Parliamentary Committee Notes: Canada’s Approach to Critical Infrastructure Security and Resilience

Date:

April 14, 2022

Branch/Agency:

CID/NCSB/PSC

Issue:

You have been invited to appear before the Standing Committee on Public Safety and National Security to discuss Canada’s security posture in relation to Russia where protecting Canada’s critical infrastructure may be raised. This note addresses Canada’s overall approach to critical infrastructure security and resilience, focusing on the National Strategy for Critical Infrastructure, stakeholder engagement mechanisms, and specific Public Safety Canada programs. More detailed information on the nexus between cyber security and critical infrastructure can be found in the complementary note titled Cyber Security and Protecting Canada’s Critical Infrastructure.

Proposed Response:

Thank you.

Background:

Canada’s National Strategy for Critical Infrastructure

Critical infrastructure (CI) consists of the physical assets, information technology systems, networks and services essential to the health, safety, security, and economic well-being of Canadians.

Under the Emergency Management Act, the Minister of Public Safety and Emergency Preparedness is responsible for leading the overall national effort to strengthen CI resilience.

Canada’s approach to CI security and resilience is outlined in the 2009 National Strategy for Critical Infrastructure.

Every three years, an action plan is published with concrete deliverables for Public Safety to fulfil in collaboration with public and private sector partners to further the objectives of the 2009 National Strategy for Critical Infrastructure. With the conclusion of the 2018-2020 Action Plan for Critical Infrastructure, Public Safety Canada published the 2021-2023 Action Plan for Critical Infrastructure in the spring of 2021.

The 2021-2023 Action Plan for Critical Infrastructure commits Public Safety Canada to renewing Canada’s National Strategy for Critical Infrastructure by 2023.

Specific Public Safety Canada CI programs and initiatives are outlined below.

Regional Resilience Assessment Program (RRAP)

RRAP provides free on-site and online assessments to CI owners and operators in all sectors across Canada to address vulnerabilities and to measure and enhance the resilience of their facilities from an all-hazards perspective.

RRAP also conducts broader regional resilience assessment projects designed to assess and improve the resilience of cross-border CI with the United States.

Virtual Risk Analysis Cell at Public Safety Canada

The Virtual Risk Analysis Cell (VRAC) prepares impact assessments to support situational awareness of CI facilities and the hazards, risks, and impacts they face.

In these assessments VRAC identifies infrastructure that may be impacted and prepares analysis and considerations of cascading impacts that could cause further disruption or degradation of goods, services, and Canada’s supply chains.

Partnerships

The CI Partnerships team at Public Safety Canada focuses on developing and nurturing trusted partnerships between government and CI stakeholders. It organizes national meetings and events to share information and best practices across all CI sectors.

It regularly collaborates with Lead Federal Departments responsible for CI and coordinates and connects with CI representatives from Provincial and Territorial governments (PTs) as well as CI industry stakeholders.

Exercises

The program coordinates exercises that foster partnerships and coordination across jurisdictions, with CI stakeholders in both private and public sectors to enhance their overall resilience before, during and after an emergency.

Specifically, the program identifies key risk areas and vulnerabilities, interdependencies, and cross-sector issues or capabilities to be exercised. It also examines CI stakeholder roles and responsibilities in accordance with emergency plans and policies. Further, it promotes, facilitates, and coordinates exercises involving the CI community and the sharing of lessons learned from exercises to strengthen CI resilience in Canada.

Cyber Engagements

The goal this program is to raise cyber security awareness in the Canadian CI stakeholder community through the delivery of Industrial Control System (ICS) protection webinars and training symposiums, cyber exercises, cyber security assessments, and insider risk.

This team developed the Canadian Cyber Security Tool in collaboration with the Canadian Centre for Cyber Security at the Communications Security Establishment, which is being applied across all ten CI sectors to help stakeholders assess their cyber security posture.

Contacts:

Prepared by: Jade Craig-Payette, A/Policy Advisor, National and Cyber Security Branch, 613-407-5233

Approved by: Dominic Rochon, Senior Assistant Deputy Minister, National and Cyber Security Branch, 613-990-4976

Date modified: