Canada’s Five Eyes affiliates buy three times as much Canadian cyber products and services from Ottawa, an industry association has complained to a parliamentary committee.
While between 2018 and 2020, the sector grew by over 30 per cent in terms of employment, R&D activity and revenue, Christine Cianfarani, chief executive of the Canadian Association of Defense and Security Industries (CADSI), told the Defense Committee of the House of Commons on Friday that only eight per cent of the sector’s revenue comes from Canadian government contracts.
“These numbers speak to one of the central challenges we face in this country when it comes to cyber,” Cianfarani said. “Our allies see more value in Canada’s cyber security sector than they do in Canada. Something’s wrong with that picture.”
She was one of several witnesses to testify before the committee this year, which is looking into the country’s ability to withstand cyber security attacks and cyber warfare.
Material related to previous hearing: Give tax breaks so small Canadian companies can invest in cyber security, parliament told
Cianfarani complains that the federal government doesn’t buy enough from domestic companies The latest in a series of pleas from industry for more support.
“One flip side of the coin is that Canada needs to acquire more from our own industrial base, using procurement as a policy lever to drive innovation and scale into Canadian businesses,” he told MPs. “The other side of the coin is that Canada needs to shop at the ‘speed of cyber’.” A slow procurement process is a recipe for purchasing outdated or obsolete cyber technology. Innovation cycles in this domain are measured in months or weeks,” he said.
Related Content: CADSI 2021 Report “Procurement on Cyber Speed”
When asked by a committee member what could speed up procurement, he urged the government to have a more flexible procurement process, including, in some cases, fast-track approval: if a product or service is imported into Canada by a Canadian company, is made with citizens who have security clearance and the intellectual property remains in Canada,” BOOM, I [a government purchaser] can buy”
“Resolving these issues boils down to one word: collaboration” he maintained. “Canada needs a lot more collaboration, knowledge sharing and co-development between the government and the private sector. Some positive steps have been taken in this direction, but we are nowhere near where we need to be. While Agencies like CSE [The Canadian Security Establishment, responsible for protecting federal IT networks] While very capable, CADSI’s research has shown that our government lags behind its peers when it comes to dealing with the sector in an institutional manner. Our partners are currently collaborating with industry in Ukraine in real time.
He said Ottawa needs to establish a recurring forum for dialogue and discussion on cyber issues with all key players, including the CSE, the Department of Defence, Global Affairs and Public Safety Canada.
Cianfarani said Canada also needs better systems for threat-sharing that link open sources with government and industry sources of information about breaches, indicators and possible responses. This would mean rationalizing what is unclassified and what is classified, and who has access to what.
He said the government should consider sandboxes and collaborative lab spaces to test new technologies and capabilities together at scale, and exchange talent between the public and private sectors, such as the UK’s Industry 100 program and There is a new Talent Exchange which has just been started by CSE. That said, that can begin to address the cyber talent shortage we’re all facing, because cannibalizing each other isn’t going to work. Reservists with cyber and computing skills employed by companies could be an attractive way to support the restructuring of CAFs, he suggested, as long as the government does not claim intellectual property and patents that reservists hold while employed in the private sector. Let’s make ,
Cianfarani also urged Ottawa to adopt America Cyber Security Maturity Model Certification (CMMC) standard that must be met before the product can be purchased by the Pentagon. He said that the CMMC would probably become the de facto Five Eyes, if not the global standard, for defense companies.
“In conclusion, nationally effective cyber defense is a team sport,” she said. “If our allies can achieve it, why can’t we?”