Canadians are increasingly becoming accustomed to cyber attacks. From hijacking critical infrastructure to data breaches, these attacks have been increasing in scale, frequency and complexity over the past few years. In 2021, CIRA Canadian Shield blocked 36 million malicious DNS requests for 150,000 users, pointing to the ubiquity of cyber threats.
That’s why the time is right for the renewal of the Government of Canada’s National Cyber Security Strategy (“the Strategy”). The Department of Public Safety completed a public consultation for the renewal of the Strategy in August. CIRA jumped on the opportunity to leverage its experience and expertise as a .CA TLD and cybersecurity services provider to share ideas for what Canada’s cybersecurity strategy should prioritize.
The consultation posed two questions: (1) what are the emerging cybersecurity issues in the next three, five or 10 years? And (2) what should the renewal of the Strategy focus on?
Underpinning CIRA’s submission is the idea that a robust cybersecurity ecosystem is necessary to protect Canadian citizens, institutions, the economy and society. CIRA’s goal is to enable a trusted internet for Canadians. In order to foster a trusted internet, Canadians must have cybersecurity awareness and protections in place to preserve data, devices and networks. Meaningful and effective cybersecurity measures require governments, industry leaders, civil society and individuals all play an active role.
Specifically, CIRA called for increased leadership and coordination from the Government of Canada around education, empowerment and funding for particularly vulnerable users, including municipalities, universities and colleges, schools and hospitals, (MUSH sector), SMEs and individual Canadians.
It is always tempting to look to emerging, complex or bleeding-edge technology such as quantum computing or the metaverse when thinking about security risks. The reality is that networked technology has become ubiquitous, and the internet—and its inherent risks—have already permeated every aspect of our lives. The Strategy must ensure that Canada is safe not just from criminals who target sophisticated critical infrastructure within strategic sectors of the economy, but also from those who see malicious opportunities in the most mundane transitions that comprise the daily networked lives of Canadians and Canadian institutions.
Collaboration, education and outreach
Second, we submitted that a renewed Strategy should prioritize federally-coordinated collaboration, education and outreach. In order to have a truly robust cybersecurity ecosystem, Canadians, Canadian businesses and Canadian institutions must be aware of the cyber threats they face, and the practices and tools available to protect themselves. It is critically important for the government to strengthen vulnerable sectors of society and the economy that do not typically consider themselves to be vulnerable or attractive to cyber criminals like the MUSH sector, not-for-profits, SMEs, and individuals. The Strategy should present a coordinated and cohesive framework to protect all Canadian citizens, institutions, and businesses.
Security and resilience
Finally, our submission stressed that the renewed Strategy should work to bolster security and resilience by anticipating and addressing technical threats, like botnets and malware. The current Strategy and its Action Plan lack initiatives to combat the most common technical threats facing Canadians. We submitted that Public Safety Canada should use the renewal of the Strategy to formalize a stronger, centralized coordination across federal departments and agencies. This will support in educating all Canadians on cyber attacks, as well as funding the adoption of cybersecurity technologies to enhance network resilience and security. We also provided several tangible steps the government could take to achieve this, including:
- The Government can provide threat data to trusted cyber security service providers to raise the baseline level of cyber security across the country.
- The Government can provide funds for the adoption of cyber security technologies by the MUSH sector and non-profits, like through the Canadian Digital Adoption Program (CDAP), and continue CDAP to secure Canadian SMEs.
- The Government should establish a ‘Canadian Internet Observatory,’ an independent, broadband policy think tank dedicated to promoting domestic internet infrastructure resiliency.
The renewal of the National Cyber Security Strategy presents a rich opportunity for the Government of Canada to formalize its role in protecting Canadian citizens, institutions, the economy and society from disruptive, expensive and dangerous cyber attacks. By prioritizing education, collaboration and outreach, while bolstering the security and resilience of Canadian networks, the Government of Canada can foster a robust cyber security ecosystem. In turn, this will also translate into a more trusted Canadian internet. CIRA looks forward to continuing its advocacy for a trusted internet for Canadians and a strengthened cybersecurity landscape.