Parliamentary Committee Notes: National Cyber Security Strategy

Bill C-26: An Act Respecting Cybersecurity (Parliamentary Committee Binder)

Date: August 2, 2023
Classification: Unclassified
Fully releasable (ATIP)? Yes
Branch / Agency: NCSB/PS

National Cyber Security Strategy

Issue: The new National Cyber Security Strategy will articulate Canada's long-term plan to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace.

Proposed Response:

National Cyber Security Strategy Background:

National Cyber Security Strategy

Canada's National Cyber Security Strategy (NCSS), published in 2018, has three primary goals – secure and resilient Canadian systems; an innovative and adaptive cyber ecosystem; and effective leadership, governance, and collaboration. The subsequent National Cyber Security Action Plan (2019-2024) lays out the specific roadmap that will allow for the realization of the NCSS' goals. The $507.7M investment in the Strategy represented an early investment and an incremental first step toward improved cyber security for Canadians.

Mid-Term Review of the National Cyber Security Strategy

When the Strategy was released in 2018, Signatory Ministers committed to a Mid-Term Review (the Review) to ensure the Strategy remained responsive to a rapidly evolving and complex cyber security landscape. The Review was envisioned as an opportunity to evaluate early returns on investment and explore what further investments would be required to continue to protect Canada and Canadians against cybercrime, the disruption of critical infrastructure, and other cyber threats to national security. In 2021, Public Safety (PS) initiated the Review with support from 12 federal partners. The Review found that while the Strategy is performing well and its goals remain appropriate, a much-changed global context and growing threat landscape now require a stronger federal response to protect Canada's national security.

Mandated New National Cyber Security Strategy

In the December 2021 mandate letter, the Minister of Public Safety was asked, alongside the Ministers of National Defence, Foreign Affairs, Innovation, Science and Industry, and other implicated Ministers, to develop and implement a new NCSS which will articulate Canada's long-term strategy to protect our national security and economy, deter cyber threat actors, and promote norms-based international behaviour in cyberspace.

Public Consultation

As part of developing the new National Cyber Security Strategy, Public Safety Canada administered an online public consultation process that sought the views from Canadians on the Government of Canada's approach to cyber security. The public consultation ran for eight weeks from July 5, 2022, to August 19, 2022. In total, Public Safety received 135 survey responses and 27 email submissions, which tangentially represents over 300,000 businesses from across Canada.

Public Safety also conducted engagements with industry and provinces and territories to hear about the issues and opportunities that they are seeing. The new Strategy will be informed by this consultation and engagement.

Alignment with U.S. National Cybersecurity Strategy

The U.S. released its National Cybersecurity Strategy in March 2023. The U.S. strategy identifies and proposes solutions to many of the same cyber security gaps identified in Canada, including those related to the defence of critical infrastructure, building strong partnerships with the private sector, building national resilience, and leveraging international fora. The U.S. strategy also seeks to establish a secure-by-design culture in technology development and encourages long-term, cyber security-focused decision-making among organizations.The renewal of national strategies presents an opportunity to explore areas of collaboration between Canada and the U.S. as both countries establish and implement their new approach to cyber security.

Date modified: