Secure and Prosperous Digital Canada
Consulting on Canada's Approach to Cyber Security

Context

Canada's National Cyber Security Strategy (Strategy) was launched in 2018. Since that time new technologies and international events have impacted how we use the internet, and increased potential risks. The COVID-19 pandemic and the significant increase in ransomware are just two examples of events that have changed considerations around cyber security since the Strategy's release. Now in its fourth year, it is time to renew the Strategy.

An eight-week public consultation runs to August 19, 2022. We want to hear from a broad range of Canadians and hope that you will share this consultation page with your friends and colleagues and encourage them to join the conversation.

How You Can Contribute

Priorities and Emerging Issues

We are asking for submissions that prioritize where you would like to see the Government of Canada focus the renewal of the Strategy, as well as offering your views on emerging issues in the next three, five or even 10 years. You can do this by email.

Gaps Identified in Mid-Term Review and the goals of the Strategy

A Mid-Term Review (MTR) was conducted to assess the relevance of the Strategy. The MTR identified gaps, while validating the three goals in the Strategy. In addition to submitting your priorities, we would also like your input on the gaps identified in the MTR.

Using one of the two methods below, please respond anonymously to our nine-question survey. Results will only be shared in aggregate form, and will be available later this year.

• Online survey
  Alternate version of survey (Word, 18 Kb)
• If you cannot access the online form or would rather fill out the survey using a different format, please copy the survey questions from the HTML/text version of the survey into an email or MS Word and submit the completed survey form to cyberconsultation-consultationcyber@ps-sp.gc.ca. Thank you!

Prior to completing the survey, we encourage you to read the Mid-Term Review, visit our list of resources and consult our glossary.

How your information will be used

Input received will be compiled and analyzed to identify key themes, ideas and suggestions to help inform and guide the Renewal of the National Cyber Security Strategy. Results may be used to inform policy and may be shared within the Government of Canada. Public Safety Canada will retain completed online survey and email submissions in order to develop a summary of findings and to develop a high-level public report.

All information under the control of Public Safety Canada is subject to the Access to Information and Privacy Act. You have the right to the protection of, access to and correction of your personal information. Instructions for obtaining this information is outlined on the Public Safety Canada Access to Information and Privacy (ATIP) website. Any questions, comments, concerns or complaints you may have regarding Public Safety's handling of your personal information may be directed to our Access to Information and Privacy Coordinator by emailing atip-aiprp@ps-sp.gc.ca. If you are not satisfied with Public Safety's response to your privacy concern, you have the right to file a complaint with the Privacy Commissioner of Canada regarding the institution's handling of your personal information.

Survey Questions

Access our Glossary

Goal 1: Secure and Resilient Canadian Systems

The threats we face in cyberspace are complex and rapidly evolving. Governments, businesses, organizations, and Canadians are vulnerable. With more of our economy and essential services moving online every year, the stakes could not be higher.

1. What concerns do you have related to cyber security, cybercrime, etc.? How can the Government of Canada help you to better protect yourself, your family, and your organization, if applicable?

Goal 2: An Innovative and Adaptive Cyber Ecosystem

Digital innovation has become the engine of economic growth. Cyber security is not only essential for protecting the sources of Canada's digital innovation — it has become a source of innovation in its own right.

Cyber Security Awareness

2. What initiatives are needed to help increase cyber security awareness for all, and to build good cyber security hygiene for both individuals and organizations, in order to minimize the risks of cybercrime?

Agile and Adaptive Cyber Security Capabilities

3. What steps should be taken to secure networks, emerging technologies, and to better protect Intellectual Property and consumer products (like Internet-of-Things and apps)?

Cyber Skills and Talent Pipeline

4. What can be done to increase Canada's cyber security workforce capacity and create job-ready workers? (For example, is there a mismatch between the in-demand skills and the skills of post-secondary graduates, is there a misalignment between job descriptions and the experience of candidates, is there a need for standardized curricula and outcomes, access to work-integrated learning opportunities, and short-cycle training and upskilling for workers and graduates, etc.)

Goal 3: Effective Leadership, Governance and Collaboration

Advances in technology benefit our communities and our societies. They contribute to our quality of life today, and will be instrumental in meeting the challenges of tomorrow. We all have a responsibility to secure these technologies. Cyber security is a whole of society concern, which extends beyond our borders and includes our international allies and partners.

5. What is needed to strengthen collaboration and engagement on common interests between the provinces, territories, Indigenous communities and municipal governments, regulators, private sector, academia, not-for profits, labour organizations and the Government of Canada?
6. What can the Government of Canada do to help shape the international cyber security environment in Canada's favour and advance Canada's international cybersecurity interests?

