Last week saw the rollout of a key piece of the Government of Canada's 2018 cyber security strategy as the Canadian Centre for Cyber Security ("CCCS"), first announced in June 2018,1 went live.2 

The Role of the New CCCS

The creation of the CCCS consolidates government cyber security operational units and enhances Canada's leadership role in cyber security.  The new CCCS describes its role as follows:3

  • Informing Canada and Canadians about cyber security matters, as a single, clear, trusted source of information on cyber security for Canadians and businesses
  • Protecting Canadians' cyber security interests through targeted advice, specific guidance, direct hands-on assistance, and strong collaborative partnerships
  • Developing and sharing specialized cyber defence technologies and tools resulting in better cyber security for all Canadians
  • Defending cyber systems, including government systems, by deploying sophisticated cyber defence solutions [and]
  • Acting as the operational leader and government spokesperson during cyber security events.

What the CCCS Means for Canadians

For the general public, the most obvious change will be that the CCCS replaces Public Safety Canada ("PSC") as the government portal for Canadians seeking information on cyber security, identity theft and related issues.  As of October 1, 2018, both the Canadian Cyber Incident Response Centre ("CCIRC") and the PSC's "Get Cyber Safe" public information campaign come under the CCCS's authority.  Canadians seeking information and resources on cyber safety will find an updated Get Cyber Safe campaign page with a wealth of information on everything from identity theft to protecting small businesses to cyberbullying to current online scams and frauds.4  (At time of posting, somewhat ironically, the page features a prominent warning about scammers falsely claiming to represent PSC or CCIRC.)  Users can also interact with the Get Cyber Safe campaign across a number of social media platforms.5

The CCCS and the Cyber Security Community

Beyond its public-facing activities, the CCCS is intended to assert the government's leadership role in cyber security.  The CCCS will collaborate with owners of critical infrastructure, other levels of government, and industry, will work with cyber security vendors in the development of their products, and plays the role of technical authority.  It also offers downloadable tools such as its open-source "Assemblyline" malware detection and analysis software, originally released in late 2017.6 

CCCS is deepening the government's collaboration with industry by entering into an information-sharing pact with the Canadian Cyber Threat Exchange ("CCTX"), Canada's first private sector hub for cyber security threat information sharing and analysis.  The pact, announced in September before the CCCS rollout7 and signed the same day CCCS went live,8 provides for the sharing of government-gathered threat intelligence, combining this intelligence with information gathered by CCTX member organizations (which include key players in Canadian critical infrastructure including telecommunications, banking and transportation9).

The new head of the CCCS immediately demonstrated the body's relevance by announcing that an assessment of the threat of interference in the next federal election would be one of the centre's immediate priorities.10

The CCCS and Canada's new Cyber Security Strategy

Creating the CCCS is part of the Government of Canada's new cyber security strategy, released in June 201811 and backed with a commitment in the 2018 federal budget of $507.7 million in funding over five years.12  The action follows the release of a comprehensive review of Canada's 2010 cyber security strategy, commenced in 2016 and culminating in a report released in 2017 which identified among other issues the need for greater public awareness and for greater public funding and resources in the field of cyber security.13  The new strategy is built on three themes:

  • Security and resilience (by maintaining and improving the cyber security posture of federal departments and agencies, and enhancing law enforcement's ability to investigate and respond to cybercrime14);
  • Cyber innovation (including driving investment and research and development in cyber security, focusing on "emerging areas of Canadian excellence" including quantum computing and blockchain15); and
  • Leadership and collaboration (by establishing "a clear focal point for authoritative advice, guidance, and cyber incident response," "reinvigorat[ing] public awareness and engagement efforts and establish[ing] new forums for collaboration," and partnering with the provinces to develop a "national plan to prevent, mitigate and respond to cyber incidents" 16).

Unlike its more granular 2010 predecessor, the 2018 strategy is aspirational and short on specifics by design; it is intended to provide a flexible theoretical framework for the more concrete measures to be set out in action plans to come.  The CCCS, along with the creation of an RCMP National Cybercrime Coordination Unit,17 is among the first tangible examples of Canada's renewed commitment to cyber security.

