Federal Government Invests Heavily in a New Cyber Security Strategy

A few weeks ago the Canadian federal government released a new National Cyber Security Strategy backed by more than 500 million dollars in committed funding from Budget 2018. Thus far, it is the largest investment in cyber security by any Canadian government.

Despite the fact that the National Cyber Security Strategy reflects concerns and options that have been discussed and lobbied for years, it is a welcome acknowledgement of the significance of the impact breaches in cyber security have, not just on our economy, but on our health, safety and national security.

The first cyber security strategy was established in 2010, dedicated to securing government systems, partnering to secure vital cyber systems outside the federal government and helping Canadians to be secure online. Starting in 2016, a cyber review was started, including in-depth engagement within the federal government, an evaluation of the 2010 strategy and Canada’s first public consultation on cyber security. The plan that emerged outlines three goals:

• Secure and Resilient Canadian Systems
• An Innovative and Adaptive Cyber Ecosystem
• Effective Leadership and Collaboration

To achieve these goals, a Canadian Centre of Cyber Security will be established, which consolidates cyber expertise from across the federal government. It will be a place that Canadian citizens and businesses can use as a resource. In addition, a National Cybercrime Coordination Unit will be established, which is set to be the centre for cybercrime investigations in Canada.

According to the Honourable Navdeep Bains, Minister of Innovation, Science & Economic Development: “The Government of Canada is committed to safeguarding Canadians' digital privacy, security and the economy. For Canada's small and medium-sized businesses, cyber threats can have profound economic consequences.” This is echoed in the plan itself, stating: “Cyber incidents can also be profoundly destabilizing. They can erode trust in e-commerce and government institutions and can lead people to question their continued use of digital technologies if they feel that their safety or privacy is at risk.”

What is also discussed, but most will not appreciate the significance, is the impact of cyber security and lack thereof on our critical infrastructures. Most of Canada’s critical infrastructures, hospitals, airports, transportation and power/electricity, for example, run on computer programs, often networked. The impact on our health and safety of these critical infrastructures being ‘hacked’ and manipulated or shut down is extremely serious.

The investment and focus of the federal government in cyber security emphasizes the increasing importance of safeguarding data and privacy. While businesses are improving their systems to preserve the privacy of their clients, having better tools to manage cyber security risks go hand in hand. Solving cyber breaches not only causes a business financial strain, but also legal and reputational risk. In a previous Spotlight post, we discussed new reporting requirements that require businesses to notify consumers and the Privacy Commissioner of a data breach or face a fine of up to $100,000. Through the new Cyber Security strategy, the government is increasing businesses’ ability to avoid these situations.

The strategy also comes soon after the cyber security breach of two of Canada’s big banks at the end of May 2018. In this CBC video, Paige Backman, the Chair of the firm’s Privacy & Data Security Group, discusses the issues that arose from this event and the wake-up call it hopefully serves. With a renewed focus on cyber security by the federal government, avoiding small to large-scale breaches can become more possible.