Cybersecurity plan for federal government takes aim at ‘inefficiencies, blind spots’

President of the Treasury Board Anita Anand participates in a tour of the uOttawa-IBM Cyber Range, at the University of Ottawa, in Ottawa, Wednesday, May 22, 2024. Michel Labrosse, interim dean of the faculty of engineering, right, looks on. THE CANADIAN PRESS/Justin Tang

OTTAWA — The federal government has unfurled a new cybersecurity strategy aimed at protecting its vast array of computer systems and information banks against a growing variety of threats.

The strategy released Wednesday says while the government has made progress on improving cybersecurity in recent years, the online dangers have advanced even faster.

A renewed commitment is needed across departments and agencies to digitally deliver secure and reliable government services to Canadians, it says.

The strategy acknowledges the government is an attractive target due to its holdings of personal information, valuable research data and other sensitive material.

As a result, cyberattacks can have a significant effect on government operations, either through disruption of critical and essential services or through exposure of classified or personal information, it warns.

“This significant effect can put people at risk of identity theft or other types of fraud, all of which can potentially erode trust in government institutions and negatively impact the overall Canadian economy and society.”

The strategy cites current gaps, including:

— marginal progress by departments and agencies in improving their ability to identify and respond to threats;

— lack of a comprehensive awareness of cybersecurity risks;

— use of different tools, methods and services to monitor systems, which can make it difficult to obtain a comprehensive view of security threats;

— traditional security architecture models that are now less effective;

— weak information management practices, including reliance on outdated tools;

— and strong global demand for talent, leading to a shortage of skilled cybersecurity professionals.

The new strategy is aimed at clearly spelling out the security risks to government systems and preventing attacks more effectively.

It is also intended to strengthen capabilities across agencies, and build a workforce with the right cybersecurity skills, knowledge and culture.

This report by The Canadian Press was first published May 22, 2024.

Jim Bronskill, The Canadian Press