Canada released its first-ever cybersecurity strategy for federal government departments and agencies on Wednesday, with the aim of addressing challenges posed by remote work, cloud computing, aging infrastructure and recruitment.
The strategy, announced by Treasury Board President Anita Anand, concluded that government departments and agencies generally lacked “repeatable” processes to identify and respond to new and emerging cyber threats, as of the fiscal year ending in 2023.
So far in 2024, the Financial Transactions and Reports Analysis Centre of Canada, the Royal Canadian Mounted Police and Global Affairs Canada have all dealt with cyber incidents.
“It’s not only other governments in our country and private enterprises that must ensure they have strong protections against cyber threats and cyberattacks, but the very government of Canada itself must ensure that our systems are protected,” Anand said in an interview with Bloomberg.
“Therefore, individual citizens’ information is protected and therefore we can better ensure the delivery of services.”
The strategy is set to cost C$11 million ($8 million) over five years.
During the pandemic, many government employees switched to remote work, using their home networks rather than solely government systems. Now as many of those workers remain hybrid, the strategy aims to make working from home more secure through expanding multifactor authentication and introducing always-on protections against malware and viruses.
The government is also using more mobile devices, cloud-based services and third-party software. Several of these systems are run at the departmental or agency level, which can lead to inconsistencies.
“The speed of technological change means that security measures that were once effective may quickly become obsolete, underscoring the need for a proactive and adaptive approach to cybersecurity,” the strategy says.
The government plans to create a security operations center that will monitor on-site, cloud and other network-connected devices across departments and agencies. Some will have specialized operation centers as well. Under the strategy, a purple team will also be created made up of teams who will simulate cyberattacks and assess defenses to identify gaps in government cyber security.
Aging infrastructure is also causing vulnerabilities. “Weak information management practices are unacceptable and outdated IT tools that inadequately protect information are unacceptable in order to ensure that cybersecurity incidents and privacy breaches are minimized,” Anand said.
Cyber threats are becoming a growing concern and can come from state or non-state actors regardless of geographic boundary. Some dates are also particularly higher risk for cyber incidents like Feb. 24, the day Russia invaded Ukraine in 2022, Anand said.
As well, the government is struggling to recruit cybersecurity professionals. The new strategy plans to create partnerships with colleges and universities, accelerate hiring through automation and train employees in other departments to work in the field.
The strategy sets a timeline for results of within two to five years. The government expects there will still be some cybersecurity incidents, but that it will be able to quickly respond to them and minimize the impacts.
Photograph: Anita Anand, president of Canada’s Treasury Board. Photo credit: David Kawai/Bloomberg
Was this article valuable?
Here are more articles you may enjoy.
North Carolina Commissioner Lands on 8% Rate Increase for Dwelling Policies 
Disney to Invest $17B in Florida Parks Now That Fight with DeSantis Has Cooled 
Workers’ Comp Fraud Task Force Uncovers $30M Scheme in California 
P/C Insurers Record $9.3 Billion Q1 Underwriting Gain: AM Best 
