Last week saw the rollout of a key piece of the Government of Canada's 2018 cyber security strategy as the Canadian Centre for Cyber Security ("CCCS"), first announced in June 2018,[1] went live.[2]

The Role of the New CCCS

The creation of the CCCS consolidates government cyber security operational units and enhances Canada's leadership role in cyber security. The new CCCS describes its role as follows:[3]

  • Informing Canada and Canadians about cyber security matters, as a single, clear, trusted source of information on cyber security for Canadians and businesses
  • Protecting Canadians' cyber security interests through targeted advice, specific guidance, direct hands-on assistance, and strong collaborative partnerships
  • Developing and sharing specialized cyber defence technologies and tools resulting in better cyber security for all Canadians
  • Defending cyber systems, including government systems, by deploying sophisticated cyber defence solutions [and]
  • Acting as the operational leader and government spokesperson during cyber security events.

What the CCCS Means for Canadians

For the general public, the most obvious change will be that the CCCS replaces Public Safety Canada ("PSC") as the government portal for Canadians seeking information on cyber security, identity theft and related issues. As of October 1, 2018, both the Canadian Cyber Incident Response Centre ("CCIRC") and the PSC's "Get Cyber Safe" public information campaign come under the CCCS's authority. Canadians seeking information and resources on cyber safety will find an updated Get Cyber Safe campaign page with a wealth of information on everything from identity theft to protecting small businesses to cyberbullying to current online scams and frauds.[4] (At time of posting, somewhat ironically, the page features a prominent warning about scammers falsely claiming to represent PSC or CCIRC.) Users can also interact with the Get Cyber Safe campaign across a number of social media platforms.[5]

The CCCS and the Cyber Security Community

Beyond its public-facing activities, the CCCS is intended to assert the government's leadership role in cyber security. The CCCS will collaborate with owners of critical infrastructure, other levels of government, and industry, will work with cyber security vendors in the development of their products, and plays the role of technical authority. It also offers downloadable tools such as its open-source "Assemblyline" malware detection and analysis software, originally released in late 2017.[6]

CCCS is deepening the government's collaboration with industry by entering into an information-sharing pact with the Canadian Cyber Threat Exchange ("CCTX"), Canada's first private sector hub for cyber security threat information sharing and analysis. The pact, announced in September before the CCCS rollout[7] and signed the same day CCCS went live,[8] provides for the sharing of government-gathered threat intelligence, combining this intelligence with information gathered by CCTX member organizations (which include key players in Canadian critical infrastructure including telecommunications, banking and transportation[9]).

The new head of the CCCS immediately demonstrated the body's relevance by announcing that an assessment of the threat of interference in the next federal election would be one of the centre's immediate priorities.[10]

The CCCS and Canada's new Cyber Security Strategy

Creating the CCCS is part of the Government of Canada's new cyber security strategy, released in June 2018[11] and backed with a commitment in the 2018 federal budget of $507.7 million in funding over five years.[12] The action follows the release of a comprehensive review of Canada's 2010 cyber security strategy, commenced in 2016 and culminating in a report released in 2017 which identified among other issues the need for greater public awareness and for greater public funding and resources in the field of cyber security.[13] The new strategy is built on three themes:

  • Security and resilience (by maintaining and improving the cyber security posture of federal departments and agencies, and enhancing law enforcement's ability to investigate and respond to cybercrime[14]);
  • Cyber innovation (including driving investment and research and development in cyber security, focusing on "emerging areas of Canadian excellence" including quantum computing and blockchain[15]); and
  • Leadership and collaboration (by establishing "a clear focal point for authoritative advice, guidance, and cyber incident response," "reinvigorat[ing] public awareness and engagement efforts and establish[ing] new forums for collaboration," and partnering with the provinces to develop a "national plan to prevent, mitigate and respond to cyber incidents" [16]).

Unlike its more granular 2010 predecessor, the 2018 strategy is aspirational and short on specifics by design; it is intended to provide a flexible theoretical framework for the more concrete measures to be set out in action plans to come. The CCCS, along with the creation of an RCMP National Cybercrime Coordination Unit,[17] is among the first tangible examples of Canada's renewed commitment to cyber security.