A parliamentary committee says Ottawa should improve the country’s cyber security maturity by helping small and medium businesses buy IT gear as well as promoting secondary cyber defense training programs.
are part of the recommendations A report released this month Canada’s readiness to respond to threats from Russia was reviewed by the House of Commons Public Safety and National Security Committee.
Although inspired by Russia’s February 2022 invasion of Ukraine, many of the 21 recommendations in the 53-page report are broader than just dealing with Moscow.
These include asking the federal government to:
Work with provincial and territorial governments to create and promote accredited post-secondary cyber defense training programs. The stated goal is to make a dent in the cyber security talent shortage;
– Ensure that critical infrastructure operators and enterprises of all sizes have the cyber security experts, expertise and resources they need to prevent and recover from malicious cyber activity; and that they report on their ability to meet cyber security standards;
Tell the Communications Security Establishment (CSE) – responsible for protecting federal IT networks and advising the private sector through the Canadian Cyber Security Center – about the need for small and medium-sized businesses to adopt cyber security standards To broaden the tools used to educate enterprises;
– take steps, possibly including accelerated capital cost allowances or other tax measures, for small and medium-sized enterprises to make the necessary investments to comply with the CSE’s baseline cyber security controls;
Investigate the full extent of state-sponsored disinformation targeting Canada and report its findings annually to Parliament.
The report also recommended that the government require critical infrastructure operators to prepare for, prevent and report serious cyber incidents. without saying that, this recommendation is similar The government has already introduced the proposed law.
Reaction to the recommendations was mixed. “Good idea,” said David Swan, director of cyber intelligence based in Alberta. Center for Strategic Cyberspace and International Studies, an international think tank, “but it will take years to implement and longer to see results.” “I believe Canada lacks the resources to make some of the recommendations a reality,” he said.
Similar recommendations by this committee have been seen before, and Christian Lauprecht, Queen’s University professor and senior fellow in security and defense at the Macdonald Laurier Institute, complained.
“The charitable explanation I would give is that the government doesn’t want to talk about it,” he said. “It is not its policy agenda, therefore it is not a priority… It will distract from the messaging, distract from the policy agenda and possibly become controversial. A minority government has decided that this is not where its priorities are.”
In fact, he said, cyber security issues similar to those raised at the public safety hearings are being raised before the National Defense Committee, Which started the session on cyber security and cyber warfare this year. [Leuprect was a witness last Friday.] “We keep validating the same problems over and over again, and it seems like it is very difficult to get any traction,” he said.
“It is sad that we have committee hearings that do a very good job of writing very good reports, and now we know that these reports fall on deaf ears at the Prime Minister’s Office… We have to do a lot to coerce China. things need to be done. ,
IT World Canada Committee chair Liberal MP Ron McKinnon left phone and email messages asking for his comments. There was no answer.
Lauprecht recognized that many of the cybersecurity recommendations from the Committee on Public Safety are vague. But at the same time, he said, “those are low-hanging fruit. These are basic things that the government should be doing. And the fact that a committee has to point them out is in my view shameful.”
It is a unanimous report, he said approvingly – but it was 2018 Cyber Security Report on the Financial Sector Lauprecht believes that little action came from that same committee. “The longer we don’t act, the further we fall.”
One recommendation that impressed him is that Ottawa explore alternatives to the Canada-United States Cyber Defense Command structure. “If we cannot get adversaries to comply with cyber norms, we need a proactive and aggressive posture to draw red lines and hit them hard every time they cross them.”
