skip to main content
Back to all blog posts

Posted in: Data Security/Privacy | Data Protection

Aug 9, 2018

Federal Government Invests Heavily in a New Cyber Security Strategy

By Paige Backman and Ara Dungca

A few weeks ago the Canadian federal government released a new National Cyber Security Strategy backed by more than 500 million dollars in committed funding from Budget 2018. Thus far, it is the largest investment in cyber security by any Canadian government.

Despite the fact that the National Cyber Security Strategy reflects concerns and options that have been discussed and lobbied for years, it is a welcome acknowledgement of the significance of the impact breaches in cyber security have, not just on our economy, but on our health, safety and national security.

The first cyber security strategy was established in 2010, dedicated to securing government systems, partnering to secure vital cyber systems outside the federal government and helping Canadians to be secure online. Starting in 2016, a cyber review was started, including in-depth engagement within the federal government, an evaluation of the 2010 strategy and Canada’s first public consultation on cyber security. The plan that emerged outlines three goals:

  • Secure and Resilient Canadian Systems
  • An Innovative and Adaptive Cyber Ecosystem
  • Effective Leadership and Collaboration

To achieve these goals, a Canadian Centre of Cyber Security will be established, which consolidates cyber expertise from across the federal government. It will be a place that Canadian citizens and businesses can use as a resource. In addition, a National Cybercrime Coordination Unit will be established, which is set to be the centre for cybercrime investigations in Canada.

According to the Honourable Navdeep Bains, Minister of Innovation, Science & Economic Development: “The Government of Canada is committed to safeguarding Canadians' digital privacy, security and the economy. For Canada's small and medium-sized businesses, cyber threats can have profound economic consequences.” This is echoed in the plan itself, stating: “Cyber incidents can also be profoundly destabilizing. They can erode trust in e-commerce and government institutions and can lead people to question their continued use of digital technologies if they feel that their safety or privacy is at risk.”

What is also discussed, but most will not appreciate the significance, is the impact of cyber security and lack thereof on our critical infrastructures. Most of Canada’s critical infrastructures, hospitals, airports, transportation and power/electricity, for example, run on computer programs, often networked. The impact on our health and safety of these critical infrastructures being ‘hacked’ and manipulated or shut down is extremely serious.

The investment and focus of the federal government in cyber security emphasizes the increasing importance of safeguarding data and privacy. While businesses are improving their systems to preserve the privacy of their clients, having better tools to manage cyber security risks go hand in hand. Solving cyber breaches not only causes a business financial strain, but also legal and reputational risk. In a previous Spotlight post, we discussed new reporting requirements that require businesses to notify consumers and the Privacy Commissioner of a data breach or face a fine of up to $100,000. Through the new Cyber Security strategy, the government is increasing businesses’ ability to avoid these situations.

The strategy also comes soon after the cyber security breach of two of Canada’s big banks at the end of May 2018. In this CBC video, Paige Backman, the Chair of the firm’s Privacy & Data Security Group, discusses the issues that arose from this event and the wake-up call it hopefully serves. With a renewed focus on cyber security by the federal government, avoiding small to large-scale breaches can become more possible.

Areas of Expertise

Related Blogs

Posted in: GDPR | Data Security/Privacy | Data Protection

Insights TheSpotlight
GDPR Now in Force Has Worldwide Reach By Paige Backman and Ara Dungca Jun 19, 2018 The General Data Protection Regulation was implemented on May 25, 2018. While it officially only affects European citizens, it has worldwide effects. As discussed previously on The Spotlight, any organization offering goods or services to residents of the European Union are expected to comply wit...

Posted in: Data Security/Privacy | Data Protection

Insights TheSpotlight
Notifying Consumers of Data Breaches: New Regulations By Stephen Crawford Apr 24, 2018 The federal government has introduced new regulations setting out what information must be disclosed to consumers and to the Privacy Commissioner after a data breach. These regulations will take effect on November 1, 2018.

Posted in: Data Protection | Privacy | Data Security/Privacy

Insights TheSpotlight
New Notification Requirements for Data Breaches By Stephen Crawford Apr 13, 2018 As of November 1, 2018, if your organization suffers a data breach, new reporting requirements will be in place that may require you to notify consumers and the Privacy Commissioner of the breach – or else face a fine of up to $100,000.