The proposed $22 billion in new spending in the federal budget announced Tuesday includes some money for cyber security initiatives.
–$144.9 million over five years to the Communications Security Establishment (CSE) to help improve protection of critical infrastructure. However, that includes $22 million already in CSE’s budget for that, which means a net gain of $122.9 million. There would also be changes to legislation to introduce an undefined new critical cyber systems framework;
–$80 million to fund several university-affiliated cyber security networks to promote collaboration between cyber security centres of excellence;
–$67.3 million over five years, and $13.8 million per year ongoing, to Public Safety Canada; Innovation, Science and Economic Development Canada; Global Affairs Canada; and the Royal Canadian Mounted Police to raise cyber security awareness;
–$30.2 million over five years to protect democracy and elections from foreign interference and election misinformation. That money includes
–$4.2 million over three years allowing the Canadian Security Establishment (CSE), which protects the government’s systems to provide cyber security advice and guidance to Canadian political parties and election administrators. This follows a strategy announced in January for protecting the integrity of the upcoming federal election.
–$2.1 million over three years to the Global Affairs department to strengthen information sharing between G7 nations on foreign threats’
–$19.4 million to over four years to the Heritage department to help educate Canadians to recognize online disinformation.
Details about exactly where this spending will go is limited to the wording in the budget. A spokesperson for Public Safety Minister Ralph Goodale said no one was available Tuesday to comment.
Responsibility for cyber security is shared largely between Public Safety and the Defence department, which oversees the CSE and the recently-created Canadian Cyber Security Centre. The RCMP will soon set up a National Cybercrime Co-ordination Unit.
The CSE is equivalent to the U.S. National Security Agency (NSA), which not only protects government networks, it also tries to break foreign codes and — through the cyber security centre — advises the public and private sector.
In last year’s budget the government set aside $507.7 million over five years starting in 2018-19 (or $108.8 million per year) for its new National Cyber Security Strategy and to establish the Canadian Centre for Cyber Security.
The centre opened in October and will move into a new building next year.
The new budget says the proposed $144.9 million over five years in new spending for protecting infrastructure includes $22.9 million already in the CSE budget, for a net addition of $122 million.
“This investment will help to protect Canada’s critical cyber systems including in the finance, telecommunications, energy and transport sectors. To this end, the government intends to propose new legislation and make necessary amendments to existing federal legislation in order to introduce a new critical cyber systems framework.”
On Wednesday a Public Safety spokesman clarified that this refers to a committment Goodale made in January, At that he said the government wants a legislative framework introduced “to help ensure we all understand the obligations we share with each other in a deeply inter-connected and interdependent cyber world. What are the most sensitive and vulnerable sectors? What are the appropriate standards and best practices that must apply to those sectors? What duty does a hacking victim have to report being attacked, apply remedial measures, notify customers or clients, and help protect others?”
The budget also said monies will also support the Canadian Centre for Cyber Security in providing advice and guidance to critical infrastructure owners and operators on how to better prevent and address cyber attacks.
As part of an action plan several years ago the government determined there are 10 critical infrastructure sectors in the country (including electrical, health, telecom, banking and manufacturing) and has been trying to get each sector to work on establishing best practices and information sharing.
Public Safety funds a Regional Resilience Assessment Program (RRAP) across the country, which in part does site assessments, and helps in training and exercises.
On university cyber security networks, the proposed budget would designate $80 million over four years to support three or more Canadian cyber security networks that are affiliated with post-secondary institutions. Without meaning to be inclusive the budget mentions several institutions that have cyber programs: Ryerson University’s Cybersecure Catalyst; the University of New Brunswick’s Canadian Institute for Cybersecurity; University of Calgary’s Institute for Security, Privacy and Information Assurance and Concordia University’s Centre for Cybersecurity in Montreal.
The networks—to be selected through a competitive process—would expand research, development and commercialization partnerships between academia and the private sector, and expand the pipeline of cyber security talent in Canada.
There were no details in the budget how the competitive selection process will work. Additional details are promised in the coming months.
In a statement Ali Ghorbani, director of the UNB’s Canadian Institute for Cybersecurity, said he was pleased cyber security was addressed in the budget. “Cybersecurity is the hottest and fastest-growing tech sector in Canada,” he said. The institute’s mission “is to provide cutting-edge solutions to cybersecurity problems.”
The $67.3 million over five years to several departments to support efforts to assess and respond to economic-based security threats, the budget says the funds will help those departments and agencies to work together “to enhance outreach and engagement with key stakeholders including Canadian businesses and academic institutions; raise awareness about risks; and enhance the suite of tools to appropriately address threats while continuing to encourage foreign investment, trade and economic growth.”
The $30.2 million over five years to protect democratic institutions includes up to $4.2 million over three years to the CSE to give cyber security advice and guidance to Canadian political parties and election administrators.
The $30.2 million also includes $2.1 million over three years to Global Affairs to meet Canada’s commitment to G7 countries, each of which has to set up a Rapid Response Mechanism unit to respond to foreign online threats. Canada is the co-ordinator of the network.
It also includes $19.4 million over four years to the Heritage department launch a Digital Democracy Project. Funding would support research and policy development on identifying online disinformation. “This investment would also enable Canada to lead an international initiative aimed at building consensus and developing guiding principles on how to strengthen citizen resilience to online disinformation,” the budget says. “These guiding principles would then be adopted by Canada and other like-minded countries as a framework for efficient cooperation between governments, civil society organizations, and online platforms.”