On December 16, Prime Minister Justin Trudeau released mandate letters tasking his ministers of national defense, foreign affairs, public safety, and industry to develop a new “National Cyber Security Strategy.” He specifically highlighted the need for the strategy to “articulate Canada’s long-term strategy to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace,” as quoted by Global News.

The directive did not appear out of nowhere. Canada’s intelligence community has issued several key warnings of cyberattacks in the past few years. Back on March 19, 2020, for example, the Communications Security Establishment (CSE) released an alert revealing that cyber criminals and nation-state actors were actively attempting to exploit fears surrounding the COVID-19 pandemic to target Canadian healthcare organizations with attack attempts and data theft. Most recently, CSE released a report in which it revealed that more than half of Canada’s known ransomware victims for 2021 were critical infrastructure providers. The agency also confirmed that it had used its “legal authority to conduct cyber operations to disrupt foreign-based threats to Canada, including cybercriminals,” per CBC News.

Streamlining Cyber Security Strategy

It is great to see the initiative here to build a National Cyber Security Strategy in Canada. However, the key here will be how swiftly can Trudeau’s ministers develop and implement that strategy. Cybersecurity threats are evolving quickly, and as we have seen most recently with Log4J, sometimes they need to be addressed very quickly. It will be important for this National Cyber Security Strategy to include things that ensure a well-built foundation of best practices.

The good thing is that Canada does not need to reinvent the wheel. Why would they when they can look to best practices such as the Center for Internet Security’s Critical Security Controls (CIS Controls) (Read more...)