Shared Services role in cybersecurity
- SSC protects the Government of Canada’s IT infrastructure from vulnerabilities and ensures the safety and security of data.
- We develop security policies, standards, plans and designs, and provide security-related services for the delivery of federal government services.
- We are responsible for applying controls such as firewall, anti-virus and anti-malware, secure remote access, and vulnerability management to Government of Canada systems and services.
- SSC is focused on three security service areas:
- Infrastrucure security – plan, design and operate security infrastructure that provides technical controls required to protect GC information and assets.
- Secret Infrastructure – delivering a consolidated and coordinated Government of Canada secret infrastructure that will further enable government officials to communicate effectively and securely at all times; and
- Security Management and Governance – providing risk assessment services, ensuring adherence to cyber policies and standards, coordinating cyber security-related audits and evaluations, maintaining security compliance, and managing SSC’s Communications Security (COMSEC) account and equipment for enterprise infrastructure and facilities.
- SSC also gathers, analyzes, consolidates and facilitates the sharing of operational threat and vulnerability information related to the common IT services and Government IT critical infrastructure we manage.
- We then communicate the information to the Canadian Centre for Cyber Security and, as authorized, to departments and cyber security partners.
- Working with security partners, SSC provides services such as perimeter defence, vulnerability management, supply chain integrity, and an integrated cyber and information technology security program to protect the infrastructure supporting other departments and agencies.
Collaboration
- Many organizations across the federal government also have a role to play with respect to cyber security in Canada.
- Shared Services Canada engages and works with these departments to improve its ability to effectively respond to any cybersecurity threat or cyber event.
- For instance, SSC works with the Canadian Centre for Cyber Security and other Government of Canada agencies to provide effective security services that safeguard data and infrastructure across the Government of Canada.
- SSC monitors cyber security with the Centre by continuously scanning networks for potential weaknesses on IT devices and infrastructure, and by scanning network traffic to detect and prevent cyber-attacks.
- We continue to improve our vulnerability and patch management processes across all systems and services to reduce exposure to cyberattacks, avoid lost productivity, and protect data and infrastructure.
