Cyber Security and Policy Statements
COVID-19 has had a profound impact on our country and the world. This uncertain environment is ripe for exploitation by threat actors seeking to advance their own interests. Canada's security and intelligence organizations, the Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (the Cyber Centre), and the Canadian Security Intelligence Service (CSIS), recognize these unique conditions and have developed a complementary approach to mitigate these threats.
In fall 2020, Innovation, Science and Economic Development Canada (ISED) released a policy statement highlighting the importance that the Government of Canada places on safeguarding Canadian research. This is especially relevant given the increased targeting of COVID-19 related research during the pandemic. The policy statement – that can be found here – was accompanied by letters sent to the granting councils and the Canada Foundation for Innovation (CFI) emphasizing the shared responsibility to protect Canada’s research.
In spring 2021, ISED followed this COVID-19 policy statement with a similar statement, reaffirming the roles that researchers, research organizations and government all have to play in safeguarding Canada’s research ecosysem. The statement – which can be found here – also asked members of the Government of Canada-Universities Working Group to develop specific risk guidelines to integrate national security considerations into the research partnerships process. These guidelines can be found here, and will better position Canadian researchers, research institutions, and government funders to undertakes due diligence to protect against research security threats.
CSIS and CSE are working in line with their respective mandates to ensure that Canadian businesses, research entities, and different levels of government are aware of the threat environment and that they have the tools and information they need to protect themselves. Read their joint statement here.
Improving cyber security capacities
With regards to the specific threats, the Cyber Centre has assessed that the COVID-19 pandemic presents an elevated level of risk to the cyber security of Canadian health organizations involved in the national response to the COVID-19 pandemic.
To help mitigate those risks, CSE, and the Cyber Centre, are continuously raising public awareness of cyber threats to Canadian health organizations by issuing cyber threat alerts, and providing tailored advice and guidance to Canadian health organizations, government partners, and industry stakeholders. For more information on these alerts and to receive the frequent updates, visit the Cyber Centre, Alerts and Advisories webpage.
The Cyber Centre has recently partnered with the Canadian Internet Registration Authority (CIRA) on the CIRA Canadian Shield, a free protected DNS service that prevents users from connecting to malicious websites that might infect their devices or steal personal information. Visit the CIRA Canadian Shield webpage for more information or to register to the DNS service.
CSE has assessed that it is near certain that state sponsored actors have shifted their focus during the pandemic, and that Canadian intellectual property represents a valuable target. However, it is equally important to note that the bulk of the malicious threat activity we have observed during the COVID-19 pandemic continues to be criminal in nature. As a result, the Cyber Centre has and continues to recommend that Canadian health organizations remain vigilant and take the time to ensure that they are applying cyber defence best practices, including increased monitoring of network logs, reminding employees to be alert to suspicious emails, using secure teleworking practices, and ensuring that servers and critical systems are patched for all known security vulnerabilities.
Cyber security resources
- Cyber Security Advice and Guidance for Research and Development Organizations During Covid-19
- Don’t take the bait: Recognize and avoid phishing attacks
- Security Tips for Organizations With Remote Workers
- Cyber Hygiene for COVID-19
- Focused Cyber Security Advice and Guidance During COVID-19
Protecting intellectual property from foreign interference and espionage
CSIS has observed an increased risk of foreign interference and espionage due to the extraordinary effort of our businesses and research centres. As a result, CSIS is working with these organizations to ensure that their work and proprietary information remains safely in their control. Its focus is on protecting Canadian intellectual property from these threats - and jobs and economic interests with it. This support includes leading discussions with organizations to raise their organizational awareness of the potential threats, and assisting them in developing a strategy to protect their research and interests. CSIS also aims to broaden the conversation on these risks, as they can extinguish the prospects of any single business and, in the aggregate, these risks can pose challenges to entire sectors, placing Canada at a long-term disadvantage that could erode our prosperity and way of life.
- Date modified: