Two of the country’s biggest business groups are taking steps to increase the private sector’s awareness of cybersecurity issues.
The Business Council of Canada this week became an affiliate member of the Canadian Cyber Threat Exchange (CCTX), a not-for-profit threat sharing hub, after being a non-voting advisor to its board of directors since 2015.
Meanwhile the Canadian Chamber of Commerce announced late last month that it’s partnering with several tech companies on a campaign to raise cybersecurity awareness in the private sector and “propose solutions to government to empower Canada to lead the global cybersecurity future.”
For the past six years the Business Council, which represents many of the country’s largest companies, has played a sideline role at the CCTX.
The council helped create the exchange and has had a non-voting seat on its board as an advisor. Now it’s taking a bigger role, becoming an affiliate member of the exchange.
Affiliates don’t pay annual fees, can’t participate in the exchange’s collaboration centre or have voting rights at meetings of members.
‘Opportunity to elevate the issue’
But becoming a member “is a great opportunity for the council to elevate the issue of cybersecurity in public discourse, and also among decision-makers in Ottawa,” Trevor Neiman, the council’s director of policy and legal counsel, said in an interview. “This is an issue incredibly important to our members, incredibly important to Canadians.”
“It’s incumbent on (businesses) to work with one another, to share information securely on potential threats and strategies,” he said. “Businesses often have competitive forces that keep them from working collaboratively, but organizations like the CTTX can help them overcome those challenges by taking a non-sector approach that includes large and small businesses.
“The Business Council strategy is to use its influence to show policy makers and businesses the successes we’ve achieved by information sharing, and try to encourage businesses to do their duty and collaborate as well.”
“The business community understands the importance of the issue because they’re experiencing it first hand,” Neiman said, “but unfortunately maybe policy makers in Ottawa, the broader public, sometimes they have difficulty understanding what a cyberattack means in practical terms. For a consumer it can mean extortion, it can mean identity fraud. Most of the infrastructure that gets attacked is owned by the private sector. The government doesn’t always have insight into what’s happening. Part of our goal as an advocacy organization, what we can bring to CCTX, is to elevate the discourse, draw attention to the importance to this issue to push for changes that will help better defend Canadians and Canadian businesses.”
When it was pointed out that the federal government has put a lot of money into the Canadian Centre for Cyber Security, which advises both the private and public sectors, Neiman acknowledged Ottawa’s role.
He cited with approval the government’s work in creating the fledgling Cybersecurity Innovation Network, an effort to form links between post-secondary institutions and businesses to enhance cybersecurity research and skills development.
More of this type of private-public sector collaboration is needed, he said.
The exchange has about 180 members who pay annual fees based on the number of employees. Organizations can be full, associate or affiliate members. While full members have the ability to sit on the board and vote at member meetings, full and associate members participate in the private collaboration centre and get reports. For an extra fee they get threat intelligence data using the STIX and TAXII protocols.
Jennifer Quaid, the exchange’s chief operating officer, said the council’s move “further cements our relationship with them… By going through all steps to be an affiliate member it shows their belief in the work we’re doing, and a recognition that organizations of any size should participate in threat sharing and collaboration. That is one of the best forms of [cyber] defense. And it sends a message to their members that they [the council] take cybersecurity seriously.”
Chamber of Commerce campaign
The Chamber of Commerce calls its new public campaign Cyber. Right. Now. It is supported by BlackBerry, Microsoft and Cisco Systems.
“Investment in cybersecurity is essential to boosting the productivity and efficiency of the Canadian economy,” says the chamber’s campaign website. “With privacy and data protection critical in our modern economy where Canadians are frequently accessing digital services, the risks are meanwhile at an all-time high. Canadians deserve strong protections to ensure their personal data is safe.”
“Canadians should be proud that our country has a strong cybersecurity foundation in place, with a number of significant global companies calling Canada home. While the recently released 2021 federal budget did dedicate significant investments in cybersecurity to secure government IT infrastructure, it made no specific commitment to help Canadian businesses boost their cybersecurity measures. At the same time, our most direct competitors in the U.S., Israel, and U.K. are investing billions.”
The 2021 federal budget provided funding for SMEs to invest in digital technology, it adds. “This is a clear message that cybersecurity investments should go hand-in-hand with investment in IT modernization and other digital technologies.”