Protecting Canada's defence supply chains
The Government of Canada is committed to implementing robust cyber security measures, which are fundamental to Canada's economic stability and national security. The Canadian defence industry faces regular cyberattacks aimed at contractors and subcontractors, putting unclassified federal information at risk. It's essential for Canada to take action to protect these critical supply chains.
Today, the Honourable Jean-Yves Duclos, Minister of Public Services and Procurement and Quebec Lieutenant, announced the first phase in the implementation of the Canadian Program for Cyber Security Certification (CPCSC). In March 2025, the CPCSC will establish a cyber security standard for companies that handle sensitive unclassified government information in defence contracting.
The implementation of the CPCSC will be phased-in gradually, allowing companies to adapt their operations to meet new requirements. The first phase will involve releasing a new Canadian industrial cyber security standard, opening the accreditation process, and introducing a self assessment tool for level 1 certification. This will help businesses understand the program before a wider rollout later in 2025.
During the initial phases, certification will not be required during the bidding process, rather, only when the contract is awarded. The phased approach is designed to strengthen the resilience and security of Canada's defence supply chains, giving both the government and businesses the necessary time and resources to adapt to evolving cyber security standards.
