Parliamentary Committee Notes: Cyber Security

Date : May 11, 2022
Classification: UNCLASSIFIED
Fully releasable (ATIP)? Yes
Branch/Agency: NCSB

Proposed Response:

If asked about cyber security in the context of the Russian invasion:

Financial Implications:

Background:

Malicious cyber activity directed at the digital systems that underpin essential services and critical infrastructure are a constant concern for businesses, individuals, and all levels of governments in Canada.

Threat Environment

Cyber security is one of our most serious economic and national security challenges. Today, Canada and Canadians are facing a rise in the number and sophistication of threats to national and personal security. Hostile state actors and cyber criminals are targeting our critical infrastructure, government institutions, sensitive scientific information and intellectual property, as well as individual Canadians’ privacy and finances. As the borderless risks that Canada faces in cyberspace continue to grow in size and complexity, Canada is no longer protected by its geography. State and non-state actors continue to challenge Canadian values and interests in non-traditional domains where they operate with near ‘immunity.’ These threats are increasingly significant as they seek to exploit ongoing efforts towards the digitalization of Canada’s economy.

Government of Canada Response

The Government of Canada (GC) is responsible for enforcement against cyber threats, responding to evolving national security threats, and defending critical GC systems. Federal government interventions to protect cyber systems take many forms, including helping to inform potential victims of malicious cyber activity and helping computer security professionals adopt best practices to prevent and react to incidents in order to minimize the impact on essential operations. The federal government also continues to work with provincial and territorial governments, associations, academia and industry, under the auspice of the National Cyber Security Strategy (the Strategy), to advance cyber security policy that can be adapted to these issues.

The Strategy, published in 2018, has three primary goals – secure and resilient Canadian systems; an innovative and adaptive cyber ecosystem; and effective leadership, governance, and collaboration. The subsequent National Cyber Security Action Plan (2019-2024) lays out the specific roadmap that will allow for the realization of the Strategy’s goals.

In the December 2021 mandate letter, the Minister of Public Safety was asked, alongside the Ministers of National Defence, Foreign Affairs, Innovation, Science and Industry, and other implicated Ministers, to develop and implement a renewed Cyber Strategy which will articulate Canada’s long-term strategy to protect our national security and economy, deter cyber threat actors, and promote norms-based international behaviour in cyberspace.

Budget 2022 included significant investments in cyber security—a total of $892.9M in direct funding for initiatives to enhance Canada’s cyber security through operations; improve prevention and response on critical infrastructure; protect small departments, agencies and Crown corporations; increase resilience; and support research in important technologies like quantum computing and artificial intelligence.

As part of the National Cyber Security Action Plan, Public Safety Canada is leading on several items that will enable critical infrastructure owners and operators to better secure their systems and information. Public Safety works to enhance the cyber security of Industrial Control Systems by raising awareness of risks to these systems and enhancing the capabilities of their operators through symposiums and technical workshops.

In addition, Public Safety has worked closely with the Cyber Centre to develop the Canadian Cyber Security Tool which provides Canadian critical infrastructure organizations with an easy-to-use, online self-assessment tool to strengthen their cyber security posture. Furthermore, Public Safety also offers Canadian critical infrastructure organizations more in-depth, facilitated assessments and analysis of their cyber security programs and practices through the Canadian Cyber Resilience Review and the Network Security Resilience Analysis.

Public Safety’s Regional Resilience Assessment Program’s Cyber Assessments Team has various assessment tools to provide expert advice and guidance to critical infrastructure owners and operators on how to improve their cyber security and cyber resilience posture. This work has been performed in close collaboration with the Cyber Centre, which uses the reports to better understand sectorial gaps and optimally target programs and resources to mitigate cyber risks.

From a national security perspective, CSIS is mandated to investigate cyber-enabled espionage, sabotage, foreign interference and terrorism to determine the motivations and capabilities of threat actors. This intelligence is then disseminated to inform GC partners on cyber attributions, policies, investments and governance.

Financial Implications

NIL

Contacts:

Responsible Manager: Gregory Bunghardt, NCSB/NCSD, 613-990-9608

Approved by: Dominic Rochon, Senior Assistant Deputy Minister, NCSB, 613-990-4976

Date modified: