Question Period Note: GOVERNMENT CYBER SECURITY

The Government of Canada is faced with daily cyber threats. These attacks may pose a risk to government infrastructure, or when aimed at private enterprise, raise the Government of Canada security posture.

• The Government of Canada, like every other government and private sector organization in the world, is subject to ongoing and persistent cyber threats.
• We have robust systems and tools in place to monitor, detect and investigate potential threats, and we take active measures to address and neutralize them.
• We are continuously working to enhance cyber security in Canada by identifying cyber threats and vulnerabilities, and by preparing for and responding to all types of cyber incidents to better protect Canada and Canadians.

• The domain of cyber security is dynamic, with a threat environment that is constantly evolving. While no measures can prevent 100% of cyber incidents, the Government of Canada is committed to making the safety and security of Canadians’ information a top priority.
• The Government of Canada is continuously working to enhance cyber security in Canada by preventing attacks through robust security measures, identifying cyber threats and vulnerabilities, and by preparing for and responding to all kinds of cyber incidents to better protect Canada and Canadians.
• The Government of Canada operates under the Policy on Government Security and supporting Directive on Security Management.
• Guidance for managing cyber events and incidents of any kind, is outlined in the Government of Canada Cyber Security Event Management Plan. This plan outlines the stakeholders and actions required to ensure that cyber security events are addressed in a consistent, coordinated and timely fashion government wide.
• Since the release of Canada’s Cyber Security Strategy in 2010, the Government has made significant progress in strengthening the security of federal cyber systems and protecting Canadians information.
• The Government has improved its enterprise capacity to detect and defend against cyber threats; centralized Internet access points; launched an enterprise security architecture program; and implemented a whole-of-government incident response plan.
• All Government of Canada departments and agencies have responsibility to ensure cyber security within their organization. Departments ensure the security of desktops and applications.
• Treasury Board of Canada Secretariat is responsible for strategic oversight of Government of Canada cyber security event management to ensure effective coordination of major security events and to support government-wide decision-making. Treasury Board of Canada Secretariat’s Chief Information Officer for the Government of Canada sets Information Technology security policy.
• Communications Security Establishment’s 24/7/365 Canadian Cyber Security Centre monitors government systems and networks for malicious activities and cyber-attacks. Communications Security Establishment provides foreign signals intelligence from across the globe. It provides advice, guidance and services to protect electronic information and infrastructures of importance to the Government. It also provides technical and operational assistance to federal law enforcement and security agencies.
• Shared Services Canada provides the IT security infrastructure (design and operation). In conjunction with Treasury Board of Canada Secretariat and Communications Security Establishment, Shared Services Canada also provides security and privacy by design as part of the establishment of new services. The security of goods and services at all stages of the procurement process is evaluated to ensure what we buy from suppliers is as safe from cyber security threats as possible.

KEY FACTS
• Budget 2018 investments include $2.2 billion to enable digital services and to support related cyber security measures, and $507.7 million to implement a new National Cyber Security Strategy, including the establishment of the Canadian Centre for Cyber Security.
• Communications Security Establishment’s 24/7/365 Canadian Cyber Security Centre monitors government systems and networks for malicious activities and cyber-attacks.
• In conjunction with Treasury Board of Canada Secretariat and Communications Security Establishment, Shared Services Canada provides security and privacy by design as part of the establishment of new services.