U.S. president Obama’s appointment last December of a cyber security co-ordinator should be mirrored by the Canadian government if it wants to raise awareness of cyber security and leverage the security expertise that exists in Canada, according to the Canadian Advanced Technology Alliance (CATA Alliance).
Howard A. Schmidt was named to the White House job on Dec. 22 and is tasked with creating a U.S. network security strategy that will ensure a unified response to cyber security incidents, build partnerships between government and businesses, encourage new technologies and raise awareness of cyber security.
Canada, on the other hand, lacks a centralized effort to raise awareness and create and advance what is a solid base of security knowledge in the IT industry, said Kevin Wennekes, Ottawa-based CATA Alliance’s vice-president of research. “There are companies doing wonderful things pretty much in isolation,” said Wennekes.
“[It’s] a timely reminder given the U.S. has moved forward and that Canada should move forward on this as well,” said Wennekes.
As with the private sector, the government too has built a large community of IT specialists, but cyber security know-how is not openly shared between departments, said Wennekes.
The reason for the lack of push behind a cyber security policy in Canada, said Wennekes, is probably the relative newness of the Web, having emerged in the mid-90s and offering a very broad canvas across which IT security can potentially be applied.
But Wennekes said the government must do more, for instance, identify best practices, leverage local companies who are building world-class innovations and create a better trade environment for businesses to export technology.
But while there is an appetite for attention to cyber security, Wennekes said realistically it will be some time before Canada gets its own cyber security leader. “Canada has a bit to go before we see ourselves getting to that point,” he said.
Last May, Corinne Charette took office as the country’s first-ever chief information officer, expressing a commitment to issues including security, transparency, consistent and rigorous reporting, and pushing IT project delivery as a shared responsibility across government agencies. Charette started in the role two months after U.S. president Obama introduced his own CIO, Vivek Kundra.
In response to a request for comment by ComputerWorld Canada as to whether cyber security factors into Charette’s information strategy, a spokesperson replied that cyber security is the domain of Public Safety Canada.
Wennekes said the reality is that cyber security is an issue that spans different areas, but the problem is that government is very hierarchical. “Government sometimes has a hard time dealing with these types of issues that do cross various departments,” he said.
If the office of the CIO was not leading the charge on cyber security, then Wennekes said he would expect them to be at least vested in it.
On whether Public Safety Canada has plans to create a similar cyber security position as the U.S., a spokesperson told ComputerWorld Canada in an e-mail that the agency “continues to lead the development of a cyber security strategy for Canada that takes a whole-of-government approach to addressing cyber threats to government, critical assets and information, and Canadians.”
Public Safety Canada, said Wennekes, “has been around for a decade and still we have nothing from them.” There is no government leader from a policy perspective to inform businesses on the need to be vested in protecting themselves, continued Wennekes. Security breaches happen “with regularity” yet Canadian businesses perceive advanced security as a cost and not something of value, he said.
In an effort to lay the foundations of a Canadian cyber security policy, CATA Alliance launched two new initiatives last November. One, a 10-year technology roadmap for first responders – police, fire fighters, emergency medical services – who must manage highly sensitive data. The other, a review of the Canadian security space by updating a database, compiled in 2003, of advanced security companies.
Follow Kathleen Lau on Twitter: @KathleenLau