marine, road, mass transit)
  • Safety (law enforcement, fire, search and rescue, emergency services)
  • Government (social services, regulation)
  • Manufacturing (defence, industrial base, chemical industry)

An analysis of economic activity3 shows that the other nine CI sectors spend much more on communications than the Communications sector spends on them.

It is easy to see the dependence of sectors like Finance (where virtually all transactions are automated) and Public Safety (with 911 service ubiquitous in populated areas) on digital infrastructure. But most Canadians would not realize that water and sewage pumping stations are monitored and controlled remotely using wireless communication links, as are railway and subway trains, and even our electric power grid. These essential services can be compromised by unavailability of the digital infrastructure on which they depend.

Modern manufacturing is dependent upon automated supply chain and production control applications, which in turn rely on digital infrastructure. A failure of that digital infrastructure can shut down a production line, with attendant losses in the millions of dollars per day. It can also adversely affect worker safety.

There Are Huge Risks To Society Associated With Our Dependence On Digital Infrastructure

The major risks to any critical infrastructure are:

  • Unavailability (no food, water, police / fire / ambulance service, medicine, access to information, financial services, transportation, etc.)
  • Compromise (contaminated food or water, monetary fraud or theft, identity theft, trains / planes / vessels colliding or crashing, etc.)

In the case of digital infrastructure, an additional concern is for potential loss of privacy.

Threats to digital infrastructure can be either unintentional (hardware and/or software failures, lack of redundancy or fault tolerance, consequences of other exogenous events such as fires, floods, earthquakes, power blackouts, wars, etc.) or intentional (hacking, phishing, denial of service attacks, identity theft, fraud, espionage, etc. directed towards the network itself.)

While our digital infrastructure is far from immune to unintentional threats, concern is growing for the threats of deliberate criminal activity perpetrated for financial gain.

Modern malware (malicious software) is distinguished from the previous generation of malware by its specificity of purpose, stealthy approach and cunning. As late as 2005, a significant amount of malware was still being developed and propagated for what amounted to mischief: causing damage and disruption for its own sake. The authors of that generation of malware were often motivated by the achievement of status among their peer groups, but little obvious gain was obtained. In the last 5 years things have changed substantially. A new form of malware has taken over from the old, where profit, professionalism and cut-throat competition dominate. There is little room for amateurs.4

Even worse is the threat of cyber-terrorism. Evidence exists of plans and attempts to disrupt critical infrastructure such as electric power grids. While the probability of a successful attack of this sort may be low, its affects on the well-being of Canadians and the Canadian economy could be devastating.

All of this points to the need to have critical digital infrastructure designed and managed by people with the necessary knowledge, skills, and awareness to protect and mitigate against such threats.

Canada Needs Federal Policy and Legislation To Ensure That Competent Professionals Take Responsibility For The Design And Operation Of Its Digital Infrastructure

We need Federal policy and legislation to ensure that competent professionals take responsibility for the design and operation of our digital infrastructure to ensure its availability, reliability, security, and privacy.

At the present time, the field of digital infrastructure is largely unregulated from the point of view of public safety. Some vendor-specific certifications exist, but there are no constraints on who can design, operate, or troubleshoot networks. Protection of networks against errors, security breaches, and malicious attacks is left to corporate policy. In contrast, we do not permit unlicensed / unqualified persons to deliver health care or emergency services, yet many more Canadians could suffer much more in terms of health and safety from a digital infrastructure failure that impacted the health care or EMS system.

Coincidentally, the U.S. Senate is currently reviewing the Cybersecurity Act (S.773). This bill seeks to improve national cyber security preparedness by fostering a closer collaboration between the government and private sector companies, which own a vast portion of the country's critical infrastructure. The bill would require the President to work with owners of critical infrastructure systems to identify and properly classify IT systems whose disruption would threaten strategic national interests. It would also require federal agencies that are involved in cyber security to share information with private sector operators of critical infrastructure networks.

The bill contains several provisions designed to encourage the growth of a trained and certified cyber security workforce, promote public awareness of cyber security issues, and foster and fund research leading to the development of new security technologies. If passed, the bill would require agency heads to provide information on their cyber security workforce plans including recruitment, hiring and training details.5 In particular, section 7 of the Act provides for the mandatory licensing, certification, and recertification of cybersecurity professionals.

PEO's Communications Infrastructure Engineering Task Group is in the process of identifying the core body of knowledge and skill required for competent practice in the field of digital infrastructure, so that professional engineers can be licensed accordingly. Through Engineers Canada and the Canadian Engineering Accreditation Board, Canada's engineering profession is being proactive in ensuring that professional engineers working in the field of digital infrastructure have the skills necessary to make Canada a world leader in digital infrastructure — not just in terms of access, but in terms of reliability, availability, security, and privacy. We would welcome the opportunity to work with the Government of Canada to develop demand side legislation to ensure that all persons involved in the design and operation of critical digital infrastructure are appropriately qualified, and that this important field of engineering is appropriately regulated.


1 Creating Trust In Critical Network Infrastructures: Canadian Case Study, ITU Workshop, Seoul, Korea 2002, page 10.

2 Public Safety Canada Website
See also: Defence Research and Development Canada Website

3 Macaulay, Tyson — Critical Infrastructure: Threats, Operational Risks, and Interdependencies. CRC Press, 2008.

4 Macaulay, Tyson — Hardening Against Modern Malware; Upstream Intelligence and Proactive Security — Presentation to CENS GFF Workshop, Singapore, July 11-13 2010.

5 Computerworld, March 24, 2010.

Notice

The public consultation period ended on July 13, 2010, at which time this website was closed to additional comments and submissions.

Between May 10 and July 13, more than 2010 Canadian individuals and organizations registered to share their ideas and submissions. You can read their contributions—and the comments from other users—in the Submissions Area and the Idea Forum.

Share this page

To share this page, select the social network of your choice:

No endorsement of any products or services is expressed or implied.