Parliamentary Committee Notes: National Cyber Security Strategy

Issue

The Government of Canada intends to release a new National Cyber Security Strategy in the coming months. The new Strategy will describe the Government of Canada's ongoing and future efforts to enhance Canada's cyber security through national and international efforts. Through the new Strategy, the Government of Canada will continue to take strong action to protect and defend all people in Canada from cyber threats.

Proposed Response

In 2018, the Government of Canada released the National Cyber Security Strategy. The Strategy outlined a vision for security and prosperity in the digital age and has acted as a roadmap for Canada's path forward on cyber security.

Under the 2018 Strategy's supporting 5-Year Action Plan, 14 horizontal initiatives were launched by eight federal departments and agencies. Funded through Budget 2018 ($507.7M over 5 years, and $108.8M ongoing), its initiatives represented an incremental first step to achieving Canada's vision for security and prosperity in the digital age.

Two flagship initiatives that defined the 2018 Strategy were the creation of the CSE's Cyber Centre and the new National Cybercrime Coordination Centre, or NC3, within the RCMP. With the Cyber Centre, Canadians have a clear and trusted place to turn to for expert advice, guidance, services and support. As a National Police Service, the NC3 serves all Canadian police agencies. It coordinates cybercrime investigations in Canada and works with partners internationally to combat a wide range of cybercrime incidents.

In 2021, the Prime Minister asked that we develop a new National Cyber Security Strategy, one that articulates Canada's long-term plan to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace.

Despite the successes of the 2018 National Cyber Security Strategy, cyber threats facing Canada continue to evolve and grow. As more of our citizens live and work online and as businesses automate more functions and move to digital services, the cyber threat increases, and its nexus to national security hardens. This has real impacts on Canadians and impacts every sector from banking and IT to farming and construction.

The Government of Canada recognizes that more than ever, secure and reliable connectivity is a necessity for our daily lives and our collective safety and security, as it underpins the delivery of critical services such as health care, financial transactions, safe transportation, and emergency communications.

This new Strategy is part of the Government of Canada's commitment to keep Canadians safe from cyber threats—including the growing threat of cybercrime—and to secure the many benefits and opportunities enabled by digital life for Canadian citizens, businesses, and society.

As part of the development process, Public Safety Canada administered an online public consultation that sought the views of Canadians. Public Safety also consulted provinces, territories, and the private sector. These consultations informed the approach of the new Strategy.

We heard from stakeholders that a new Strategy should advance priorities in areas such as national and international collaboration, awareness and hygiene, innovation, research and workforce development, and national resilience against cyber threats, including detecting and disrupting cyber threat actors. We also realized that we need regular and ongoing dialogue to enhance information sharing, including on threat intelligence and response.

The new Strategy presents an opportunity to fundamentally change how we work with stakeholders, including other levels of government, industry, and academia, noting that Government alone can't solve Canada's cyber security challenges.

The new Strategy also creates an opportunity to explore and understand what further investments will be required to strengthen Canada's vision of security and prosperity in a digital Canada. It is envisioned that the new Strategy will also focus on upstream interventions and high-impact initiatives.

This approach will enable Canada to be at the forefront of innovative approaches to cyber security risks and opportunities.

The United States released its National Cybersecurity Strategy in March 2023. Naturally, there are commonalities between the goals of the new U.S. strategy and Canada's approach to cyber security, especially related to the important role that public-private partnership plays in developing national cyber resilience. We will continue to look for opportunities to collaborate with the United States to build our nations' collective cyber security resilience.

Background

The 2018 National Cyber Security Strategy

Canada's 2018 National Cyber Security Strategy, has three primary goals – secure and resilient Canadian systems; an innovative and adaptive cyber ecosystem; and effective leadership, governance, and collaboration. The subsequent National Cyber Security Action Plan (2019-2024) lays out the specific roadmap that will allow for the realization of the Strategy's goals. The $507.7M investment in the Strategy represented an early investment and an incremental first step toward improved cyber security for Canadians.

Mid-Term Review of the National Cyber Security Strategy

When the Strategy was released in 2018, Signatory Ministers committed to a Mid-Term Review (the Review) to ensure the Strategy remained responsive to a rapidly evolving and complex cyber security landscape. The Review was envisioned as an opportunity to evaluate early returns on investment and explore what further investments would be required to continue to protect Canada and Canadians against cybercrime, the disruption of critical infrastructure, and other cyber threats to national security. In 2021, Public Safety Canada (PS) initiated the Review with support from 12 federal partners. The Review found that while the Strategy is performing well and its goals remain appropriate, a much-changed global context and growing threat landscape now require a stronger federal response to protect Canada's national security.

New National Cyber Security Strategy

In the December 2021 mandate letter, the Minister of Public Safety was asked, alongside the Ministers of National Defence, Foreign Affairs, Innovation, Science and Industry, and other implicated Ministers, to develop and implement a new Strategy which would articulate Canada's long-term strategy to protect our national security and economy, deter cyber threat actors, and promote norms-based international behaviour in cyberspace.

Public Consultation

As part of developing the new National Cyber Security Strategy, PS administered an online public consultation process that sought the views from Canadians on the Government of Canada's approach to cyber security. The public consultation ran for eight weeks from July 5, 2022, to August 19, 2022. In total, PS received 135 survey responses and 27 email submissions, which tangentially represents over 300,000 businesses from across Canada.

PS also conducted engagements with industry and provinces and territories to hear about the issues and opportunities that they are seeing. The new Strategy will be informed by this consultation and engagement.

The 2024 National Cyber Security Strategy

Alignment with U.S. National Cybersecurity Strategy

The U.S. released its National Cybersecurity Strategy in March 2023. The U.S. strategy identifies and proposes solutions to many of the same cyber security gaps identified in Canada, including those related to the defence of critical infrastructure, building strong partnerships with the private sector, building national resilience, and leveraging international fora. The U.S. strategy also seeks to establish a secure-by-design culture in technology development and encourages long-term, cyber security-focused decision-making among organizations.The renewal of national strategies presents an opportunity to explore areas of collaboration between Canada and the U.S. as both countries establish and implement their new approaches to cyber security.

Date modified:: 2025-03-03

Language selection

Search and menus

Search