Public Safety Committee on April 29th, 2024

That is a very hard question to answer. I don't have that number about the actual numbers that can go into the vehicle to make it secure, so unfortunately I can't answer that question.

In the big picture, yes, there are certainly things that the car manufacturers can do. Some are taking this more seriously than others.

Since 2016 and before, some of the car companies and OEMs actually started looking into the issues of cybersecurity. However, the technology is advancing much faster than we can find the loopholes in the security and fix it. A lot of times when the car is on the market, the security loopholes are just identified. We are playing a game of cat and mouse a bit with this feature, and that could be one of the reasons why the carmakers are falling behind. The process of adjusting their technology might take them some time to get into the market. That could be one of the reasons.

Yes. Currently, it's focused on weapons-based crime—so, things that are associated with terrorism—because the transport security card came in from the IMO's ruling, which was based around the prevention of terrorism. Their focus at that time was really around weapons or violence-related crimes.

Only now the IMO is saying that there's too much evidence that says that organized crime is related to terrorism and that this should be extended, but—

I could have a look into it, but in my own interactions, we very seldom talk about cargo going out of the port. Most of the focus is on cargo coming into the port. Even then, it's kept very close to the chest. There was a recent announcement about a drug bust in Halifax. As the port authority, we weren't aware of that occurring until after the event.

So, they keep that sort of information very close. That's something that I'm not used to from my previous jurisdiction where we had a trusted information network, and multiple agencies would come together and share information around multiple things, including terrorist information and other organized crime information.

Yes.

Just remember that hardware is also easy to capture, so with those mechanical car keys, you also have the ability to reproduce and remanufacture them. If you're thinking about organized crime, they certainly have access to generating those car keys mechanically and distributing them through their system.

As to whether industry is planning to bring that in, I am not aware of such motivation.

I'm not aware of anything in that regard.

I'm not sure if they are going to bring those cases. If there is any intention of that, I'm not aware of it. However, at this stage of information availability, I'd say that even those mechanical car keys can be manufactured rather easily.

Some packing houses are customs warehousing, so they've gone through a customs system to have customs brokerage. There would be some that are more reliable than others. I would think you would approach it in the same way you risk assess import cargoes: look at where they're coming from, who has packed it and what the shipping line is. You would take a similar approach, such as whether they put good electronic seals on—that sort of thing. If they're a reliable, trusted customs broker, it would be less likely you're going to have a problem there. If it's something packed by an individual or by a warehouse you're unaware of, that would be a higher risk profile.

Again, the port doesn't have that information. The CBSA would have that information going through. We don't get told the origin of that cargo. We aren't given that information.

Yes, that sharing of information would help the risk assessment process. It all helps. The more information we get, the more the terminal can make assessments. If the CBSA were advising us that these are higher risk and they want them scanned, it would be a process that would help.