Canada’s Cyber Security Strategy

Public Safety Canada has released their Cyber Security Strategy. 

  • Canadian online sales in 2007 were estimated at $62.7 billion;
  • In 2007, 87% of Canadian businesses used the Internet;
  • 74% of Canadian households had paid Internet service in 2008;
  • 59% of personal tax filings were electronic in 2008;
  • 67% of Canadians banked online in 2009.

The Message From The Minister by Vic Toews includes:  

Canadians – individuals, industry and governments – are embracing the many advantages that cyberspace offers, and our economy and quality of life are the better for it.  But our increasing reliance on cyber technologies makes us more vulnerable to those who attack our digital infrastructure to undermine our national security, economic prosperity, and way of life.

Our systems are an attractive target for foreign military and intelligence services, criminals and terrorist networks. These groups are breaking into our computer systems, searching through our files, and causing our systems to crash. They are stealing our industrial and national security secrets, and our personal identities.

We don’t see them, we don’t hear them, and we don’t always catch them. At times they are mere nuisances. At other times, they present real threats to our families, companies and to our country.  Canada’s Cyber Security Strategy is our plan for meeting the cyber threat.

My first impression is that the document is a good start.  Statements like “even attackers with only basic skills have the potential to cause real harm …  Dealing with cyber threats in isolation is not enough. Through the implementation of this Strategy, the Government will continue to work with the provinces, territories and the private sector in a concerted effort to address the threats facing Canada and Canadians.”  shows that the government understands the problem, and is trying to demonstrate leadership. 

The plan is based on 3 pillars;  Securing Government Systems, Partnering Outside Government, and Helping Secure Canadians.  This strategy continuously calls for “working cooperatively”, with governemnt, academia, private sector and individual Canadians.  What remains lacking is the specific guidance required to implement controls.   I believe that the need for a national CIRT/CERT in Canada has never been more clearly expressed in these 3 requirements; an organization that can help Canada by supporting and laying out the missing steps of the strategy.   We still do not have a Canadian CIRT! 

The strategy is here: