Parliamentary Committee Notes: Cyber Security and Protecting Canada’s Critical Infrastructure


Apr 20, 2022




You have been invited to appear before the Standing Committee on Public Safety and National Security to discuss Canada’s security posture in relation to Russia, where cyber security and protecting Canada’s critical infrastructure may be discussed.

Proposed Response:


Cyber Security Strategy

Canada’s National Cyber Security Strategy (NCSS), published in 2018, has three primary goals – secure and resilient Canadian systems; an innovative and adaptive cyber ecosystem; and effective leadership, governance, and collaboration. The subsequent National Cyber Security Action Plan (2019-2024) lays out the specific roadmap that will allow for the realization of the NCSS’ goals.

In the December 2021 mandate letter, the Minister of Public Safety was asked, alongside the Ministers of National Defence, Foreign Affairs, Innovation, Science and Industry, and other implicated Ministers, to develop and implement a renewed NCSS which will articulate Canada’s long-term strategy to protect our national security and economy, deter cyber threat actors, and promote norms-based international behaviour in cyberspace.

Industrial Control Systems

There has been a global rise in the number of cyber incidents affecting Industrial Control Systems (ICS) which are devices and software that operate or automate processes at many critical infrastructure (CI) facilities. This is significant as malicious cyber activities targeting these critical systems can cause physical consequences and disruptions to essential assets and services. As part of the aforementioned National Cyber Security Action Plan, Public Safety Canada is leading on several items that will enable critical infrastructure (CI) owners and operators to better secure their systems and information.

Public Safety works to enhance the cyber security of ICS by raising awareness of risks to these systems and enhancing the capabilities of ICS operators through symposiums and technical workshops.

In addition, Public Safety has worked closely with the Cyber Centre to develop the Canadian Cyber Security Tool (CCST) which provides Canadian CI organizations with an easy-to-use, online self-assessment tool to strengthen their cyber security posture.

Public Safety also offers Canadian CI organizations more in-depth, facilitated assessments and analysis of their cyber security programs and practices through the Canadian Cyber Resilience Review (CCRR) and the Network Security Resilience Analysis (NSRA).

Cyber Security Exercises

Public Safety coordinates and participates in national and international cyber security exercises to strengthen readiness and response efforts to potentially disruptive physical and cyber-based events. Through these exercises, critical infrastructure owners and operators are able to validate their plans, procedures, processes that enable response, recovery, and continuity of essential services. For example, in March 2021, Public Safety Canada, in collaboration with the RCMP and the Cyber Centre, delivered table-top exercises to examine the response to a ransomware incident, with a focus on strengthening collaboration between government and private sector organizations. In addition, Public Safety Canada recently launched the Cy-Phy Exercise Program which will examine the interconnectedness between the cyber and physical realms through a series of cyber and physical security related exercises, culminating in a large-scale functional capstone exercise in the Fall of 2023.

Russian Threat

In light of Russia’s invasion of Ukraine, the Communications Security Establishment and its Canadian Centre for Cyber Security (Cyber Centre) have strongly encouraged all Canadian organizations, including CI, to take immediate action and bolster their online defences. Canada’s Allies have attributed multiple incidents of malicious cyber activities targeting Ukrainian CI sectors to Russia; Canada has issued statements of support, condemning these activities. Russia has significant cyber capabilities and a demonstrated history of using them irresponsibly.

In January and February 2022, the Cyber Centre published threat bulletins urging CI owners and operators to adopt a heightened state of awareness and to take mitigations against Russian cyber threat activity.


Responsible Manager: [REDACTED] National Cyber Security Directorate, [REDACTED]

Approved by: Dominic Rochon, Senior Assistant Deputy Minister, National and Cyber Security Branch, 613-990-4976

Date modified: