Summary of the Mid-Term Evaluation of the National Cyber Security Strategy – Public Safety Canada’s Initiatives

About the Program

As digital technologies become a greater part of Canadian business, public services, and individual lives, so do the associated risks and threats.

The National Cyber Security Strategy (NCSS) was launched in 2018. Public Safety (PS) is responsible for three initiatives under the NCSS, which result in outputs such as research and recommendations, training and exercises for members of critical infrastructure (CI) sectors, and funding for projects contributing to the federal government’s leadership role in advancing cyber security in Canada.

The total allocated funding for the three PS initiatives from 2019-20 to 2023-24 is $33.2 million, which includes $24.6 million from the NCSS.

What We Examined

The purpose of the evaluation was to examine the progress made by PS’s NCSS initiatives in achieving their outcomes to improve cyber security in Canada. The evaluation covered the activities from fiscal year 2018-19 to mid-2021-22.

Evaluation Findings

• There is a continued need for the PS NCSS initiatives due to ongoing and emerging cyber security threats such as ransomware, attacks on CI and cyber-attacks. The design of the initiatives allows for flexibility to respond to malicious actors and constantly evolving threats.
• The Strategic Policy Capacity initiative has been successful in increasing inter-departmental coordination and the awareness of cyber security issues. However, there have been challenges advancing the policy agenda which is a concern given the growing number of cyber security issues and complexity of the cyber landscape.
• Since the launch of the NCSS, PS has reached all 10 CI sectors through its programs and activities. Participation in some activities increased after the transition to online delivery. There is no consistent collection of information related to mitigation actions as a result of these activities.
• Stakeholders are aware of the Cyber Security Cooperation Program (CSCP) and projects are currently underway. While it was originally intended that project results and findings would be used to inform the broader policy agenda and decision-making, there does not currently appear to be a mechanism or a plan to do so.
• Funding recipients reported mixed reviews of the support received from PS for the CSCP initiative. Some of these issues may stem from the challenges faced by the program as a result of administration occurring in one branch/directorate and policy direction taking place in another.
• Gender Based Analysis Plus (GBA Plus) is a priority for PS. While diversity and inclusion were factors emphasized in the 2020 CSCP call for applications, the full scope of GBA Plus was not consistently considered for most PS NCSS initiatives. However, there is evidence that efforts are being made to address these gaps.
• The COVID-19 pandemic led to unintended outcomes for the PS NCSS initiatives. The initiatives were largely able to adapt and moved to a more virtual environment.

Recommendations

The Senior Assistant Deputy Minister, National and Cyber Security Branch, should:

1. Enhance leadership and coordination efforts by prioritizing work on the forward policy agenda, including addressing information sharing challenges and forming relationships with other levels of government, particularly provinces and territories;
2. Develop and implement follow-up processes to collect information regarding the implementation of mitigation measures by participants as a result of activities for CI sectors;
3. Develop an approach to utilize CSCP project findings to inform the NCSS policy agenda and decision-making;
4. Increase awareness of how aspects of diversity and inclusion inherent to GBA Plus apply to cybersecurity.

Date modified:

2022-06-27