Footnotes

1 Government of Canada Communications Security Establishment, "Canadian Centre for Cyber Security," online: https://www.cse-cst.gc.ca/en/backgrounder-fiche-information (June 12, 2018).

2 Government of Canada Communications Security Establishment, "The Minister of National Defence Announces the Launch of the Canadian Centre for Cyber Security," online: https://www.canada.ca/en/communications-security/news/2018/10/the-minister-of-national-defence-announces-the-launch-of-the-canadian-centre-for-cyber-security.html (October 1, 2018).  The CCCS's homepage may be found here: https://www.cyber.gc.ca/en/.

3 Government of Canada Communications Security Establishment, "Canadian Centre for Cyber Security," online: https://www.cse-cst.gc.ca/en/backgrounder-fiche-information (June 12, 2018).

4 Government of Canada, Get Cyber Safe, online: https://www.getcybersafe.gc.ca/cnt/rsrcs/rcvr-scm-en.aspx.

5 These include twitter (https://twitter.com/getcybersafe), Facebook (https://www.facebook.com/GetCyberSafe), Instagram (https://www.instagram.com/getcybersafe/), and for the small or medium business owner, LinkedIn (https://www.linkedin.com/showcase/get-cyber-safe-for-small-and-medium-businesses/).

6 Assemblyline is now available here: https://www.cyber.gc.ca/en/assemblyline.

7 CCTX, "Public Safety Canada, CSE set to start cyber-threat sharing pact with private sector," online: CCTX.ca/public-safety-canada-cse-set-to-start-cyber-threat-sharing-pact-with-private-sector/">https://CCTX.ca/public-safety-canada-cse-set-to-start-cyber-threat-sharing-pact-with-private-sector/ (September 21, 2018).

8 CCTX tweeted the news that the agreement had been signed: CCTXCanada/status/1046915197926105089">https://twitter.com/CCTXCanada/status/1046915197926105089 (October 1, 2018).

9 CCTX, "Sharing Critical and Authoritative Information Across Our Industry," online: CCTX.ca/aboutCCTX/">https://CCTX.ca/aboutCCTX/.

10 Jim Bronskill, Global News, "New Canadian cybersecurity centre to look at election interference threats," online: https://globalnews.ca/news/4506116/canadian-centre-for-cyber-security-election-interference-threats-canada/ (October 1, 2018).

11 Government of Canada Public Safety Canada, National Cyber Security Strategy: Canada's Vision for Security and Prosperity in the Digital Age, online: https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg/ntnl-cbr-scrt-strtg-en.pdf (June 12, 2018).

12 Alex Boutilier, The Toronto Star, "Liberals pitch $500 million cyber security plan," online: https://www.thestar.com/news/canada/2018/02/27/liberals-pitch-500-million-cyber-security-plan.html (February 27, 2018).

13 Neilsen, Cyber Review Consultations Report, online: https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/2017-cybr-rvw-cnslttns-rprt/2017-cybr-rvw-cnslttns-rprt-en.pdf (January 17, 2017) at p.2.

14 Government of Canada Public Safety Canada, National Cyber Security Strategy: Canada's Vision for Security and Prosperity in the Digital Age, online: https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg/ntnl-cbr-scrt-strtg-en.pdf (June 12, 2018) at p.17.

15 Government of Canada Public Safety Canada, National Cyber Security Strategy: Canada's Vision for Security and Prosperity in the Digital Age, online: https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg/ntnl-cbr-scrt-strtg-en.pdf (June 12, 2018) at p.24.

16 Government of Canada Public Safety Canada, National Cyber Security Strategy: Canada's Vision for Security and Prosperity in the Digital Age, online: https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg/ntnl-cbr-scrt-strtg-en.pdf (June 12, 2018) at p.31.

17 Government of Canada Public Safety Canada, National Cyber Security Strategy: Canada's Vision for Security and Prosperity in the Digital Age, online: https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg/ntnl-cbr-scrt-strtg-en.pdf (June 12, 2018) at p.iii.

Read the original article on GowlingWLG.com

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.