A parliamentary committee is urging the federal government to produce an annual national security threat assessment and provide businesses with more guidance on preventing cyber attacks.
In a report tabled in Parliament last week, the House of Commons committee on public safety said that various agencies and committees dealing with national security are working independently, resulting in a patchwork of reports from different sources.
These recommendations should be gathered to create an annual priority list, the MPs argued, similar to the approach taken in Washington.
This should start with a review of the various “cyber roles, responsibilities, and structures that exist across the federal government” to ensure “coherence, coordination, and timely action,” they added.
The committee heard from witnesses about cyber attacks originating from Russia that have targeted Canadian firms, reported The Canadian Press, including the NotPetya attack in 2017 and the 2020 SolarWinds Orion hack.
The MPs said Canada could do more to prevent such attacks, in part by compelling mandatory reporting. compelling mandatory reporting by companies that experience cyber incidents.
They called on the Canadian Security Establishment (CSE) to play a more active role in educating smaller businesses about how to prevent cyber attacks, and to provide tax breaks for companies to improve their data protection measures.
The government should compel firms and government bodies “to prepare for, prevent and report serious cyber incidents,” the MPs said further, with clear timelines for reporting and lessons-learned exercises after a hack.
Witnesses said critical infrastructure operators have lax rules compared with European and American counterparts. They also noted that hackers tend to focus on larger targets, but that smaller firms lack protection.
The MPs also noted calls from witnesses for better cooperation with the US on cyber attacks on critical infrastructure, just like the binational North American Aerospace Defence Command (Norad).
The committee further proposed that the government work with internet service providers and social media platforms “to counteract online bots that are amplifying state-sponsored disinformation” from Russia, adding that Ottawa should support Russian dissidents and journalists by funding media outlets or offering refuge to academics and technology workers.
“Concern about Russia is heightened because it has shown a willingness to cross internationally recognized red lines,” the committee report said.
Furthermore, the MPs called for the creation of a foreign agent registry, which the government is already consulting the public on.
What are your thoughts on preventing cybersecurity risks? Feel free to share your comments below.
