Cyber Security of Government Networks and Systems

This chart defines the terms “cyber security event,” “cyber security incident,” and “cyber attack” and includes examples for each term. It also shows that a cyber security event includes a cyber security incident and that a cyber security incident includes a cyber attack.

A cyber security event is any observable occurrence or change in a system or network that may have security relevance. Events do not necessarily mean a security breach or violation but can become incidents. Two examples of cyber security events are as follows:

• a user logging in to a system at an unusual time
• a firewall blocking a connection

A cyber security incident is an unauthorized or disruptive event that has an adverse effect on computer systems, networks, or data. It includes both intentional (malicious) and unintentional (accidental) events. All cyber security incidents are events, but not all incidents are attacks. Two examples of cyber security incidents are as follows:

• an unauthorized access to a system
• an accidental data exposure

A cyber attack is a deliberate, malicious action to access, disrupt, damage, or steal information from computer systems, networks, or devices. All cyber attacks are incidents. Three examples of cyber attacks are as follows:

• ransomware
• a denial‑of‑service attack
• a theft of data

This chart shows the strategy objectives and examples of key actions of the Government of Canada Enterprise Cyber Security Strategy.

The strategy’s vision is as follows: “Building a world‑class, sustainable, and resilient federal government to reduce cyber security risks so that departments and agencies can enable secure and reliable digital service delivery.” The federal organizations that are responsible for implementing the strategy are the Treasury Board of Canada Secretariat, Communications Security Establishment Canada, Shared Services Canada, and other departments and agencies.

The chart lists 4 strategy objectives, and 2 examples of key actions are listed for each objective. There are many other actions under the strategy. The examples listed here represent some of the actions intended to have a government‑wide impact.

• Strategy objective: Articulate cyber security risk and its business impacts. The 2 examples of key actions are as follows:
  • Establish a government‑wide compliance and assurance program to assess departments’ cyber security defences to identify and prioritize cyber security risks.
  • Create a government‑wide vulnerability management program to manage and reduce vulnerabilities affecting government systems and networks.
• Strategy objective: Prevent and resist cyber attacks more effectively. The 2 examples of key actions are as follows:
  • Expand cyber security defences to small departments and agencies.
  • Establish a framework to improve the ability to detect and prevent fraudulent activity against government applications.
• Strategy objective: Strengthen capabilities and resilience across the Government of Canada. The 2 examples of key actions are as follows:
  • Establish a framework for departments to maintain accurate asset inventories of government applications and systems. Conduct year‑round testing and reviews of cyber security protection and defence.
  • Implement a government‑wide cyber security event collaboration platform to manage and respond to cyber events.
• Strategy objective: Foster a diverse federal workforce with the right cyber security skills. The 2 examples of key actions are as follows:
  • Build cyber talent through cross‑functional training programs in cyber security.
  • Promote a talent management culture to recruit and retain skilled candidates.

This chart shows the 3 types of cyber security defence sensors that Communications Security Establishment Canada developed and the years when they were each deployed.

In 2010, the department deployed the network‑based sensor, which detects and mitigates cyber security incidents on the government’s networks. This sensor is typically integrated with Shared Services Canada’s Enterprise Internet Service.

In 2012, the department deployed the host‑based sensor, which detects cyber attacks on IT endpoint devices such as laptop computers, servers, and local networks. The sensor analyzes and processes collected information to detect suspicious cyber security events occurring on a host machine. The information gathered is used to report anomalies and weaknesses to affected federal organizations.

In 2019, the department deployed the cloud‑based sensor, which operates in federal organizations’ cloud infrastructure and works in conjunction with the defences provided by cloud vendors. This sensor automates the collection of logged activity in the cloud and analyzes the information to detect and mitigate suspicious cyber security events.

This exhibit presents 2 charts: 1 chart showing the number of federal organizations that voluntarily use Shared Services Canada’s Enterprise Internet Service and 1 chart showing the number of federal organizations that voluntarily use Communications Security Establishment Canada’s cyber security defence sensors.

Of the 119 federal organizations that are not required to use Shared Services Canada’s Enterprise Internet Service, 24 organizations, or 20%, voluntarily used it, and 95, or 80%, did not.

Similarly, of these 119 organizations, 76 organizations, or 64%, voluntarily used 1 or more of Communications Security Establishment Canada’s cyber security defence sensors, and 43, or 36%, did not.