Government develops cybersecurity certification process for defense contractors

OTTAWA — The federal government says that certain defense contracts will be subject to a mandatory cybersecurity certification process beginning in winter 2024.

OTTAWA — The federal government says that certain defense contracts will be subject to a mandatory cybersecurity certification process beginning in winter 2024.

Defense Minister Anita Anand made the announcement Wednesday morning at the Canadian Defense and Security Industries Association’s annual trade show in Ottawa, known as CANSEC.

Anand’s speech focused on military modernization, one of his department’s key priorities as it works to finalize the defense policy review that was announced in the 2022 budget.

In the second keynote address of the day, his Ukrainian counterpart revealed that Canada’s updated policy will be released to the public in July.

Oleksii Reznikov’s virtual pre-recorded speech for the trade show at noon included a call for long-term support of Canada and the Canadian defense industry as his country continues to fend off the Russian invasion that began more than 400 days ago.

“Ukraine has given a list of Canadian products and technologies it needs to the Canadian government,” he said.

“In addition, we expect a substantial volume of technical assistance to be provided to Ukraine in the framework of the defense policy review, which will be published in July.”

The Liberal government’s defense policy was published in 2017. Many observers expected the update to be published last fall, but the public consultation period was extended in March and closed at the end of April.

A spokesman for Anand’s office said the department is not yet ready to announce a timetable for the release of the policy update.

It’s unclear exactly how support for Ukraine will be factored into the update, but Anand has repeatedly said that Russian President Vladimir Putin’s invasion of that country has drastically changed the global threat landscape.

In his speech on Wednesday morning, he said that Russia’s use of disinformation campaigns and cyberattacks has highlighted the need for better cybersecurity practices.

He also said that defense contractors are often the target of malicious cyberattacks that threaten unclassified government information and put supply chains at risk.

“Cyber ​​threats are also growing here at home, where malicious cyber activities have targeted government and defense contractors and subcontractors,” he said.

The federal government set aside $25 million in this year’s budget to develop the program over the next three years. It will be designed “on par” with the United States so that the certification will be recognized in both countries, Anand said.

“This means that defense contractors doing business in both countries will only need to be certified under a single entity, and will ensure that Canadian companies can take advantage of future procurement opportunities with our allies,” he said.

Anand also announced that $1.5 million a year will go towards an indigenous reconciliation program within his department, which will aim to support consultation on research and infrastructure projects.

“Partnerships with industry will be crucial if we are going to modernize our military, if we are going to optimize defense procurement, if we are going to build our ecosystem of innovation, and if we are going to guarantee opportunities for indigenous peoples,” she said.

This report by The Canadian Press was first published on May 31, 2023.

Sarah Ritchie, The Canadian Press