Federal Budget Allocates Significant Funds towards Cybersecurity

28 février 2018 | Imran Ahmad

( Disponible en anglais seulement )

On February 27, 2018, the Minister of Finance tabled Budget 2018 – Equality + Growth: A Strong Middle Class (the “Budget”) before Parliament. The Budget includes investments in several key areas of the Canadian economy, including in the area of cybersecurity. In his remarks, the Minister of Finance stated that “[t]o safeguard Canadians’ privacy, and protect both our digital economy and our country, we are making an investment of over $750 million in cybersecurity.”

The proposed investment will serve primarily to establish the Canadian Centre for Cyber Security and the National Cybercrime Coordination Unit, which will serve as pillars of the federal government’s soon to be announced National Cyber Security Strategy.

Canadian Centre for Cyber Security

The Budget commits $155.2 million over five years and $44.5 million per year thereafter for the Communications Security Establishment to create a new Canadian Centre for Cyber Security (the “CCCS”).

The objective of CCCS would be to consolidate operational cyber expertise from across the federal government under a single umbrella. It will become the primary “go-to” source for unique expert advice, guidance, services and support on cyber security operational matters. What is interesting is that it will also serve as the primary point of contact for cyber security advice to Canadian businesses and individuals. It is anticipated that the federal government will introduce new legislation to consolidate various government cyber security functions into the new CCCS.

National Cybercrime Coordination Unit

The Budget also proposes to provide $116 million over five years and $23.2 million per year thereafter to the RCMP to support the creation of the National Cybercrime Coordination Unit (the “NCCU”).

The NCCU will be tasked with creating a hub for cybercrime investigations in Canada and will work with international partners on cybercrime issues. What is interesting is that the NCCU will also establish a national public reporting mechanism for Canadian citizens and businesses to report cybercrime incidents to law enforcement. It is unclear whether the reporting mechanism will be voluntary or mandatory and whether the reported information will be disclosed publicly.

National Cyber Security Strategy

The CCCS and NCCU are important aspects of Canada’s broader National Cybersecurity Strategy (the “Strategy”) which will be rolled-out in the coming months. The Strategy will focus on three principal goals:

  1. Ensure security and resilient Canadian systems;
  2. Build an innovative and adaptive cyber ecosystem; and
  3. Support effective leadership and collaboration between different levels of Canadian government, and partners around the world.

Key Takeaways

The Budget’s proposed investment in the area of cyber security is the largest single investment made in this area by the Canadian federal government. It also sends a strong signal that the government is focused on cyber threats that pose a real risk to the Canadian economy and national security.

For businesses, the creation of the CCCS and NCCU may require them to revise their cyber incident response plans and law enforcement engagement strategy. Depending on when the CCCS and NCCU become operational, businesses may have a legal responsibility to report cyber incidents to law enforcement. That said, it remains unclear how this information will be used and disclosed by the CCCS.

Lastly, more details may emerge in the coming months as the Minister of Public Safety releases details regarding the Strategy which may include new programs and resources for Canadian businesses and individuals.

Avis de non-responsabilité

Les renseignements affichés sur ce blogue contiennent des points de droit variés fournis uniquement à des fins informatives et non commerciales. Ces renseignements ne constituent pas un avis juridique de la part de l’auteur. Nous mettons en garde les lecteurs de ne pas prendre de décision particulière sans avoir préalablement obtenu l’avis juridique d’un professionnel qualifié. Toute personne qui décide de prendre une décision en s’appuyant sur ces renseignements le fait à ses propres risques.