On November 13, 2015, as part of the new Canadian Prime Minister’s commitment to an open and transparent government, ministerial mandate letters were made public. These letters outline a broad framework for what ministers are expected to accomplish, including specific policy objectives and challenges to be addressed. While they are not intended to be an exhaustive list of all files that a Minister needs to address, they provide insight in terms of the government’s overall priorities for the ministry.
The ministerial letter issued to the Minister of Public Safety and Emergency Preparedness (the “Minister”) lists several priorities, most notably:
“Lead a review of existing measures to protect Canadians and our critical infrastructure from cyber-threats, in collaboration with the Minister of National Defence, the Minister of Innovation, Science and Economic Development, the Minister of Infrastructure and Communities, the Minister of Public Services and Procurement, and the President of the Treasury Board.”
Recognizing cyber threats in the context of ensuring the security of Canada’s critical infrastructures is an important step. The Minister will be able to build upon the existing Public Safety’s Action Plan for Critical Infrastructure (2014-2017) which outlines the government’s cyber strategy to protecting critical infrastructures. Given the changing landscape when it comes to cyber threats, the timing of the Minister’s review is timely. He will likely want to lead a full review of all measures currently in place when it comes to countering and responding to cyber threats and also reinforcing coordination efforts with international counterparts. He may want also wish to intensify collaboration with businesses operating in the critical infrastructure space (and the broader economy as well) to implement measure to improve their cyber resiliency. These efforts will assist the Minister in articulating a comprehensive cyber strategy not only as it relates to critical infrastructures but for the entire country.
Cyber threats have become a real security issue for most countries, including Canada. Indeed, in comments to the media, the head of the Canadian Security Intelligence Services (“CSIS”) indicated that cyberattacks on the country’s critical infrastructure is a major threat and that “cyber is one of our top priorities.”
In the United States, the Department of Homeland Security (“DHS”) has specifically identified 16 critical infrastructure assets that constitute the assets, systems and networks that are “so vital to the United States that their incapacitation or destruction would have a debilitating effect on security national economic security, national public health or safety, or any combinations thereof.” These sectors include commercial facilities, critical manufacturing, defence industrial base, energy, financial services, food and agriculture, etc. DHS leads the initiative by collaborating with other agencies and departments both to prevent/mitigate cyberattacks and to lead a response in the case of a major cyber incident.
The collaborative and multi-ministerial approach will likely ensure that Canada’s existing cybersecurity strategy is refreshed, refined and that appropriate government agencies (including their provincial and municipal counterparts) are engaged. It will also be important to engage with other key stakeholders such as the business community and community organizations that would be at the frontlines of any potential cyberattack.