OTTAWA – Government and industry insiders have high expectations next week’s federal budget will contain big investments to help Canada reinforce its cybersecurity defences in an age of heightened global threats to businesses, privacy and democracy.
A senior government official says Tuesday’s budget is poised to dedicate funding for a multi-departmental effort to strengthen the country’s protections and response capabilities in the event of an attack.
Communications Security Establishment Chief Greta Bossenmaier speaks with Public Safety and Emergency Preparedness Minister Ralph Goodale as they wait to appear before the Standing Committee on Public Safety and National Security, in Ottawa on Thursday, November 30, 2017. THE CANADIAN PRESS/Adrian Wyld
The official, speaking on condition of anonymity about details not yet public, said Ottawa’s cyber-effort would touch multiple corners of the government. Sources say it’s expected to involve Economic Development, Public Safety, Democratic Institutions and National Defence, as well as Canada’s cyberspy agency.
Budgetary cyber-commitments would arrive at a time of intensifying fears over hacking threats on many fronts – from the privacy of citizens, to financial systems, to the democratic process.
Support would also land as the government turns its attention to shielding the 2019 federal election from cybercriminals and, in particular, at a time of deep concerns about the role Russia may have played in the last U.S. presidential vote.
The size of any federal commitment remains to be seen, said the official.
Governments, the private sector and central banks around the world have been building new strategies to counter an alarming rise in cyberattacks. For example, the Bank of Canada has poured resources into developing plans on how to prevent breaches, contain any damage and pick up the pieces afterwards, if necessary.
The federal government has undertaken a cybersecurity review, led by the Public Safety Department. The work is intended to inform the still-in-progress renewal of the government’s cyberstrategy.
In addition, legislation before Parliament would substantially increase the powers of the country’s cyberspy agency, the Communications Security Establishment, to both defend against assaults and go on the offensive when necessary.
An association representing tech leaders is urging the government to make sure Canada’s own industry is at the centre of any federal strategy.
“Security and sovereignty are closely linked and building domestic capacity in cyber is critical…. It’s something all advanced economies are doing,” said Benjamin Bergen, executive director of the Council of Canadian Innovators.
“Not just for economic purposes – but it’s existential. Without a domestic capacity in cyber, we risk becoming a client state.”
He said the council’s tech CEOs have had lots of regular engagement on cyber with high-ranking government officials from several departments and agencies as well as lawmakers, including Public Safety Minister Ralph Goodale.
The group would like to see the budget contain procurement opportunities for the domestic industry and a strategy to help develop and retain cyber talent. Canada has some of the top cyber firms in the world, Bergen said.
Last week, Economic Development Minister Navdeep Bains said in an interview that, in general, the government fully intends to work with the domestic cyber industry. Bains did not, however, share any budget details.
“We have an incredible, strong footprint when it comes to cyber technology and a cyber industry in Canada and we want to continue to see that sector and that industry grow,” said Bains, who not only wants to protect large firms from cyberattacks but smaller businesses, too.
“Because that can compromise our supply chains, that can compromise their ability to compete globally as well…. We really need industry to work with us and there’s a lot of goodwill and collaboration taking place.”
A recent report found that the average cost of cyber breaches in Canada, per organization, is $3.7 million every year in direct and indirect costs. Canadian organizations are reporting an average of 455 attacks per year, more than one per day, said the study by Scalar IT services company.
Last year, the Communications Security Establishment released a report that warned Canada’s 2019 election will likely be a bull’s-eye for cyberattacks.
The Bank of Canada has warned that the country’s interconnected banks are vulnerable to a cascading series of cyberattacks, something that could undermine broad confidence in the financial system.
The central bank’s governor, Stephen Poloz, has described a severe cyberattack as his worst nightmare because he struggles to picture what such an event, and the severity of the resulting damage, might even look like.