Cyber Security Today, Week in Review for week ending May 24, 2024

Share post:

Welcome to Cyber Security Today. I’m Howard Solomon, contributing reporter on cybersecurity for TechNewsday.com.

My guest this week is Anita Anand, Canadian cabinet minister and president of the Treasury Board. She’s here to discuss the release of the first cybersecurity strategy for most federal IT departments.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

Anand is the MP for the Ontario riding of Oakville. Treasury Board, which she heads, sets certain broad policies and strategies across the whole federal public service. She is also the former Minister of Defence.

I wrote in detail about the strategy earlier this week. It came after the government concluded federal departments and agencies are making only marginal progress in improving their cyber maturity.

The first phase of the strategy will

  • establish a centralized evaluation system with independent assessments and thorough reviews of departments’ cybersecurity to identify and prioritize risks;
  • create a federated integrated risk management platform to enable prioritization and data-driven reporting as a key part of a broader enterprise portfolio management system;
  • create a government-wide vulnerability management program for a co-ordinated vulnerability disclosure process; and
  • form a new Purple Team that will emulate techniques used by malicious threat actors against government systems to proactively test and audit any security gaps.

While Treasury Board sets certain broad policies and strategies the actuall running of federal departments’ IT infrastructure is in the hands of the departments, who have their own CIOs and IT security leaders. But some services, like email, communications and data centres, are provided by Shared Services Canada. In addition the Defence Department, through the Communications Security Establishment and the Canadian Centre for Cyber Security, provide technical advice. One of the questions I asked Anand is whether this multi-level arrangement causes problems.

The strategy calls for the eventual creation of centralized or command security operations centre (SOC) at the Cyber Centre Security to monitor all federal IT security infrastructure as well as an infrastructure security and network operations centre (ISNOC) at Shared Services Canada for network monitoring.

I asked Anand why the strategy was being released now, because the Liberals have been in power for over eight years. “We know that there are varying levels of cyber maturity across departments and agencies within our government,” she replied. “We know that a unified approach would be more effective, would improve cyber maturity And so we want to be able to effectively identify and respond to new and emerging threats, and doing it with a unified approach makes the most sense.”

In explaining why departments have different levels of cyber maturity she said it’s “because each individual department is responsible for its own cybersecurity. And what this announcement is saying is that an individual siloed approach to cybersecurity is less effective than a unified level playing field for all departments and agencies.

“As I said, this is going to be over a hundred departments and agencies combined, and it’s going to allow for comprehensive awareness of the cyber security risk environment. It’s also going to allow us to strengthen capabilities and resilience across the government of Canada to proactively prepare for and respond to and recover from cyber security events.”

I also asked if the federal government will lead by example and publicly share detailed lessons with the public on what it learns from its own, major cyber attacks and incidents.

“That’s a very good question,” she replied, “and one that I hope to be able to respond to more fully. I do believe in sharing best practices and lessons learned and so I will be ensuring that we are able to share some information along those lines.”

To hear the full interview play the podcast.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Canada Establishes AI Safety Institute to Address Risks of Advanced AI

The Canadian AI Safety Institute (CAISI) has been launched as part of Canada’s strategy to ensure the safe...

Canadian Cyber Defence Agency Lists India as a Cybersecurity Threat for First Time

Canada's federal cyber defence agency, the Communications Security Establishment (CSE), has identified India as a cybersecurity threat to...

CRA Admits to Massive Underreporting of Cyberattacks

The Canada Revenue Agency (CRA) has acknowledged that tens of thousands of taxpayer accounts were hacked between March...

California Gov. Newsom vetoes sweeping AI safety bill amid Silicon Valley pressure

California Governor Gavin Newsom has vetoed a major AI safety bill aimed at regulating powerful AI models before...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways