Organizations that want to sell software and hardware to the Canadian defence department will soon have to meet requirements of a new cyber security certification program.
Defence Minister Anita Anand said today the government is creating a Canadian program for cyber security certification that will result in mandatory certification requirements in select federal defence contracts as early as winter 2024.
Public Services and Procurement Canada (PSPC), National Defence, and the Standards Council of Canada will establish this new program. Consultations with the defence industry and other key stakeholders are expected to begin late this year.
As part of the latest federal budget, Ottawa allocated $25 million over three years for the creation of the cyber security certification for defence procurement.
Without the certification, Canadian suppliers risk being excluded from future international defence procurement opportunities, the government said in a news release. The new program aims to reduce industry burden by pursuing mutual recognition between Canada and the U.S., allowing certified Canadian suppliers to be recognized in both jurisdictions.
“The Canadian Program for Cyber Security Certification will help ensure that the Canadian Armed Forces have the secure tools that they need to meet their operational demands, today and into the future,” Anand said in a statement. “Because this certification will increase the trust in the resiliency of Canadian suppliers, our world-class defence industry will also benefit, and be in an even better position to access procurement opportunities with our closest allies.”
David Shipley, head of New Brunswick’s Beauceron Security, called it a good move. “The right incentives are in place for this program to be successful, as defence suppliers risk losing out on business with the government if they don’t get certified, something that was sorely lacking from the previous cross-sector Cybersecure Canada certification that the government is now phasing out after low uptake.”