Government developing cybersecurity certification process for defence contractors

The federal government says certain defence contracts will be subject to a mandatory cybersecurity certification process starting in the winter of 2024.

Defence Minister Anita Anand made the announcement Wednesday morning at the Canadian Association of Defence and Security Industries annual trade show in Ottawa, which is known as CANSEC.

Anand said defence contractors are often targets of malicious cyberattacks that threaten unclassified information and put supply chains at risk.

She said Russia’s use of disinformation campaigns and cyberattacks during the war in Ukraine has highlighted the need for better protections.

“Cyberthreats are growing here at home, too, where malicious cyber activities have targeted government and defence contractors and subcontractors,” she said.

The federal government set aside $25 million in this year’s budget to develop the program over the next three years. It will be designed “in lockstep” with the United States so that certification will be recognized in both countries, Anand said.

“This means that defence contractors doing business in both countries will only need to be certified under a single entity, and it will ensure that Canadian companies can benefit from future procurement opportunities with our allies,” she said.

Anand also announced that $1.5 million a year will go toward an Indigenous reconciliation program within her department, which will aim to support consultation on infrastructure projects and research.

“Partnerships with industry will be crucial if we’re going to modernize our military, if we’re going to streamline defence procurement, if we’re going to build up our innovation ecosystem and if we’re going to ensure opportunities for Indigenous Peoples,” she said.

This report by The Canadian Press was first published May 31, 2023.