New Canadian Cybersecurity Era?

29 juin 2018 | Imran Ahmad, Dan Doliner

( Disponible en anglais seulement )

On June 12, 2018, Public Safety Canada published Canada’s new National Cyber Security Strategy (the “2018 Cyber Strategy”). The 2018 Cyber Strategy details three national cybersecurity goals and the principles that will be followed over the next five years in order to achieve them. The 2018 Cyber Strategy was released almost eight years after the previous National Cyber Security Strategy, which was issued in 2010, and was the result of a review and consultation process that began in August 2016.

Overview

The 2018 Cyber Strategy recognizes the increased connectivity and on-line presence of Canadians and Canadian businesses and the related cybersecurity challenges. The 2018 Cyber Strategy also acknowledges significant gaps in the Canadian cybersecurity ecosystem, which the 2018 Cyber Strategy aims to address.

The 2018 Cyber Strategy is organized around three key goals:

  1. Secure and resilient Canadian systems;
  2. An innovative and adaptive Cyber ecosystem; and
  3. Effective leadership, governance and collaboration.

To achieve these goals, the 2018 Federal budget allocated more than $500 million for the implementation of the 2018 Cyber Strategy over five years. It will be the largest single investment in cybersecurity ever made by the Canadian government. As further detailed in the 2018 Cyber Strategy, the Government of Canada recognizes the importance of allocating some of the cybersecurity resources to the development and integration of blockchain and quantum computing cybersecurity applications.

First Strategic Goal: Secure and Resilient Canadian Systems

The 2018 Cyber Strategy provides that the Government of Canada will enhance law enforcement capabilities in response to cybercrime by increased coordination between law enforcement agencies. The Government of Canada will work to protect government and private sector systems from cybercrime and other cyber threats.

Resources will be allocated in order to make cybersecurity more accessible to small and medium-sized organizations that may lack the knowledge and resources to implement cyber security regimes.

In order to protect critical infrastructure, such as electrical grids, communications networks or financial institutions, the Government of Canada will develop regulatory frameworks with respect to adequate cybersecurity measures.

Second Strategic Goal: an Innovative and Adaptive Cyber Ecosystem

The 2018 Cyber Strategy recognizes the shortage of qualified cybersecurity professionals and notes the importance of constantly conducting scientific research into cybersecurity related issues in order to address new cybersecurity threats and challenges.

The Government of Canada will position Canada as a global leader in cybersecurity by supporting and funding advanced research, innovation and cybersecurity knowledge (with specific emphasis on quantum computing and blockchain technologies). The Government will dedicate resources to drive domestic demand for cybersecurity technologies and services.

Third Strategic Goal: Effective Leadership, Governance and Collaboration

The Government of Canada is aiming for national cybersecurity excellence. Cybersecurity excellence requires collaboratively enhancing cybersecurity capabilities in government and in the private sector. In particular, blockchain technology has the potential to become a means for secure delivery of services by the government and the private sector.

The Government of Canada will establish a clear focal point for authoritative advice, guidance and cyber incident response. This will improve information sharing and improve the private sector’s access to governmental support.

The Government of Canada will establish new forums for collaboration with a cross-section of Canadian stakeholders.

The federal government will develop, in partnership with Canadian stakeholders, a national plan to prevent, mitigate and respond to cybersecurity incidents. The Government of Canada will work with international partners to advance Canadian interests.

New Governmental Agencies

Pursuant to the 2018 Cyber Strategy, two new governmental agencies will be created:

  1. The Canadian Centre for Cyber Security (the “Cyber Centre”). The Cyber Centre will merge three separate governmental units: the Canadian Cyber Incident Response Centre (CCIRC) and the Get Cyber Safe public awareness campaign (previously under Public Safety Canada); the Security Operations Centre (previously under Shared Services Canada); and the entire IT Security branch of the CSE. The Cyber Centre will centralize cybersecurity innovation and collaboration for Canada, and will be a single unified source of expert advice, guidance, services and support on cybersecurity. Further, the Cyber Centre will enable better-coordinated and faster response to cyber threats.
  2. The RCMP National Cybercrime Coordination Unit, which will expand the RCMP’s capacity to investigate cybercrime, will be a coordination hub for cybercrime investigations in Canada and will work with international partners on cybercrime.

Takeaways for Business

Naturally, the 2018 Cyber Strategy does not go into implementation details, which will likely include a verity of specific governmental initiatives, projects and specific legislation and regulations.

With the Canadian government dedicating resources and significant budget to achieving the goals of the 2018 Cyber Strategy, businesses should be alert to opportunities relating to such governmental efforts and funding (such as grants, projects, funding programs, training programs, etc.).

Businesses should also be aware of the challenges that may arise with increased activity of cybersecurity regulatory authorities and the growing expectation of businesses to apply industry-recognized cybersecurity measures as part of on-going operations.

Avis de non-responsabilité

Les renseignements affichés sur ce blogue contiennent des points de droit variés fournis uniquement à des fins informatives et non commerciales. Ces renseignements ne constituent pas un avis juridique de la part de l’auteur. Nous mettons en garde les lecteurs de ne pas prendre de décision particulière sans avoir préalablement obtenu l’avis juridique d’un professionnel qualifié. Toute personne qui décide de prendre une décision en s’appuyant sur ces renseignements le fait à ses propres risques.