The recent release of key recommendations from a group of cyber security experts will form the cornerstone of the Ontario government’s security policies and help in the creation of a four-year strategic plan, the province’s chief information security officer (CISO) Rhonda Bunn said today.
First formed in October 2020, the 10-member expert panel committed to providing the provincial government with a final report within two years that outlines the steps that broader public sector (BPS) organizations, which include school boards, municipalities, hospitals and other provincially funded agencies in Ontario, must take to remain secure.
During her keynote speech in Guelph at InfoSec 2022, organized by the Ontario division of the Municipal Information Systems Association (MISA), Bunn whose formal title is CISO of the province’s cyber security division, Government Information Technology Ontario (GovTechON) and the ministry of public and business service delivery, stressed the need for information-sharing.
When it comes to cyber security initiatives, she said, “we are all in this together. It is not just one person or the IT person responsible for cybersecurity, it really is everyone’s responsibility. And the way to really work together is share information. Attend conferences like this and ensure that we’re working together, because we really do want to be a part of helping and working closely with municipalities on bettering how we tackle cyberattacks in general.”
In her keynote, Bunn said a key ally to municipal IT security personnel is Ontario’s Cyber Security Centre of Excellence, which provides advice, guidance, information, and services to the BPS and municipalities.
According to a fact sheet, the centre provides both cyber security education and awareness materials such as learning modules, videos, tip sheets, and articles, as well as support and advice on various cyber security matters.
The work it is doing dovetails with the findings of the expert panel, which last month suggested the province focus on four key themes:
- Reinforce governance and operating models
- Improve education and training
- Expand communication between organizations, and
- Embrace cross-sector shared services to better mitigate future cyberattacks.
Kaleed Rasheed, the province’s minister of public and business service delivery, said last month that the panel’s recommendations will “form the foundation of our cyber security policies and help develop best practices shared across all sectors. They will also inform future targeted investments in our cyber defences, so that we are well equipped to handle inevitable cyberattacks.
“The lessons we have learned so far are invaluable, and as we prepare to tackle the challenges of the future, we must also continue to innovate the tools and techniques we employ. This report will enable our government to do just that.”
Bunn said that “by sharing the information in the report, we hope that that it opens lines of communication so that we can all start having conversations.”
Prior to the keynote, MISA Ontario president Jamie Hagg applauded the work of all IT workers across the province, saying that during COVID-19 and since, they have had “to adapt and adjust on the fly, while still having massive project lists to look after including what we are here to talk about today – information security.
“It is evolving at a rapid pace and the sophistication of the attacks are getting greater and greater. I think you’ve just done a great job in looking after all of that. When I think about an IT professional, a few words come to mind – resilience, dedicated, passionate, committed, and teamwork.”
He said, “at times it’s easy to lose sight of how important your contributions are to your municipality. When you have a bad day and you can’t see light at the end of the tunnel, pause for a moment and think about the impact your work is having on your community.
“Your efforts are contributing to an organization being able to provide services for police, fire, critical infrastructure, and many more important community and social programs. It would not be possible for your community to operate without their hard-working dedicated IT professionals, so don’t ever underestimate what you do for your community.”
Guelph mayor Cam Guthrie, who currently serves as the chair of Ontario’s Big City Mayors (OBCM), a group of 29 mayors of cities with a population of 100,000, which collectively make up 70 per cent of the province’s population, said cyber security is frequently discussed.
“We have been talking about the issues that you are going to be exploring together over the next couple of days at this conference, and I just want to thank you for doing so,” he said.