Cyber Security

Public Safety Canada (PS) is the national cyber security policy lead for the Government of Canada (GoC). It works with multiple departments and agencies to advance the goals of the National Cyber Security Strategy, namely with the Communications Security Establishment; Royal Canadian Mounted Police; Canadian Security Intelligence Service; Department of National Defence; Innovation, Science and Economic Development Canada; Transport Canada; Employment and Social Development Canada; Natural Resources Canada; Global Affairs Canada; and Treasury Board Secretariat.

Relevant Platform Commitments

• Introduce legislation to safeguard Canada’s critical infrastructure, including our 5G networks, to preserve the integrity and security of our telecommunications systems.
• Establish a digital policy task force, comprised of industry experts, academia, and government, to integrate efforts across government and provide additional resources in order to position Canada as a leader in the digital economy and shape global governance of emerging technologies.

Further Information

National Cyber Security Strategy

The National Cyber Security Strategy (the Strategy) was announced through Budget 2018 with $507.7 million earmarked over five years, and $108.8 million per year thereafter. It introduces a new strategic direction for cyber security in Canada, and directly addresses gaps and opportunities within Canada’s current cyber security climate, through its vision of Security and Prosperity in the Digital Age. The Strategy is a horizontal initiative, involving seven partner organizations^Footnote1 delivering 14 initiatives under three key goals:

• Secure and Resilient Canadian Systems: The GC will better protect Canadians from cybercrime, respond to evolving threats, and help defend critical government and private sector systems.
• An Innovative and Adaptive Cyber Ecosystem: The GC will support advanced research, foster digital innovation, and develop cyber skills and knowledge to position Canada as a global leader in cyber security.
• Effective Leadership, Governance and Collaboration: The GC will take a leadership role to advance cyber security in Canada, and will, in coordination with allies, work to shape the international cyber security environment in Canada’s favour.

In 2019 the National Cyber Security (NCS) Action Plan was released to provide a roadmap of how the GC will reach the goals of the Strategy.

The Strategy is in its third year of implementation and has achieved many key milestones. Highlights on the Strategy accomplishments include:

• Establishment of the Canadian Centre for Cyber Security (the Cyber Centre), a single, unified team of government cyber security technical experts that will be the definitive source of unique technical advice, guidance, services, messaging and support on cyber security operational matters for government, critical infrastructure owners and operations, the private sector and the Canadian public;
• Establishment of the RCMP’s National Cybercrime Coordination Unit (NC3 Unit) to coordinate Canadian police operations against cybercriminals and to establish a national mechanism for Canadians and businesses to report cybercrimes to police;
• Increase in RCMP cybercrime enforcement capacity to take federal enforcement action against priority cybercrime activity both domestically and internationally;
• Enhancement of bilateral collaboration on cyber security and energy between Natural Resources Canada and energy sector stakeholders, such as other federal departments, provinces and territories, private industry and the United States; and
• Delivery of a comprehensive risk management approach by PS, to enable Critical Infrastructure (CI) owners and operators to better secure their systems and information.
• Production and distribution of intelligence assessments by CSIS’ Cyber Intelligence and Cyber Threat Assessments program, which provide decision-makers with trusted insight into the intent and methodology of hostile cyber actors.

Ongoing Cyber Security Activities

Attribution

The Minister of Public Safety and Emergency Preparedness plays a key role in Canada’s attribution framework, which is led by Global Affairs Canada for international events. Public attribution of cyber incidents allow us to hold malicious actors accountable, and is part of our larger approach to deterring future incidents and promoting responsible state behaviour in cyberspace.

Critical Cyber Systems 

The increasing convergence of digital and physical infrastructure has brought significant benefits, but led to new threats and vulnerabilities. As a result, the digitalization of essential services has increased the potential for cyber incidents to compromise national security and public safety. In order to address this risk, Budget 2019 allocated $144.9M over five years towards helping protect Canada’s critical cyber systems (CCS) across federally regulated sectors. To that end, PS has led the development of options to help increase resilience in these areas. 

Telecommunications Security

The global telecommunications sector is undergoing a transition from fourth generation wireless technology to fifth generation (5G). 5G networks will operate at significantly higher speeds and will provide greater versatility, capability, interconnectivity and complexity than previous generations. As a result, 5G networks will become a crucial component of Canada’s critical infrastructure. However, incidents resulting from the exploitation of vulnerabilities by malicious actors will be more difficult to safeguard against, and could have a broader impact than in previous generations of wireless technology.

The GC is conducting an ongoing examination of emerging 5G technology and the associated economic opportunities and security risks. Particular consideration is being afforded to the foreign and defence relations, economic, national security, and technical implications.

Ransomware

One of the major trends over the past few years has been the increase of ransomware as the number one cyber security threat facing Canada today. Ransomware campaigns have impacted hundreds of Canadian businesses and critical infrastructure providers, including multiple hospitals and police departments, as well as municipal, provincial and territorial governments. Ransomware attacks pose a real threat to national security as they have the potential to disrupt a population’s access to critical services, as was demonstrated during the Colonial Pipeline incident in the United States in 2021.

Supporting Canadian Critical Infrastructure (CI) Owners and Operators

The digitalization of systems and processes, and the ability to control CI operations remotely continues to present new cyber security challenges. The growing adoption of connected digital systems to operate physical infrastructure (e.g. Industrial Control Systems), from water treatment plants to farms, has improved overall efficiency, communications, and service delivery to Canadians. However, the use of internet-enabled systems increases the probability and scale of both intentional and unintentional disruptions to these vital systems. Malicious actors are devising new ways to use cyber attacks to disrupt infrastructure and exploit Canadians. Foreign actors, with the support of state-level resources, are developing advanced capabilities to target CI, increasingly leveraging cyber systems to conduct espionage, steal intellectual property, and disrupt operations.

Stakeholder Perspectives

There is an expanding desire from stakeholders for increased national engagement, particularly in regards to jurisdictional issues and responsibilities. Many CI sectors fall under provincial and territorial authority and require growing national collaboration as threats increase. Provinces, territories, and CI owners and operators are looking to the federal government for guidance and collaboration. Of note, since the intent to table legislation to protect Critical Cyber Systems was announced publicly in 2018, there has been keen interest from these parties in understanding its status and content. In addition, some CI sectors, such as the electrical grid, are deeply interconnected with those of the United States. The US DOE is very interested in our mutual ability to secure this sector in particular.

In addition,  as cyber security is a borderless issue, advancing key cyber security initiatives will depend on strong relationships with international allies and partners. Specifically, ransomware has been highlighted by G7 Ministers as an area for increased collaboration. The United States is particularly seized with this issue and actively pursuing increased engagement from Canada and other partners. Another area that has elicited a great deal of interest is in the area of cyber certification. The Canadian aerospace and defence industry has been vocal about the need for federal government action to facilitate their compliance with international certification standards, in particular the US Cybersecurity Maturity Model Certification (CMMC) framework.

Footnotes

• 1

  PS, CSE, CSIS, RCMP, ESDC, ISED, NRCan and GAC

Date modified:

2022-05-19