Everyone these days is aware that the internet’s immense benefits come with significant cyber threats. Be these the scourge of scammers or sophisticated state-sponsored cyber attacks, there is a recognized need for enhanced defences.
As a major public-policy focus, cyber security impacts on a wide array of domestic and international interests. Governments in their policies have struggled to keep up with the growth of the internet and the rapidity of technological developments.
The Canadian government’s effort to articulate a national strategy for cyber security dates back to October 2010. That strategy set out three basic aims: securing federal computer systems, partnering to help secure non-federal-government systems, and public education to help Canadians be secure online. There was reference to Public Safety taking the lead in coordinating a set of inter-departmental committees, but little guidance as to how oversight of the implementation of the national strategy was to be realized.
Seven years is a lifetime in cyberspace and there has been little since the fall of 2010 to show the public as to how the government was advancing its strategy. A series of public consultations were carried out in 2016 seeking views on a set of questions, and answers duly compiled.
The government also did an evaluation of the original national strategy, releasing the results in September. This evaluation was one of internal procedure rather than an effort to judge the effectiveness of the national strategy. Its conclusions provided tepid support for the government’s approach.
On the key governance issue, the evaluation said the absence of minutes of inter-departmental meetings and of staff with corporate memory meant that the evaluators could not judge the effectiveness of these arrangements or whether the oversight role they were to provide was fulfilled. The evaluation noted there were still problems with overlapping mandates and a lack of clarity as to what federal agency was the point of contact for the private sector on cyber security matters.
Australia takes the lead
Contrast this rather muddled situation with the Australian government’s efforts to address in a purposeful way the challenges of ensuring cyber security.
Following up on an initial national cyber security released in 2009, the Australian government had taken significant steps in 2011 to put responsibility for cyber security under the Department of the Prime Minister and Cabinet (reflecting a top priority for what necessarily is a whole-of-government exercise) and in 2014 by establishing an integrated Australian Cyber Security Centre.