More needs to be done to protect Canada’s mission critical systems
UNSPLASH PHOTO
Once again, tech outages are in the headlines and organizations in Canada and around the world are feeling the impacts.
The Government of Canada knows how to react when public safety is at risk. Whether it's triaging forest fires and floods or navigating its way through a global pandemic — history, experience, lessons learned and best practices underpin remediation efforts. Budgets are set aside for preparedness and manuals are at arms reach to help those new to incidents triage the issues.
From a tech and security perspective, we have more work to do. For the last six years since the Canadian Centre for Cyber Security (CCCS) was born out of the Communications Security Establishment (CSE), then-leader Scott Jones (current President of Shared Services Canada) and current CCCS head Sami Khoury have built an excellent organization focused on doing just that — protecting Canada’s mission critical systems.
Khoury has done a great job of representing Canada on the world stage, building a collaborative international network of peer organizations and partnerships that work collectively to share intelligence, provide guidance, mitigate risks and defend Canada's critical systems. Most recently, Khoury brought the chief security officers from the provinces to CCCS to continue forging ties and building a robust ecosystem of knowledge sharing in Canada. Good timing.
What is happening at the federal level, though? While its 2024 budget signalled increased investment in IT security, it's still early days. Our learnings come from the litany of exposures, and the government reacts accordingly.
That is what is happening today — the government is reacting with everyone else. Citizens and businesses are questioning who is on first, who leads on cyber and how do we mitigate our risks to avoid another technological impact like the one we experienced in 2022 telecommunications.
Why are we not more response-ready?
Procuring and integrating solutions takes too long.
The federal government lacks the skills needed to get the job done itself, and is moving away from outsourcing experts.
We jumped into commercial cloud solutions at a time when foreign interference was at an all-time high, putting our sovereignty and data residency at risk.
Everyone chased the "shiny AI object" to address productivity instead of rightsizing what we needed from an organizational resiliency and security standpoint.
Now, organizations like Visa, ADT Security, Amazon, Porter Airlines and one of Canada’s largest hospital networks — UHN (University Health Network) — are experiencing impacts. News is out on CBSA and likely more will come out by the time this Friday Roundup is released.
As of this afternoon, CCCS has issued an alert on the recently identified cyber threat, encouraging affected organizations to report via the My Cyber Portal and noted that the Cyber Centre would continue to provide additional detection and mitigation support to those affected. Other FVEY governments, including the U.S., UK and Australia have shared similar sentiments.
It's time to learn from these lessons. Technology underpins everything we do in society, and we need to get better at being ready to protect our country and economy.
