According to a parliamentary committee, Ottawa should increase the country’s cybersecurity maturity by helping small and medium-sized businesses buy IT equipment, as well as promoting post-high school cyber defense education programs.
The recommendations are part of a report released this month by the House of Commons’ Public and National Security Committee that examines Canada’s readiness to counter threats from Russia.
While it was prompted by Russia’s February 2022 invasion of Ukraine, many of the 21 recommendations in the 53-page report go beyond just relations with Moscow.
They include a request to the federal government:
– Work with provincial and territorial governments to establish and promote accredited post-secondary cyber defense training programs. The obvious goal is to address the shortage of cybersecurity professionals;
— ensure that operators and businesses of all sizes connected to critical infrastructure have the cybersecurity experts, experience and resources they need to protect against and recover from malicious cyber activity; and what they report on their ability to meet cybersecurity standards;
— inform the Communications Security Establishment (CSE), responsible for protecting federal IT networks and advising the private sector through the Canadian Cybersecurity Center, about expanding the tools used to educate small and medium enterprises on the need to implement cybersecurity. safety standards;
– take steps, including possibly accelerated capital cost compensation or other tax measures, for small and medium-sized enterprises to make the investments necessary to comply with CSE’s basic cybersecurity controls;
Examines the full extent of state-sponsored disinformation targeting Canada and reports its findings to Parliament annually.
The report also recommends that the government require operators of critical infrastructure to prepare for, prevent and report major cyber incidents. Not to mention, this recommendation is identical to the proposed legislation that the government has already submitted.
Reaction to the recommendations has been mixed. “Good ideas,” said David Swan, director of cyber intelligence in Alberta for the Center for Strategic Cyberspace and International Studies, an international think tank, “but it will take years to implement and even longer to see results.” He added: “I’m sure Canada lacks the resources to implement some of the recommendations.”
Similar recommendations from this committee have been considered before, with little follow-up, complained Christian Leuprecht, a professor at Queen’s University and a senior fellow in security and defense at the MacDonald Laurier Institute.
“The merciful interpretation I would take is that the government doesn’t want to talk about it,” he said. “It’s not on his political agenda, so it’s not a priority… It’s going to detract from messaging, detract from the political agenda, and possibly create controversy. The minority government has decided that these are not its priorities.
In fact, he added, the same cybersecurity issues raised in public safety hearings are being raised before the National Defense Committee, which this year began sessions on cybersecurity and cyberwarfare. [Leuprect was a witness last Friday.] “We keep checking the same issues over and over again and it seems very difficult to get any kind of support,” he said.
“It’s tragic that we have committee hearings that do a very good job of writing very good reports, and now we know that those reports seem to remain deaf to the prime minister’s office … A lot of the things we need to do to restrict China”.
IT world of Canada left phone and email messages to committee chairman Liberal MP Ron McKinnon for comment. There were no answers.
Leuprecht agreed that many of the recommendations of the Public Safety Committee on cybersecurity are vague. But also, he added, “these are low-hanging fruits. These are the main things the government should be doing. And the fact that the committee has to point them out is, in my opinion, embarrassing.”
He said approvingly that it was a unanimous report, but so was the 2018 report on financial sector cybersecurity from the same committee, which Leuprecht felt took no action. “The longer we sit idle, the further we fall behind.”
One recommendation that impressed him is that Ottawa explore options for a cyber defense command structure between Canada and the US. “If we can’t force adversaries to adhere to cyber norms, we need to take an active and offensive stance to draw red lines and hit them hard every time they cross them.”
