CCCS to combat Cyber Crime
A new Canadian Centre for Cyber Security (CCCS) has been set up by the government based on the results of extensive internal and public consultations. In a statement, the government announced that it is creating “one clear and trusted national authority” rather than spreading the responsibility between various departments and agencies. It should also be noted that a new National Cybercrime Coordination Unit in the RCMP will support and coordinate cybercrime investigations between police forces across the country.
“We must substantially strengthen Canada’s cyber security capabilities to better protect ourselves and our systems against evolving cyber threats, while also enlarging our capacity to combat cybercrime and prosecute offenders,” Public Safety and Emergency Preparedness Minister Ralph Goodale told reporters on Parliament Hill.
“While the threats are deadly serious, we should not be driven by fear, but by a sense of purpose and opportunity to foster the innovation, the skills, knowledge, businesses and jobs that will make Canada a world leader in cyber security.”
To make all this happen, he explained, “the Government of Canada must show strong leadership while working in close collaboration with other levels of government, technical experts, the private sector and international partners.”
Goodale noted that its four partners in the Five Eyes intelligence-sharing alliance (Australia, Britain, New Zealand and the United States) and the other G7 countries (Britain, France, Germany, Italy, Japan and the U.S.) are “working in similar directions.”
Britain’s National Cyber Security Centre, a key part of the Government Communications Headquarters, is comprised of a main and four regional hubs where more than 6,000 personnel work with their counterparts in the military and civilian intelligence agencies.
Cyber security expert Scott Jones, who joined Goodale at the news conference, has been tapped to head the CCCS. The Assistant Deputy Minister of IT Security at the Communications Security Establishment (CSE) set out the scope of the challenge during a televised interview last year, saying that “new vulnerabilities” are being found every day.
“I’m actually not concerned about who it would be […] because at the end of the day, any time the government is compromised, to me that’s a big problem,” Jones said. “We’re really worried about how they’re going about it […] We are really worried about how they are trying to get into the system and […] what’s the vulnerability they’re using.”
According to Goodale, cybercrime costs Canada more than $3 billion annually and the global impact tops $600 billion. Hence the government’s commitment of more than $750 million in its last budget to tackle the challenge.
Some $250 million is to be spread among the CSE, the Canada Revenue Agency and Shared Services Canada, while more than $200 million is for the RCMP. $155 million will establish the new CCCS within the CSE, and more than $28 million will be invested in a voluntary certification program that Goodale says is intended to encourage business and organizations to achieve certain minimum standards of cyber security and hygiene, to better protect themselves and all those with whom they connect.” He also noted that certification “could well become a distinct marketing advantage” for small- and medium-sized enterprises (SMEs).
Montreal Liberal MP David Lametti, a former McGill University law professor who was first elected in 2015 and is now Parliamentary Secretary to Innovation, Science & Technology Minister Navdeep Bains, says 71% of all data breaches target SMEs, and SMEs make up 98% of all Canadian businesses. “Failure to provide adequate security can lead to profound economic consequences. These include monetary losses, theft of intellectual property, leaked consumer data and damaged reputations. In some cases, it can put companies out of business.”
SMEs seeking better protection will have to be assessed by a certification body accredited by the Standards Council of Canada – but not quite yet because, as Lametti explains, the government is still developing a standard designed to meet SMEs’ needs.
Goodale was also joined by Defence Minister Harjit Sajjan, whose portfolio includes the CSE. Highlighting the national security implications of cybercrime, Sajjan said the “tremendous” in-house expertise at CSE is the key reason for housing the CCCS there. “More importantly,” he said, “CSE has developed that talent over time, having the right networks with academia. […] We have something very unique here, and now we have the tools, the governance structure, and more importantly, the right investment to be able to leverage this and allow it to grow.”
Ken Pole is a contributing editor at FrontLine Magazine.
© FrontLine 2018