Cyber Security in the Canadian Federal Government

Many organizations across the Government have a role to play with respect to cyber security in Canada. Public Safety Canada engages and works with these departments on a number of cyber security operational and policy issues.

Public Safety Canada
Public Safety Canada (PS) is mandated to keep Canadians safe from a range of risks such as natural disasters, crime and terrorism. The department houses the Government Operations Centre as the hub of the National Emergency Response System (NERS). The Canadian Cyber Incident Response Centre (CCIRC) escalates cyber incidents of national significance to the Government Operations Centre which then helps coordinate a national response. IT and security professionals who need to engage with the federal government on cyber security issues but are unsure of who to contact can always contact CCIRC.

Communications Security Establishment Canada (CSEC)
The Communications Security Establishment Canada (CSEC) is the Government of Canada's cryptologic agency responsible for the collection of cyber foreign intelligence and Canada's interface with the international cryptologic community. It undertakes classified research and development for cyber security. CSEC monitors and defends Government of Canada networks by detecting, discovering and responding to sophisticated cyber threats to the Government, and provides mitigation and recovery advice and guidance to Government departments to help them recover from cyber incidents.

Royal Canadian Mounted Police
The Royal Canadian Mounted Police (RCMP) leads the criminal investigative response to suspected criminal cyber incidents, such as the unauthorized use of a computer and mischief in relation to data. It leads the investigative response to suspected criminal national security cyber incidents and assists domestic and international partners with advice and guidance on cyber crime threats.

Canadian Security Intelligence Service
The Canadian Security Intelligence Service (CSIS) conducts national security investigations, reports to and advises the Government of Canada of activities constituting a threat to the security of Canada as defined in the Canadian Security Intelligence Service Act. It provides analysis to assist the Government of Canada in understanding cyber threats, and the intentions and capabilities of cyber actors operating in Canada and abroad who pose a threat to the security of Canada.  This intelligence enables the Government of Canada to improve its overall situational awareness, better identify cyber vulnerabilities, prevent cyber espionage or other cyber threat activity, and take action to secure critical infrastructure.

Department of National Defence
The Department of National Defence (DND) is responsible for the provision of defence intelligence to inform the Government of Canada threat and risk assessment process. DND Contributes to Government situational awareness during the monitoring and analysis, mitigation, and response phases of the Government of Canada Information Technology Incident Management Plan by providing cyber security information from military allied sources, monitoring and reporting on technological IT threats, and providing options analysis for potential military response.

Industry Canada
Industry Canada (IC) is responsible for spectrum management in Canada and for fostering a robust and reliable telecommunications system. IC develops policies to ensure a safe and secure online marketplace and helps to ensure the continuity of telecommunications during an emergency.

Defence Research and Development Canada
Defence Research and Development Canada (DRDC) leads the development of military cyber security science and technology (S&T) in support of the Canadian Forces.

Furthermore, the DRDC Centre for Security Science (DRDC CSS) leads, in partnership with Public Safety Canada, cyber security S&T efforts that are not specifically assigned to another department or agency. These activities fall under the Canadian Safety and Security Program (CSSP), which is a federal effort, delivered in partnership with all levels of government, industry, academia and allies, to strengthen Canada's ability to anticipate, prevent/mitigate, prepare for, respond to, and recover from natural disasters, serious accidents, crime and terrorism through the convergence of science and technology (S&T) with policy, operations and intelligence.

Treasury Board Secretariat
The Treasury Board Secretariat (TBS)  establishes and oversees a whole-of-government approach to cyber security, including: setting government-wide direction and establishing priorities for securing government IT systems and networks; providing direction and advice to lead security agencies on the approach and implementation of measures for managing IT security incidents; and providing oversight of IT incident management, including post-mortem reviews and lessons learned.

Shared Services Canada
Shared Services Canada (SSC) streamlines and consolidates information and communications technologies in the areas of email, data centres and networks, and ensures the confidentiality, integrity and availability of common information technology (IT) services provided to departments. SSC provides IT security services and other solutions to enable departments to exchange information with citizens, businesses and employees. SSC also gathers, analyzes, consolidates and facilitates the sharing of operational threat and vulnerability information related to the common IT services and Government IT critical infrastructure they manage, and communicates the information to the Canadian Cyber Incident Response Centre and, as authorized, to departments and cyber security partners.

Canadian Radio-television and Telecommunications Commission
Canadian Radio-television and Telecommunications Commission (CRTC) ensures that Canadians have access to a world class communications system, while protecting Canadians from unsolicited communications and contributing to a more secure online environment for consumers and businesses.

Office of the Privacy Commissioner of Canada
 As personal information increasingly resides in cyberspace, privacy protection increasingly relies on cybersecurity. The OPC oversees compliance with both the Privacy Act, which covers the personal information-handling practices of federal organizations, as well as the Personal Information Protection and Electronic Documents Act, the federal private sector privacy law. In accordance with Treasury Board policy, the OPC receives data breach reports from departments and agencies and reviews and advises on privacy impact assessments (PIAs) of new and existing government initiatives.  The security of federal technological infrastructure is often at the heart of PIAs and the OPC works with departments and agencies to advise on appropriate safeguards.

Canadian Anti-Fraud Centre
The Canadian Anti-Fraud Centre (CAFC) is Canada's central repository for data, intelligence and resource material as it relates to fraud.  The CAFC commits to providing timely, accurate and useful information to assist citizens, businesses, law enforcement and governments in Canada and around the world.  The primary goals are prevention through education and awareness, disruption of criminal activities, providing assistance with regard to enforcement, and strengthening partnerships between the private and public sectors with the aim of maintaining Canada's strong economic integrity.

If you want to report a fraud, or if you need more information, contact the Canadian Anti-Fraud Centre:

Toll Free: 1-888-495-8501
Toll Free Fax: 1-888-654-9426

Date modified: