For Shared Services Canada, cyber and IT security are team sports

Today’s rapidly evolving digital world continues to transform the way Canadians live, work and access information. As Canadians become increasingly reliant on Internet-connected technologies, and as the Government of Canada (GC) continues to shift its services online, ever-escalating cyber security threats will remain a growing and persistent risk to government operations.

As such, the effective management and coordination of cyber and IT security across government is critical in ensuring that the GC can stay ahead of cyber threats, protect government systems, sensitive data and personal information, and secure the delivery of reliable digital services to Canadians.

The IT Security Tripartite: Canada’s cyber and IT security team

Cyber and IT security are a shared responsibility within the federal government. While GC departments and agencies are accountable for ensuring security for their own organizations, the Treasury Board of Canada Secretariat (TBS), Shared Services Canada (SSC) and the Communications Security Establishment’s Canadian Centre for Cyber Security (Cyber Centre) all play unique enabling roles in protecting the GC’s networks, systems and IT infrastructure.

Known as the IT Security Tripartite, these organizations manage, coordinate and oversee cyber and IT security initiatives across the GC. For its part, SSC provides the IT infrastructure and modern commercial defences that protect GC networks and systems from a wide range of cyber threats. This includes applying cyber security measures such as unified threat management solutions, advanced threat protection, endpoint protection, AI-powered advanced denial of service defence and AI-powered real-time sandboxing protection technologies. SSC also reduces vulnerabilities by modernizing, standardizing and consolidating the government’s IT infrastructure.

When a cyber event strikes

In addition to these responsibilities, the Tripartite is also part of a comprehensive cyber security event management plan that provides an operational framework for stakeholders across government to quickly and effectively respond to, and mitigate, cyber events.

While this process is led and coordinated by TBS and the Cyber Centre, SSC’s responsibilities during a cyber event are internal-facing and include:

• monitoring SSC-managed networks for unusual activity and blocking related cyber threats
• assessing any impacts a cyber event might have on GC program and service delivery
• responding to Cyber Centre and TBS recommendations during a cyber event
• implementing prevention, mitigation and recovery efforts such as emergency patching and infrastructure isolation
• producing post-cyber event reports, including a timeline of events and root-cause analysis

These activities are part of SSC’s cyber and IT security operations and involve close collaboration with the Cyber Centre, TBS and other departments and agencies in minimizing the impact of cyber events on GC networks and systems.

“The safety and security of Canadians is, and has always been, our top priority. In an increasingly uncertain and hostile digital world, cyber security has become more important than ever, and SSC understands the importance of continuously investing in IT security to reinforce the security posture of the GC’s IT infrastructure.”

Cyber and IT security is an ongoing team effort

Cyber and IT security will continue to be of the utmost importance in the years ahead as governments and organizations across the globe face persistent and sophisticated cyber threats in our increasingly digital world.

Accordingly, strengthening the government’s cyber and IT security resilience will be an essential and ongoing team effort for the GC, the IT Security Tripartite and for SSC.

Looking ahead, SSC will continue to prioritize investments in the modernization of our IT security and infrastructure services as we work to protect federal networks, systems and data; address cyber events and vulnerabilities when they arise; and help ensure that Canadians can continue to access essential GC programs and services on trusted and secure digital platforms.