Cyber strategy not enough, say experts
Canada's federal government unveiled its long-awaited cybersecurity strategy in early October, committing $90 million over five years and $18 million in ongoing funding.
Public safety Minister Vic Toews announced $3.5 million in funding for a new 24-hour Information Protection Centre as part of the initiative.
The strategy is built on three pillars: securing government systems, securing non-government systems (including both provincial and private-sector machines), and general public education.
Public Safety Canada will be charged with securing federal systems. It will develop an approach encompassing the whole government, and will continue to use the Canadian Cyber Incident Response Centre, set up in 2005, as a pivotal point for addressing cybersecurity threats.
The strategy document didn't mention the Information Protection Center. One of the few concrete commitments that it did outline was the introduction of legislation that would require ISPs to provide basic customer identification data, and a requirement for them to maintain systems that could be intercepted by law enforcers.
“I was underwhelmed,” said Professor Ron Deibert, who runs the Citizen Lab at the University of Toronto. "This isn't a strategy at all. It is a tactical stopgap. It assumes that we can deal with the problems by focusing on the domestic front," he said, arguing that Canada needs to extend its reach further afield. “We presently do not have a foreign policy for cyberspace,” Diebert warned.
“It is a step in the right direction, however many more are required,” said Adrien de Beaupre, a senior IT security consultant at EWA-Canada.
The Canadian government is also preparing legislation to ratify the Council of Europe's Convention on Cybercrime, which it has already signed.