Canadian Cyber Incident Response Centre (CCIRC)

CCIRC’s Mandate

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

CCIRC works with domestic and international partners to address high-level cyber security concerns. If you want to report a cyber security problem with your organization’s network, please email cyber-incident@ps-sp.gc.ca. To learn more about reporting an incident, visit our Report a Cyber Security Incident page.

What CCIRC Does

CCIRC provides authoritative advice and coordinates information sharing and incident response with public and private sector partners, including all levels of government, critical infrastructure operators, international counterparts, and information technology vendors.

Many departments and agencies across the government contribute to Canada's cyber security. CCIRC serves as the government's focal point for collaboration on cyber security operations with those outside the federal government. It generally works at the operational level addressing detailed technical issues with the information technology or security staff of organizations.

Organizations, including critical infrastructure organizations and provincial, territorial or municipal governments, that have concerns or information about cyber security incidents are encouraged to contact CCIRC. Members of the international CSIRT community are also encouraged to contact CCIRC regarding cyber security issues that could affect Canada.

CCIRC's Services and Products

CCIRC's mandate is to advise and support IT and security professionals and managers of systems of national importance, including critical infrastructure and other related industries. Even though CCIRC does not directly support private citizens, all Canadians benefit from CCIRC. It plays a part in ensuring that services that Canadians rely on daily are secure; many of the products it produces are available to the public; and the expertise of its highly trained and experienced staff is drawn upon to share information on cyber threats. Additionally, when CCIRC becomes aware of malicious activities, it takes steps to notify owners of compromised systems, focusing on computers in critical infrastructure and provincial, territorial, or municipal government.

Owners and operators of systems of national importance whose identities have been verified through an authentication and reference process have access to the following CCIRC products and services:

• Advice and support to prepare for and mitigate cyber events. CCIRC disseminates various technical and IT manager-focused products that offer guidance, early detection indicators, summary, trend, and operational analysis. Additionally, CCIRC shares technical information on threats, vulnerabilities, risks and incidents with its partners to enhance collective understanding of cyber threats and incidents and help ensure organizations have the information required to make informed decisions.
• Technical advice and support to respond to and recover from targeted attacks. CCIRC provides its partners with technical assistance, and performs malware analysis and forensics. In addition to its own expertise, CCIRC can draw on broader Government expertise and resources to help develop targeted mitigation and recovery advice.
• Access to trusted fora for information sharing and collaboration. CCIRC provides partners access to fora where they can share information within their communities of interest, or more broadly should they wish, and gain access reciprocally to information, expertise and peer support. The CCIRC Community Portal provides a common collaboration tool for organizations that are part of Canada's critical infrastructure sectors. CCIRC uses this portal to share its most recent documents and publications with its partners. In turn, partners have the option of posting documents of their own, and can also use this portal to report cyber incidents to CCIRC. For more information please contact CCIRC.

Finally, should a cyber incident become national in terms of its scope and scale of impact, CCIRC serves as Canada's national coordination centre for incident response.