On February 27, 2018, the Minister of Finance tabled Budget 2018 – Equality + Growth: A Strong Middle Class (the “Budget”) before Parliament. The Budget includes investments in several key areas of the Canadian economy, including in the area of cybersecurity. In his remarks, the Minister of Finance stated that “[t]o safeguard Canadians’ privacy, and protect both our digital economy and our country, we are making an investment of over $750 million in cybersecurity.”
The proposed investment will serve primarily to establish the Canadian Centre for Cyber Security and the National Cybercrime Coordination Unit, which will serve as pillars of the federal government’s soon to be announced National Cyber Security Strategy.
Canadian Centre for Cyber Security
The Budget commits $155.2 million over five years and $44.5 million per year thereafter for the Communications Security Establishment to create a new Canadian Centre for Cyber Security (the “CCCS”).
The objective of CCCS would be to consolidate operational cyber expertise from across the federal government under a single umbrella. It will become the primary “go-to” source for unique expert advice, guidance, services and support on cyber security operational matters. What is interesting is that it will also serve as the primary point of contact for cyber security advice to Canadian businesses and individuals. It is anticipated that the federal government will introduce new legislation to consolidate various government cyber security functions into the new CCCS.
National Cybercrime Coordination Unit
The Budget also proposes to provide $116 million over five years and $23.2 million per year thereafter to the RCMP to support the creation of the National Cybercrime Coordination Unit (the “NCCU”).
The NCCU will be tasked with creating a hub for cybercrime investigations in Canada and will work with international partners on cybercrime issues. What is interesting is that the NCCU will also establish a national public reporting mechanism for Canadian citizens and businesses to report cybercrime incidents to law enforcement. It is unclear whether the reporting mechanism will be voluntary or mandatory and whether the reported information will be disclosed publicly.
National Cyber Security Strategy
The CCCS and NCCU are important aspects of Canada’s broader National Cybersecurity Strategy (the “Strategy”) which will be rolled-out in the coming months. The Strategy will focus on three principal goals:
- Ensure security and resilient Canadian systems;
- Build an innovative and adaptive cyber ecosystem; and
- Support effective leadership and collaboration between different levels of Canadian government, and partners around the world.
The Budget’s proposed investment in the area of cyber security is the largest single investment made in this area by the Canadian federal government. It also sends a strong signal that the government is focused on cyber threats that pose a real risk to the Canadian economy and national security.
For businesses, the creation of the CCCS and NCCU may require them to revise their cyber incident response plans and law enforcement engagement strategy. Depending on when the CCCS and NCCU become operational, businesses may have a legal responsibility to report cyber incidents to law enforcement. That said, it remains unclear how this information will be used and disclosed by the CCCS.
Lastly, more details may emerge in the coming months as the Minister of Public Safety releases details regarding the Strategy which may include new programs and resources for Canadian businesses and individuals.