Tracking the “digital exhaust” that threatens Canada’s national security

    Tracking the “digital exhaust” that threatens Canada’s national security

    Dr. Nur Zincir-Heywood, Dalhousie University

    Categories
    Industries,
    Provinces
    From Dal News and the Springboard Content Lab

    Dalhousie researchers are helping defence and government leaders understand how everyday digital activity creates cyber risk, and how to mitigate it before it becomes an operational vulnerability.

    The research is a partnership with Calian, a Canadian company that provide mission-critical solutions for defence, space, healthcare and other critical infrastructure.

    Digital activity at home and work produce a fingerprint that cybersecurity experts call “digital exhaust.” These are streams of data that can reveal patters of behaviours, points of access and relationships between people and organizations.

    This information can be pick up by those who know how to collect, track and interpret the signals.

    Kevin de Snayer, VP Calian

    Kevin De Snayer, Calian vice president of IT and cyber solutions for defence and space, says that much of that exhaust is generated in moments we would not normally associate with risk – before we even log on for the day. This data could be coming from an internet connected coffee pot, an Alexa speaker or text from a phone.

    Each action emits a signal that can be interesting on its own or cumulatively revealing once combined, cross-referenced, and analyzed alongside the surge of surrounding digital traffic.

    Every day digital activity leaves exhaust

    When the digital trail belongs to an individual employed by the military or a national defence organization, the risk becomes a matter of national security. Even junior personnel – an administrative assistant, a private, a contractor – contribute fragments to a larger data portrait that can hold real strategic value to an adversary.

    What troubles de Snayer most is not simply that this data exists, but that the ways it is emitted, tracked, gathered, synthesized, and ultimately exploited remain only partially understood. He spends much of his time in boardrooms briefing senior leaders on the risks, but says the single most effective way to focus attention is proof – clear evidence that these exposures are not hypothetical, but already in play.

    Dalhousie research identifying digital evidence

    The need for proof is what led de Snayer to Dalhousie University.

    For more than two decades, Dalhousie computer scientist Dr. Nur Zincir-Heywood has worked at the frontlines of cyber resilience, studying how networks fail, how attackers operate, and how systems can be designed to continue functioning even when under attack.

    Her research has long focused on what happens in the background of digital systems – the data that flow quietly, often unnoticed, as networks go about their ordinary business. That silence is where digital exhaust becomes critical.

    Attackers who avoid crashing systems or triggering alarms do not disappear; they blend in. Their footprints are embedded in the same streams of data used for personalization, optimization, and convenience.

    “Attackers in the cyber world are not stupid. They know how they will be identified or noticed, so they try to be as silent as possible, as passive as possible, until the issue really happens.”

    Dr. Nur Zincir-Heywood

    Dalhousie computer scientist Dr. Nur Zincir-Heywood in her lab with a PhD student. (Danny Abriel photos)

    The partnership between Dalhousie and Calian, supported through a combination of Industrial and Technological Benefits commitments, federal NSERC research funding, and Mitacs grants set out to make that invisible activity visible. Rather than chasing dramatic breaches after the fact, the work focuses on understanding what data our connected environments produce, where it goes, and who might be lurking between the ones and zeros.

    Data being intercepted by North Korea, China and Russia

    As Dal and Calian’s research partnership has progressed, it has surfaced surprising patterns that even the seasoned experts did not expect. Data that was intended to go to manufacturers was being siphoned off to destinations in North Korea, Belarus, China, and Russia.

    The research unfolds methodically. First comes identification, mapping the devices operating inside a network, from phones and wearables to appliances and building systems. Then comes interpretation, distinguishing between normal operational traffic, data collected for convenience or personalization, and signals that suggest passive surveillance or compromise.

    De Snayer describes a case where data flowing from a household appeared to terminate not at a commercial server or cloud provider, but at an IP address registered to a school board in Scandinavia. He says it was a moment that underscored both the complexity and the opacity of modern digital systems.

    Research is dual-use

    Dr. Zincir-Heywood says the work is deliberately dual-use. The same techniques that help consumers understand how their data is being used can be applied, with greater urgency, to defence and government contexts. In those settings, every device can become a vulnerability – not by design, but by circumstance. How and when are personnel using connected consumer devices, and what information is being transmitting and to whom?

    For de Snayer, this is where the research becomes operational. “Through all that research, we are now able to put a report in front of somebody and say, ‘By the way, here we are in a meeting, and everybody’s got their phones turned on and nobody’s got an air gap, and here’s the bad part of that.’”

    The desired result is not panic, but clarity.

    Rather than urging organizations to disconnect – a practical impossibility – de Snayer says the work helps leaders understand degrees of risk and to make informed decisions about acceptable exposure. “This isn’t about shutting everything off,” he says. “It’s about understanding how difficult an attack is, what information it could yield, and what mitigations actually make a difference.”

    This clarity is shaping how Calian supports government and defence clients, from tabletop exercises that allow clients to model vulnerabilities to advisory work in sensitive operational environments, including naval vessels and critical infrastructure. The research provides a new perspective – one that helps decision-makers gain an expanded understanding of how digital systems behave as integrated, living networks where consumer products need to be considered.

    For Dr. Zincir-Heywood, the broader significance lies in resilience.

    Dalhousie University is a member of the Springboard Network of 19 post-secondary institutions in Atlantic Canada. Our mission is to grow the economy through research, commercialization and industry collaborations.

    “There is nothing we can make one hundred per cent secure. As soon as you are connected to the internet, assume you are open to attack. The question is can you detect it, can you contain it, and can you keep operating.”