Feds release first enterprise cybersecurity strategy
The federal government has released its first enterprise cybersecurity strategy, supported by its 2024 budget’s investment of $11.1 million over five years for implementation.
As Canada’s public institutions rely more and more on information technology (IT) for digital program and service delivery, they are subject to ongoing, persistent cybersecurity threats. The strategy aims to strengthen safeguards and procedures to detect, disrupt and prevent such threats and address vulnerabilities, to protect government information and assets.
The government has outlined the following four main objectives for the strategy:
- Articulate cybersecurity risks and their impacts.
- Prevent and resist cybersecurity attacks more effectively.
- Strengthen capabilities and resilience across the government to proactively prepare for, respond to and recover from cybersecurity events.
- Attract a diverse government workforce with the right cybersecurity skills and knowledge.
The first phase will support:
- Establishing a centralized evaluation system, with independent assessments and thorough reviews of departments’ cybersecurity, to identify and prioritize risks.
- Creating a federated, integrated risk management platform to enable prioritization and data-driven reporting as a key part of a broader enterprise portfolio management system.
- Creating a government-wide vulnerability management program for a co-ordinated vulnerability disclosure process and to focus on people, processes, policies and technology.
- Forming a new team that will emulate techniques used by malicious threat actors against government systems to proactively test and audit any security gaps.
The Treasury Board of Canada Secretariat will work with its partners, including Shared Services Canada and the Communications Security Establishment, to respond to and recover from cyber events in a timely manner and maintain the continuous delivery of government programs and services.