Article content
The Canadian government released its first-ever cybersecurity strategy on Wednesday, with the aim of addressing challenges posed by remote work, cloud computing, aging infrastructure and recruitment.
The strategy, announced by Treasury Board President Anita Anand, concluded that government departments and agencies generally lacked “repeatable” processes to identify and respond to new and emerging cyber threats, as of the fiscal year ending in 2023.
Article content
So far in 2024, the Financial Transactions and Reports Analysis Centre of Canada, the Royal Canadian Mounted Police and Global Affairs Canada have all dealt with cyber incidents.
During the pandemic, many government employees switched to remote work, using their home networks rather than solely government systems. Now as many of those workers remain hybrid — and threaten disruptions over a three-days-in-office mandate — the strategy aims to make working from home more secure through expanding multifactor authentication and introducing always-on protections against malware and viruses.
The government is also using more mobile devices, cloud-based services and third-party software. Several of these systems are run at the departmental or agency level, which can lead to inconsistencies.
“The speed of technological change means that security measures that were once effective may quickly become obsolete, underscoring the need for a proactive and adaptive approach to cybersecurity,” the strategy says.
The government plans to create a security operations centre that will monitor on-site, cloud and other network-connected devices across departments and agencies. Some will have specialized operation centres as well.
Article content
Aging infrastructure is also causing vulnerabilities. “There is inadequate protection of information due to outdated IT tools, which can result in an increase in cybersecurity incidents or privacy breaches,” the strategy says.
As well, the government is struggling to recruit cybersecurity professionals. The new strategy plans to create partnerships with colleges and universities, accelerate hiring through automation and train employees in other departments to work in the field.
Recommended from Editorial
The strategy sets a timeline for results of within two to five years. The government expects there will still be some cybersecurity incidents, but that it will be able to quickly respond to them and minimize the impacts.
Share this article in your social network