The Liberals promised to add $875.2 million over five years to planned government spending related to cybersecurity, according to the latest federal budget project.
Announced this afternoon, Budget 2022 also proposes to provide $238.2 million per year after the initial five-year period for additional measures to address the rapidly evolving cyber threat landscape. The budget still needs to be approved by Parliament.
The expense will include:
–$263.9 million over five years, beginning in 2022-23, and $96.5 million annually continuing to enhance Communications Security Establishment (CSE) capabilities to launch offensive cyber operations to prevent and defend against cyber attacks . The CSE is a division within the Department of Defense that is responsible for protecting federal IT networks;
–$180.3 million over five years, beginning in 2022-23, and $40.6 million per current year to enhance CSE’s capabilities to prevent and respond to cyberattacks on critical infrastructure;
–$178.7 million over five years, beginning in 2022-23, and $39.5 million annually continuing to expand cybersecurity protection for small Crown departments, agencies and corporations; and,
–$252.3 million over five years, beginning in 2022-23, and $61.7 million per ongoing year for CSE to make critical government systems more resilient to cyber incidents.
There would also be extra money to help cybersecurity researchers in fields like quantum computing and artificial intelligence.
The budget proposes $17.7 million over five years, beginning in fiscal year 2022-23, and $5.5 million annually thereafter through 2031-32, for CSE to establish a unique research chair program to fund scholars who conduct research on cutting-edge technologies relevant to CSE activities. Researchers who receive these grants will split their time between peer-reviewed publishable research and CSE-ranked research.
The budget also proposes funds to combat online disinformation from adversaries. Global Affairs Canada would receive $13.4 million over five years, beginning with the new fiscal year that begins in late April, with $2.8 million per ongoing year after that. The money would go towards revamping and expanding the G7 Rapid Response Mechanism, which was created by the G7 nations in 2019 to tackle the threat of disinformation and protect G7 democracies from foreign threats. Since then, the budget says, the program has played a key role in detecting and identifying foreign interference and state-sponsored disinformation against democracies, and also in monitoring federal elections in Canada.
To support Canadian research to combat misinformation and disinformation, the budget proposes to give the Office of the Privy Council $10 million over five years to continue to coordinate, develop and implement government measures designed to combat these threats. The Privy Council is the cabinet secretary, and the Privy Council secretary is the head of the civil service.
David Shipley, CEO of New Brunswick’s Beauceron SecurityHe said he’s glad to see additional spending for both offensive and defensive cyber operations. Additional funding to prevent and respond to attacks on critical infrastructure, including hospitals, is also welcome. “I would have liked to see funds available directly to hospitals instead of just bolstering CSE’s capacity,” he added. “The budget identified funds for institutions of higher education to protect research, which is a victory and a model of what should be done for hospitals.”
The biggest challenge to federal and private sector cooperation, particularly with critical infrastructure, is the lack of mandatory breach reporting to the CSE in addition to a federal or provincial privacy commissioner, and liability protection similar to laws passed in the United States. USA, he noted. . “CSE may have all the talent, technology and money in the world, but if a critical infrastructure provider doesn’t tell them about a breach or agree to help, it won’t be much.”
“I also expected to see more money to directly help small and medium-sized businesses with the rising cost of cybersecurity. Clearly, there is more work to be done to make it easier for them to afford to improve their security, particularly at a time when they are coming out of the pandemic and trying to rebuild their businesses.”
However, he would have liked to see at least some funds go to Canadian small and medium-sized businesses, as well as municipalities, to help improve their cybersecurity posture. “It’s good to put money directly into federal departments like the CSE, but we should try to improve the security of small and medium-sized businesses and municipalities,” she said in an interview. “They are the ones who take the most hits.”