Parliamentary Committee Notes: Cyber Security

Date : May 11, 2022
Classification: UNCLASSIFIED
Fully releasable (ATIP)? Yes
Branch/Agency: NCSB

Proposed Response:

• The Government of Canada recognizes that more than ever, secure and reliable connectivity is a necessity for our daily lives and our collective safety and security, as it underpins the delivery of critical services such as health care, financial transactions, safe transportation, and emergency communications.
• The Prime Minister has asked me and my colleagues to develop a renewed National Cyber Security Strategy that articulates Canada's long-term plan to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace.  
• The Government of Canada is working to enhance the cyber security of the country’s critical infrastructure through the identification of cyber threats and vulnerabilities, and by responding to cyber incidents.

If asked about cyber security in the context of the Russian invasion:

• Unfortunately, we have seen that malicious actors, such as cyber criminals and state actors, continue to attempt to take advantage of the current geopolitical environment to exploit particular sectors, especially critical infrastructure.
• In light of Russia’s invasion of Ukraine, the Government has enhanced engagements with critical infrastructure sectors. To this end, Public Safety Canada hosted a Multi-Sector Network meeting for critical infrastructure owners and operators to discuss cyber threats and proactive mitigation measures for Canadian industry.
• Public Safety’s Canadian Cyber Security Tool helps owners and operators of Canada’s critical infrastructure to evaluate their cyber maturity against established benchmarks and by peer comparison, while also offering concrete guidance on how they can become more cyber-resilient.Public Safety Canada also coordinates and delivers cyber-based exercises for the critical infrastructure community to test and develop capabilities to respond to, and recover from, malicious cyber activities. More broadly, the Department promotes communication and collaboration to raise awareness of cyber threats and risks, including with our international partners.
• Public Safety Canada also works closely with the Communication Security Establishment’s Canadian Centre for Cyber Security to enhance the resilience of critical infrastructure in Canada. The Cyber Centre, in addition to providing public advisories, shares valuable cyber threat information with Canadian critical infrastructure owners and operators.

Financial Implications:

• NIL

Background:

Malicious cyber activity directed at the digital systems that underpin essential services and critical infrastructure are a constant concern for businesses, individuals, and all levels of governments in Canada.

Threat Environment

Cyber security is one of our most serious economic and national security challenges. Today, Canada and Canadians are facing a rise in the number and sophistication of threats to national and personal security. Hostile state actors and cyber criminals are targeting our critical infrastructure, government institutions, sensitive scientific information and intellectual property, as well as individual Canadians’ privacy and finances. As the borderless risks that Canada faces in cyberspace continue to grow in size and complexity, Canada is no longer protected by its geography. State and non-state actors continue to challenge Canadian values and interests in non-traditional domains where they operate with near ‘immunity.’ These threats are increasingly significant as they seek to exploit ongoing efforts towards the digitalization of Canada’s economy.

Government of Canada Response

The Government of Canada (GC) is responsible for enforcement against cyber threats, responding to evolving national security threats, and defending critical GC systems. Federal government interventions to protect cyber systems take many forms, including helping to inform potential victims of malicious cyber activity and helping computer security professionals adopt best practices to prevent and react to incidents in order to minimize the impact on essential operations. The federal government also continues to work with provincial and territorial governments, associations, academia and industry, under the auspice of the National Cyber Security Strategy (the Strategy), to advance cyber security policy that can be adapted to these issues.

The Strategy, published in 2018, has three primary goals – secure and resilient Canadian systems; an innovative and adaptive cyber ecosystem; and effective leadership, governance, and collaboration. The subsequent National Cyber Security Action Plan (2019-2024) lays out the specific roadmap that will allow for the realization of the Strategy’s goals.

In the December 2021 mandate letter, the Minister of Public Safety was asked, alongside the Ministers of National Defence, Foreign Affairs, Innovation, Science and Industry, and other implicated Ministers, to develop and implement a renewed Cyber Strategy which will articulate Canada’s long-term strategy to protect our national security and economy, deter cyber threat actors, and promote norms-based international behaviour in cyberspace.

Budget 2022 included significant investments in cyber security—a total of $892.9M in direct funding for initiatives to enhance Canada’s cyber security through operations; improve prevention and response on critical infrastructure; protect small departments, agencies and Crown corporations; increase resilience; and support research in important technologies like quantum computing and artificial intelligence.

As part of the National Cyber Security Action Plan, Public Safety Canada is leading on several items that will enable critical infrastructure owners and operators to better secure their systems and information. Public Safety works to enhance the cyber security of Industrial Control Systems by raising awareness of risks to these systems and enhancing the capabilities of their operators through symposiums and technical workshops.

In addition, Public Safety has worked closely with the Cyber Centre to develop the Canadian Cyber Security Tool which provides Canadian critical infrastructure organizations with an easy-to-use, online self-assessment tool to strengthen their cyber security posture. Furthermore, Public Safety also offers Canadian critical infrastructure organizations more in-depth, facilitated assessments and analysis of their cyber security programs and practices through the Canadian Cyber Resilience Review and the Network Security Resilience Analysis.

Public Safety’s Regional Resilience Assessment Program’s Cyber Assessments Team has various assessment tools to provide expert advice and guidance to critical infrastructure owners and operators on how to improve their cyber security and cyber resilience posture. This work has been performed in close collaboration with the Cyber Centre, which uses the reports to better understand sectorial gaps and optimally target programs and resources to mitigate cyber risks.

From a national security perspective, CSIS is mandated to investigate cyber-enabled espionage, sabotage, foreign interference and terrorism to determine the motivations and capabilities of threat actors. This intelligence is then disseminated to inform GC partners on cyber attributions, policies, investments and governance.

Financial Implications

NIL

Contacts:

Responsible Manager: Gregory Bunghardt, NCSB/NCSD, 613-990-9608

Approved by: Dominic Rochon, Senior Assistant Deputy Minister, NCSB, 613-990-4976

Date modified:

2023-05-11