Five Take-Aways From Canada’s New Cybersecurity Strategy
The Canadian government has developed a new cybersecurity strategy to bolster Canada’s ability to combat cybercrime and “safeguard Canadians’ digital privacy, security and economy.” At the heart of the strategy is a greater focus on investing in research and development, partnerships for innovation, stronger law enforcement, and guidance for those most vulnerable to cyber-attack. The ultimate goal of implementing this strategy? Realizing a future in which all Canadians play an active role in shaping and sustaining the country’s cyber resilience.
We explore five key take-aways from Canada’s new cybersecurity strategy and how they can support our economy and digital security:
1. Over $500 million is planned to be invested in cybersecurity in the next five years
- This is the single largest investment in cybersecurity ever made by the Canadian government. The increased investments are in response to the growing threat of cyber-attack. The strategy notes that cybercrime costs Canada over $3 billion a year, but that internationally, the annual cost is expected to rise to $6 trillion (US) by 2021. Investments, however, are about more than combatting cybercrime. Digital technologies are already transforming the way we live and work, creating efficiencies and adding convenience in a fast-paced world. Indeed, cybersecurity is driving innovation and economic activity in Canada. More than 11,000 people have well-paying jobs in the field and cybersecurity represents $1.7 billion of Canada’s GDP. The global cybersecurity industry is also expected to grow by 66 percent by 2021 – offering Canada valuable economic opportunities to compete in the global cyber space.
2. Canada will expand RCMP’s capacity to investigate cybercrime
- Part of the $500 million investment will go towards creating the National Cybercrime Coordination Unit in the RCMP to investigate major cybercrimes targeting government and critical infrastructure. The unit will support and coordinate investigations between police forces across the country and provide a hub for RCMP’s international partners to investigate the most serious crimes and threats.
3. Public and private partnerships will be leveraged to boost innovation and protection
- Funding will also go towards the creation of the Canadian Centre for Cybersecurity to act as the trusted national authority on matters related to cybersecurity. The centre will support leadership and collaboration between different levels of government and international partners on cybersecurity initiatives, while providing valuable resources and tools to citizens and businesses.
4. A greater focus on filling the skills and knowledge gap
- The Canadian government reports in its cybersecurity strategy that small and medium organizations represent 71 percent of data breach victims. These organizations also tend to be less equipped to deal with cybersecurity risks. The Canadian Centre for Cybersecurity plans to offer guidance and tools tailored to these organizations as well as a new voluntary cybersecurity certification program. The strategy also notes a shortage in cybersecurity talent, which is why action plans will be developed to promote STEM fields to prospective students and leverage partnerships with the private sector and academic institutions to support R&D.
5. A public call for legislation and standards
- To support the development of the new strategy, the government conducted its first public consultation on cybersecurity and received over 2,000 submissions. Public feedback revealed the need for cybersecurity legislation or standards to help clarify requirements and assist organizations in improving their cybersecurity measures.
Where do standards and cybersecurity assurance fit in the strategy?
Raising the baseline of cybersecurity across the country will involve multiple initiatives, including:
- investments in cybersecurity R&D;
- partnerships with private sector leaders to leverage their world-class capabilities in cybersecurity technology and programs;
- collaboration with international partners and organizations to support strong digital economies; and
- legislation, standards, or other guidance to support global trade with security in mind.
As a standards development organization and global provider of testing, inspection, and certification (TIC), CSA Group recognizes the importance of standards in a global marketplace where safety and security matter. Standards outline the requirements to which these products must conform, and as we continue the shift to digital – and gain more awareness of cybersecurity and cyber-threats – governments, organizations, and individuals will look for confirmation that products entering the market meet specific standards. This is especially true for manufacturers of connected products and software solutions.
That’s why we’re increasingly devoting more attention to standards solutions in the digital field. For example, as our healthcare system deals with cost pressures and an aging population, Active Assisted Living (AAL) will play an important role in empowering people to live healthy and independently. But to properly leverage AAL and its supporting technology, coordination and information sharing among researchers, product producers, app developers, and healthcare providers will be needed. As this increases the risk of a breach, our research with the Ubiquitous Health Technology Lab (UbiLab) at the University of Waterloo will explore the potential for a secure data-sharing platform and standards to improve the security of health apps and devices.
Beyond our expertise in standards research and development, our long history of working with emerging technologies means that we can provide guidance on how you can approach the regulatory requirements, procurement requirements, and business risks associated with building out a cybersecurity assurance program in your industry. A custom training workshop is one way to receive that guidance and understand the specific cybersecurity standards for your product.
Our comprehensive cybersecurity services can also help demonstrate the security of your product to customers. Services include:
- Gap Analysis – A maturity and standards compliance assessment of the lifecycle process or product design to determine weaknesses and necessary improvements.
- Bench Testing – Independent product testing to support an organization’s security assurance claims.
- Security Attestation – An informative report with a statement of compliance to a specific standard, guidance or set of requirements, which may be required for market entry.
As cybersecurity receives more national attention – and citizens and businesses demand guidance, best practices, and proof of security – standards and TIC can play a critical role in meeting these demands to support a strong digital economy with safety and security top of mind.
 International Data Corporation Canada (2016), Canadian ICT Predictions and Forecast: Digital Transformation and Disruption, cited in Public Safety Canada (2018), National Cyber Security Strategy. Retrieved from: http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg/index-en.aspx
 Research and Markets (2016), Cyber Security Market – Global Forecast to 2021, cited in National Cyber Security Strategy.