A senior Canadian government official has given a conference of infosec pros a peek at the coming updated federal cyber security strategy without divulging many details, including whether police and intelligence agencies will get more money and how Ottawa will encourage small and medium businesses to take information security more seriously.
Flexibility to meet changing cyber threats and collaborating with the provinces and the private sector were constant themes in the keynote speech Tuesday by Colleen Merchant, director general of national cyber security at Public Safety Canada to the annual SecTor conference in Toronto.
“The fundamental goal of our plan for cyber security is to maximize the benefits of digital life for Canadian citizens and businesses,” she said.
“As the cyber security environment has matured, it’s become clear that an effective plan to achieve this goal has based to be on principles that can endure and allow us to be flexible.
The new approach – expected to be released in the next three months – will be guided by five principles:
–Protect the safety and security of Canadians online and Canada’s critical infrastructure;
–Promote and protect rights and freedoms online;
–Recognize and encourage the importance of cyber security for business, economic growth and prosperity;
–Adapt and respond to emerging technologies and changing conditions;
–Collaborate and co-ordinate across jurisdictions and sectors to collectively increase Canada’s cyber security.
“these principles will guide Canada’s response to an array of trends, challenges and opportunities in cyber security,” she said.
“We’re entering a truly pivotal point, a very exciting time in defining a new approach to cyber security for our country. The federal government is committed to doing all we can to ensure a cyber secure future, and we are going to continue to proactively evolve collaborative work with diverse partners in doing so.”
She also urged the infosec community to be open minded, work together and promote cyber security.
One slight hint of things that may be part of the government’s thinking was her mention of “emerging opportunities we see in this space,” which could be a reference to supporting the number of cyber security-related companies in Canada, from BlackBerry to startups working on quantum computing.
At one point she said the government knows there are “lot of experts working hard to make this country a world leader in cyber security [solutions], and moving forward the federal government can play a central role in several areas.”
In 2016 New Brunswick announced an economic development strategy on cyber security and cyber innovation.
The country’s current cyber security strategy was drafted in 2010 by the Harper government, setting the goal of protecting the integrity of government systems, critical assets, combating cyber crime and protecting Canadians online.
However, as Merchant noted, since 2010 cyber attacks have increased and are more complex. Last fall the Trudeau government opened a public consultation on an updated strategy.
The broad goals of 2010 are similar to the five principles Merchant laid out. No one expects the new strategy’s basics will be different.
But a new strategy could put emphasis in different places or add new components. Among them could be
–creating or encouraging a process for small and medium businesses that pass a test to be certified as “cyber secure,” following the lead of the United Kingdom. The idea is to promote confidence in online commerce. New Brunswick has adopted that program and will shortly announce how it will roll out in other provinces.
–more money for federal cyber institutions such as the RCMP, the Canadian Security Establishment (the country’s spy agency, which is also charged with protecting federal networks), the Canadian Anti-Fraud Centre and the Canadian Cyber Incident Response Centre (CCIRC). Many police forces have been urging Ottawa to set up and fund a National Cyber Crime Co-ordination Centre where small and medium businesses would report cyber incidents (enterprises would report to CCIRC). It would also be a data collection and reporting source;
–a federal push for an international treaty or agreements on accepted government cyber practices, fighting cyber crime and promoting online freedom. Almost a year ago Australia appointed an ambassador for cyber affairs as part of its cyber strategy. Last month it announced a new international cyber engagement strategy.
In her speech Merchant mentioned other areas Ottawa is thinking about, including working with the private sector
–to help small and medium businesses face cyber threats;
–create new tools that will help current encrypted data be protected from quantum computers in the future from cracking the protection;
–ensure smart cars and smart cities are secure;
–and ensure digital currencies and technologies like bitcoin and blockchain are designed to benefit all Canadians.