Ottawa should improve the nation’s cybersecurity maturity by helping small and medium businesses buy IT gear, as well as promoting post-secondary cyber defence training programs, says a parliamentary committee.
Although prompted by Russia’s February, 2022 invasion of Ukraine, many of the 21 recommendations in the 53-page report are broader than just dealing with Moscow.
They include asking the federal government to:
— work with provincial and territorial governments to create and promote accredited post-secondary cyber defence training programs. The apparent goal is to make a dent in the shortage of cybersecurity talent;
— ensure operators and enterprises of all sizes connected to critical infrastructure have the cyber security experts, expertise, and resources they need to defend against and recover from malicious cyber activity; and that they report on their ability to meet cyber security standards;
— tell the Communications Security Establishment (CSE) — responsible for protecting federal IT networks and advising the private sector through the Canadian Centre for Cyber Security — to broaden the tools used to educate small and medium-sized enterprises about the need to adopt cyber security standards;
— take steps, including possibly an accelerated capital cost allowance or other tax measures, for small and medium-sized enterprises to make the investments necessary to follow the CSE’s baseline cyber security controls;
— examine the full extent of state-backed disinformation targeting Canada and report its findings to Parliament annually.
Similar recommendations by this committee have been seen before, and with little follow-up, complained Christian Leuprecht, a Queen’s University professor and senior fellow in security and defence at the Macdonald Laurier Institute.
“The charitable interpretation I would take is this is something the government doesn’t want to talk about,” he said. “This is not its policy agenda, so it’s not a priority … It will distract from the messaging, distract from the policy agenda and possibly get controversial. A minority government has decided this is not where its priorities lie.”
“It’s tragic we have committee hearings that do a very good job at writing very good reports, and we now know these reports seem to fall on deaf ears with the Prime Minister’s Office … A lot of the things we need to do to constrain China.”
IT World Canada left phone and email messages for committee chair Liberal MP Ron McKinnon for his comments. There were no replies.
Leuprecht agreed many of the Public Safety committee’s cybersecurity recommendations are vague. But also, he added, “they are lower-hanging fruit. It’s basic things that the government should be doing. And the fact that a committee has to point them out is kind of embarrassing, in my view.”
One recommendation that impressed him is that Ottawa explore options for a Canada–United States cyber defence command structure. “If we can’t get adversaries to adhere to cyber norms, we need to have an active and offensive posture to draw red lines and hit them hard every time they cross them.”
Post a Comment