Demographic Questions

7. Are you responding as an individual or someone representing an organization?
   Individual
   Organization
8. What province or territory do you live in?
   1. Alberta
   2. British Columbia
   3. Manitoba
   4. New Brunswick
   5. Newfoundland and Labrador
   6. Nova Scotia
   7. Ontario
   8. Prince Edward Island
   9. Québec
   10. Saskatchewan
   11. Northwest Territories
   12. Nunavut
   13. Yukon
   14. Outside of Canada
   15. Prefer not to say
9. What is your gender identity?
   1. Male
   2. Female
   3. Non-binary
   4. Not Listed (fill in blank below)
   5. Prefer not to say

Resources

Government of Canada Activities

In 2018, the Government of Canada launched the National Cyber Security Strategy focused on three specific goals:

• Secure and Resilient Canadian Systems;
• An Innovative and Adaptive Cyber Ecosystem; and
• Effective Leadership, Governance and Collaboration.

Through these three goals the Government of Canada invested more than $500 million in 14 initiatives in the 2018 Strategy.

In addition to the Renewal of the National Cyber Security Strategy, Public Safety Canada has recently completed a public consultation for the renewal of the National Strategy for Critical Infrastructure. This information will also help inform the National Cybersecurity Strategy renewal.

Global Affairs conducted focussed public consultations in Spring 2022 with Canadian cyber security stakeholders. The valuable feedback that they shared regarding the draft International Cyber Security Strategy will also help to inform and guide the renewal of the National Cyber Security Strategy. We encourage you to learn more about the International Strategy.

In January 2022, Public Services and Procurement Canada released a Request for Information (RFI) on buyandsell.gc.ca seeking feedback about cyber security practices to protect sensitive controlled unclassified information and federal contract information, and how stakeholders perceive cyber security readiness. It also asked questions about the anticipated implementation of the United States (US) Cybersecurity Maturity Model Certification 2.0 on Canadian organizations. Suppliers in defence, security, space, aerospace, cyber security and other stakeholders (e.g., academia, industry associations) were encouraged to respond. The RFI closed on March 4, 2022. Feedback received will help the Government of Canada make decisions on cyber security requirements, cyber security certification and other approaches to support organizations that do business with the Government of Canada, and Canadian businesses that do business with other jurisdictions, in meeting cyber security requirements in contracting.

Additional Cyber Security and Cybercrime Resources

Public Awareness

• Get Cyber Safe is a national public awareness campaign created to educate Canadians about internet security and the simple steps they can take to protect themselves online. The campaign's goal is to bring together all levels of government, the public and private sectors, and the international community, to help Canadians be safer online.
• Get Cyber Safe glossary of cyber security concepts provides a detailed listing of cyber security and cybercrime words. 

Cybercrime and Cyber Fraud

• The RCMP Cybercrime Strategy sets out in an Operational Framework and a supporting Action Plan, objectives, strategic enablers and 15 action items, which the RCMP will implement over the next five years and beyond.
• Learn more about Cybercrime and its full definition.
• The RCMP investigates cybercriminals with the intention of disruption and/or prosecution and you can learn how the RCMP is Combatting cybercrime.
• As set out in the Government of Canada's National Cyber Security Strategy and the RCMP Cybercrime Strategy, the National Cybercrime Coordination Unit (NC3) was established.
• The Canadian Anti-Fraud Centre (CAFC) collects information on fraud and identity theft.

Critical Infrastructure

• The National Strategy for Critical Infrastructure is currently being renewed and a separate consultation was completed June 1, 2022.

Glossary

Cybercrime

A crime committed with the aid of, or directly involving, a data processing system or computer network. The computer or its data may be the target of the crime or the computer may be the tool with which the crime is committed. A more comprehensive definition of cybercrime is available.

Cyber Incident

Any unauthorized attempt, whether successful or not, to gain access to, perform reconnaissance, modify, destroy, delete, or render unavailable any computer network or system resource.

Critical Infrastructure

Processes, systems, facilities, technologies, networks, assets, and services essential to the health, safety, security, or economic well-being of Canadians and the effective functioning of government. Critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories, and national borders. Disruptions to critical infrastructure could result in catastrophic loss of life, adverse economic effects, and/or significant harm to public confidence.

Cyber Security

The protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices, and response and mitigation measures designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access so as to ensure confidentiality, integrity, and availability.

Cyber Threat

Any circumstances or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

Digital Economy

The digital economy incorporates all economic activity reliant on, or significantly enhanced by the use of digital inputs, including digital technologies, digital infrastructure, digital services and data. It refers to all producers and consumers, including government, that are utilizing these digital inputs in their economic activities.

Fraud

A knowing misrepresentation of the truth or concealment of a material fact to induce another to act to his or her detriment.

Identity Theft

The preparatory stage of acquiring and collecting someone else's personal information for criminal purposes of deception.

Ransomware

Malicious software that denies an individual or organization access to key files and systems until a ransom is paid to the cybercriminal. Ransomware involves encryption, locked screens and/or other methods to prevent file access and extort victims, such as leaking sensitive data online, and ransomware payments often involve cryptocurrency. 

Spear Phishing

A personalized email attack with specific targets. The message targets individuals and includes details such as your interests, recent online activities, or purchases to encourage the recipient to open the email.

Stakeholders

Stakeholders in this context include customers, prospects, investors, suppliers, employees and Boards of Directors.

Supply Chain

A network between a company and its suppliers to produce and distribute a specific product to the final buyer.

Date modified:

2022-07-25