Over the last few decades, public institutions and governments across Canada have become more and more reliant on the digital world to deliver programs and services. While providing faster and higher quality service delivery, reliance on information technologies means that the Government of Canada, like every other public and private sector organization in the world, is subject to ongoing and persistent cyber threats.
While there are already effective safeguards and procedures in place, there is a need to continuously strengthen them to detect, disrupt, and prevent cyber threats and to ensure the protection of government information and assets.
Today, the Honourable Anita Anand, President of the Treasury Board of Canada (TBS) released the Government of Canada's first Enterprise Cyber Security Strategy. The strategy is supported by Budget 2024's investment of $11.1 million over 5 years to support its implementation.
The strategy outlines a proactive, whole-of-government approach to ensure that the Government can quickly and effectively combat cyber threats and address vulnerabilities across the government's digital estate. The strategy aims to help safeguard government systems, protect Canadians' information and strengthen the resilience of digital government to ensure the continued delivery of secure and reliable digital services. To achieve this, the strategy has outlined 4 main objectives:
- Articulate cyber security risks and their impacts
- Prevent and resist cyber attacks more effectively
- Strengthen capabilities and resilience across the government to proactively prepare for, respond to and recover from cyber security events
- Attract a diverse Government workforce with the right cyber security skills and knowledge
The immediate implementation of the strategic goals will begin with the first phase to support:
- Establishing a centralized evaluation system with independent assessments and thorough reviews of departments' cybersecurity to identify and prioritize risks.
- Creating a federated integrated risk management platform to enable prioritization and data-driven reporting as a key part of a broader enterprise portfolio management system.
- Creating a government-wide vulnerability management program for a coordinated vulnerability disclosure process and will focus on people, processes, policies, and technology.
- Forming a new Purple Team that will emulate techniques used by malicious threat actors against government systems to proactively test and audit any security gaps.
TBS will continue to work with its partners, including Shared Services Canada and the Communications Security Establishment to effectively respond to and recover from cyber events in a timely manner and maintain the continuous delivery of Government programs and services for Canadians.