New national standard to protect SMEs against cyberattacks under development

In its effort to protect Canadian small and medium-sized enterprises (SMEs) from cyberattacks, the Standards Council of Canada (SCC) has engaged CIO Strategy Council to develop a National Standard of Canada for the CyberSecure Canada certification program.

The work is a result of the 2018 National Cyber Security Strategy(link is external) (NCSS) in which Innovation, Science and Economic Development (ISED), Communications Security Establishment (CSE), and SCC have come together to create a voluntary, recognizable certification to enable SMEs to demonstrate that they meet a baseline set of security practices.

The NCSS indicated that SMEs often lack the knowledge, technical expertise and resources to implement cyber security regimes, and are not fully aware of their systems’ vulnerabilities. The CyberSecure Canada certification program(link is external), launched in August 2019, lays out a path for businesses to improve cyber resilience and helps participants position their cyber security practices for a more competitive advantage domestically and abroad, while promoting consumer trust in the digital economy. The CyberSecure Canada program is founded upon the Baseline Cyber Security Controls for Small and Medium Organizations (link is external)developed by CSE’s Canadian Centre for Cyber Security.

“Canadians should feel confident that their data is safe and their privacy is respected. Through CyberSecure, our government is helping small and medium-sized businesses protect themselves against cyber threats, increase consumer confidence and promote broader trust in the digital economy” said the Honourable Navdeep Bains, Minister of Innovation, Science and Industry.

“Cyberattacks have huge implications for companies, from operations to reputation, which directly impact the Canadian economy,” said Elias Rafoul, SCC’s Vice-President of Accreditation Services. “A National Standard of Canada for cyber security assessment and resiliency means that the Canadian context is incorporated into both the development process and content of the standard to address this critical industry need.”

The new standard will address security controls such as the development of an incident response plan, automatic patching of operating systems and applications, enable security software, the use of strong authentication, data backups and encryption. The standard will further support the CyberSecure Canada program, and will be low burden, easily accessible, affordable, effective, national in scope, and sector neutral.

“Our members welcome the opportunity to shape this critical new standard for Canada,” said Jim Balsillie, co-chair of the CIO Strategy Council. “By providing leadership on strong security, practices including compliance, Canadian businesses can advance both their growth and their customer’s expectations for cyber safety.”

About the Standards Council of Canada

The Standards Council of Canada (SCC) is a federal Crown corporation responsible for promoting standardization in Canada. SCC leads and facilitates the development and use of national and international standards and accreditation services in order to enhance Canada’s competitiveness and well-being. SCC’s mission involves working with its stakeholders and customers to promote efficient and effective standardization that strengthens Canada’s competitiveness and social well-being.

About the CIO Strategy Council

The CIO Strategy Council provides a forum for Canada’s most forward-thinking chief information officers to focus on collectively transforming, shaping, and influencing the Canadian information and technology ecosystem. The Council has deployed a nationally-accredited, agile, and consensus-based standards-setting process that matches the speed of innovation and advancement in ICT.  Learn more at ciostrategycouncil.com(link is external).