The Federal Government has released its first ever Enterprise Cybersecurity Strategy, with support in Budget 2024, investing $11.1 million over five years for its implementation.
Canada's public sector is exposed to ongoing and persistent cybersecurity threats due to its increasing reliance on information technology (IT) to deliver digital programs and services. This strategy aims to strengthen safeguards and procedures to detect, deter and prevent such threats and address vulnerabilities in order to protect government information and assets.
The government has set four main goals for this strategy:
- Clearly explain cybersecurity risks and their impacts.
- More effectively prevent and resist cybersecurity attacks.
- Strengthen the capacity and resilience across government to proactively prepare for, respond to, and recover from cybersecurity events.
- Recruit a diverse government workforce with the right cybersecurity skills and knowledge.
The first phase will support:
- Establish a centralized assessment system to independently assess and thoroughly review each division's cybersecurity to identify and prioritize risks.
- Create an integrated, federated risk management platform that enables prioritization and data-driven reporting as a key part of a broader enterprise portfolio management system.
- Create a government-wide vulnerability management program to align the vulnerability disclosure process and focus on people, process, policy, and technology.
- Assemble new teams to mimic techniques used by malicious threat actors against government systems and proactively test and audit for security gaps.
Treasury Board Secretariat of Canada works with partners, including the Canadian Cooperative Services Bureau and the Communications Security Administration, to respond to and recover from cyber events in a timely manner and maintain the continued delivery of government programs and services.
