Question Period Note: Cyber Security

Cyber security is one of our most serious economic and national security challenges. The COVID-19 pandemic has illustrated the extent to which Canadians and Canada’s economy are reliant upon digital infrastructure.

• The Government of Canada recognizes that more than ever, secure and reliable connectivity is a necessity for our daily lives and our collective safety and security, as it underpins the delivery of critical services such as health care, financial transactions, safe transportation, and emergency communications.

• Through the National Cyber Security Strategy, the Government is taking decisive action to strengthen Canada’s defence, preparedness and enforcement against cyber threats. The Strategy was paired with the largest investment in cyber security ever made by the Government of Canada, totalling close to $1 billion in the 2018 and 2019 federal budgets.

• The Government of Canada is continuously working with partners to detect, deter, and disrupt state and other malicious actors who are attempting to take advantage of the Canadian cyber landscape.

• The Government of Canada shares advice and guidance with organizations to increase cyber security and prevent compromises.

If asked about cyber security in context of COVID-19:

• Unfortunately, we have seen that malicious actors, such as cyber criminals and state actors, continue to attempt to take advantage of the environment created by COVID-19 to exploit particular sectors, such as health.

• Since the onset of the COVID-19 crisis, the Government of Canada has continued to engage with domestic and international partners in order to protect Canada’s critical infrastructure and the systems that underpin essential services.

• There is a concerted effort by the Government of Canada to identify and take action on potentially malicious or fraudulent cyber incidents related to COVID-19.

Malicious cyber activity directed at the digital systems that underpin essential services and critical infrastructure are a constant concern for businesses, individuals, and all levels of governments in Canada. The current COVID-19 pandemic highlighted the importance of sound cyber security, as Canadians increasingly live and work online.

Threat Environment
Cyber security is one of our most serious economic and national security challenges. Today, Canada and Canadians are facing a rise in the number and sophistication of threats to national and personal security. Hostile state actors and cyber criminals are targeting our critical infrastructure, government institutions, sensitive scientific information and intellectual property, as well as individual Canadians’ privacy and finances. As the borderless risks that Canada faces in cyberspace continue to grow in size and complexity, Canada is no longer protected by its geography. State and non-state actors continue to challenge Canadian values and interests in non-traditional domains where they operate with near ‘immunity.’ These threats are increasingly significant as they seek to exploit ongoing efforts towards the digitalization of Canada’s economy.

The COVID-19 pandemic has underlined the importance of establishing and maintaining effective cyber security practices. Adversaries, both criminal and state, are continuing to use the current situation to exploit, access, and/or extract information to further their objectives. For example, malicious actors have been more likely to target the health sector due to its increased vulnerability during the pandemic.

Government of Canada Response
The Government of Canada (GC) is responsible for enforcement against cyber threats, responding to evolving national security threats, and defending critical GC systems. Federal government interventions to protect cyber systems take many forms, including helping to inform potential victims of malicious cyber activity and helping computer security professionals adopt best practices to prevent and react to incidents in order to minimize the impact on essential operations. The federal government also continues to work with provincial and territorial governments, associations, academia and industry, under the auspice of the National Cyber Security Strategy (the Strategy), to advance cyber security policy that can be adapted to these issues.

Budget 2018 invested $507.7M to create the Strategy, which works to achieve its vision of security and prosperity in the digital age through three national-level goals:
• Work with Canadian partners to establish more secure and resilient systems;
• Promote an innovative and adaptive cyber ecosystem; and
• Demonstrate effective leadership, governance and collaboration, including through the consolidation of federal technical expertise in a Canadian Centre for Cyber Security.

Further federal investments in cyber security have been made since the creation of the Strategy, including $144.9M over five years starting in 2019-20 to protect Canada’s critical infrastructure from cyber threats; $80M over four years starting in 2020-21 to grow Canada’s research advantage in cyber security; $4.1M over five years starting in 2021-22 to continue Canadian cyber security and cybercrime survey program; and $456.3M over five years, starting in 2021-22 to improve and defend our cyber networks.

In order to protect Canada’s critical infrastructure, the Communication Security Establishment’s Cyber Centre has continued to engage with provinces, territories, municipalities, and industry throughout the COVID-19 pandemic to increase cyber security and prevent successful compromises. Likewise, Public Safety’s Regional Resilience Assessment Program’s (RRAP) Cyber Assessments Team has various assessment tools to provide expert advice and guidance to critical infrastructure owners and operators on how to improve their cyber security and cyber resilience posture. This work has been performed in close collaboration with the Communications Security Establishment, which uses the reports to better understand sectorial gaps and optimally target programs and resources to mitigate cyber risks.

To combat the increase in scams/phishing, the Royal Canadian Mounted Police (RCMP), the Cyber Centre, and the Canadian Radio-television and Telecommunications Commission work together to detect, deter and disrupt cyber incidents. The Canadian Anti-Fraud Center (CAFC) and the RCMP’s National Cybercrime Coordination Unit (NC3) continue to collaborate with Canadian and international law enforcement partners, federal departments and the private sector to mitigate and disrupt threats. From the national security perspective, CSIS is mandated to investigate cyber-enabled espionage, sabotage, foreign interference and terrorism to determine the motivations and capabilities of threat actors. This intelligence is then disseminated to inform GC partners on cyber attributions, policies, investments and governance.

None