(Bloomberg)
The Canadian government released its first-ever cybersecurity strategy on Wednesday, with the aim of addressing challenges posed by remote work, cloud computing, aging infrastructure and recruitment.
The strategy, announced by Treasury Board President Anita Anand, concluded that government departments and agencies generally lacked “repeatable” processes to identify and respond to new and emerging cyber threats, as of the fiscal year ending in 2023.
So far in 2024, the Financial Transactions and Reports Analysis Centre of Canada, the Royal Canadian Mounted Police and Global Affairs Canada have all dealt with cyber incidents.
During the pandemic, many government employees switched to remote work, using their home networks rather than solely government systems. Now as many of those workers remain hybrid — and threaten disruptions over a three-days-in-office mandate — the strategy aims to make working from home more secure through expanding multifactor authentication and introducing always-on protections against malware and viruses.
The government is also using more mobile devices, cloud-based services and third-party software. Several of these systems are run at the departmental or agency level, which can lead to inconsistencies.
“The speed of technological change means that security measures that were once effective may quickly become obsolete, underscoring the need for a proactive and adaptive approach to cybersecurity,” the strategy says.
The government plans to create a security operations center in the that will monitor on-site, cloud and other network-connected devices across departments and agencies. Some will have specialized operation centers as well.
Aging infrastructure is also causing vulnerabilities. “There is inadequate protection of information due to outdated IT tools, which can result in an increase in cybersecurity incidents or privacy breaches,” the strategy says.