(Ottawa) The federal government on Wednesday unveiled its new cybersecurity strategy aimed at protecting its vast array of computer systems and information stores against a growing variety of threats.
The new strategy highlights that while the government has made progress in improving cybersecurity in recent years, online dangers have grown even faster.
Ottawa says renewed commitment is needed across all departments and agencies to provide Canadians with secure and reliable government services digitally.
The strategy recognizes that the government is an attractive target because of the personal information, valuable research data and other sensitive documents it holds.
The report warns that as a result, cyberattacks can have “a significant effect” on government activities, either by disrupting critical and essential services or by exposing classified or personal information.
“This significant effect can put people at risk of identity theft or other types of fraud, which can erode trust in government institutions and negatively impact the overall economy and of Canadian society. »
A “whole-of-government” approach to cybersecurity “has never been more important,” Treasury Board President Anita Anand said in an interview on Wednesday. “I worry about the invasion of privacy. I worry about government systems shutting down. »
The federal strategy identifies certain “persistent gaps”, including:
- the lack of progress made by departments and agencies in improving their capacity to identify and respond to threats;
- a lack of overall knowledge of cybersecurity risks;
- the use of different tools, methods and services to monitor systems, which can make it difficult to have a holistic view of security threats;
- traditional “security architecture” models that are now less effective;
- poor information management practices, including the use of outdated tools;
- high global demand for talent, leading to a shortage of qualified cybersecurity professionals.
“Incoherent approaches”
The document warns that disparate approaches to security capabilities “can lead to inconsistencies, inefficiencies and gray areas” in the government’s overall defenses.
It highlights the rapid adoption of cloud computing services, typically offered by private companies using software, servers and other hardware hosted on company premises.
Due to a lack of clarity, ministries and agencies are expected to manage their cloud-based environments, including cybersecurity operations, the strategy document says. However, this wait has led to “a duplication of efforts, inconsistent approaches, a lack of intelligence sharing and reduced visibility”.
The new strategy, which applies to more than 100 federal departments, agencies and organizations, aims to clearly articulate security risks to government systems and more effectively prevent attacks.
It also aims to strengthen agency capacity and build a workforce with appropriate cybersecurity skills, knowledge and culture.
Minister Anand acknowledged the challenges of developing a more consistent approach, given the different systems and practices currently in place. “It’s a challenge, but it’s something we need to do, to be able to protect ourselves against cyberattacks, as well as to be more effective for Canadians and provide services in the most efficient way possible.” »
The plan does not cover federal crown corporations, such as Canada Post and Radio-Canada. “But we strongly recommend that they follow suit in terms of what we are going to implement,” the minister said.
For the strategy to work, key players must work closely together, the document says. These actors include the Treasury Board of Canada Secretariat, which provides policy and oversight, the Communications Security Establishment and its Center for Cyber Security, the central agency of Shared Services Canada, and numerous departments and agencies.
Mme Anand said Treasury Board’s leadership role is crucial to ensuring the approach is scalable, “so we are ready to respond as new threats evolve.”