Government developing cybersecurity certification for defence contractors
OTTAWA — The federal government says certain defence contracts will be subject to a mandatory cybersecurity certification process starting in the winter of 2024.
Defence Minister Anita Anand made the announcement Wednesday morning at the Canadian Association of Defence and Security Industries annual trade show in Ottawa, which is known as CANSEC.
Anand’s speech focused on military modernization, one of her department’s key priorities as it works to finish up the defence policy review that was announced in the 2022 budget.
In the day’s second keynote speech, her Ukrainian counterpart revealed that Canada’s updated policy will be released to the public in July.
Oleksii Reznikov’s pre-recorded virtual address to the trade show at noon included a call for long-term support from Canada and the Canadian defence industry as his country continues to defend itself against the Russian invasion that began more than 400 days ago.
“Ukraine has given a list of the Canadian products and technologies it needs to the Canadian government,” he said.
“Besides, we expect a substantial volume of technical assistance to Ukraine will be provided within the framework of the defence policy review, which is scheduled to be released in July.”
The Liberal government’s defence policy was released in 2017. Many observers had expected the update to be released last fall, but the public consultation period was extended in March and closed at the end of April.
A spokesman for Anand’s office said the department is not yet ready to announce a timeline for the policy update’s release.
It is not clear exactly how support for Ukraine will factor into the update, but Anand has repeatedly said Russian President Vladimir Putin’s invasion of that country has changed the world’s threat landscape dramatically.
In her speech Wednesday morning, she said Russia’s use of disinformation campaigns and cyberattacks has highlighted the need for better cybersecurity practices.
She also said defence contractors are often targets of malicious cyberattacks that threaten unclassified government information and put supply chains at risk.
“Cyberthreats are growing here at home, too, where malicious cyber activities have targeted government and defence contractors and subcontractors,” she said.
The federal government set aside $25 million in this year’s budget to develop the program over the next three years. It will be designed “in lockstep” with the United States so that certification will be recognized in both countries, Anand said.
“This means that defence contractors doing business in both countries will only need to be certified under a single entity, and it will ensure that Canadian companies can benefit from future procurement opportunities with our allies,” she said.
Anand also announced that $1.5 million a year will go toward an Indigenous reconciliation program within her department, which will aim to support consultation on infrastructure projects and research.
“Partnerships with industry will be crucial if we’re going to modernize our military, if we’re going to streamline defence procurement, if we’re going to build up our innovation ecosystem and if we’re going to ensure opportunities for Indigenous Peoples,” she said.