Government cybersecurity expertise is now available to the Canadian public.

Nobody is immune from the cyberattacks that are on the rise worldwide — not even the Canadian government. That’s why the Communications Security Establishment (CSE) plays a vital role in our national security.

While defending the Canadian government against cyberattacks and protecting Canadians’ information is the CSE’s main goal, Deputy Chief of IT Security Scott Jones says another priority is emerging.

“With the internet powering the economy, it’s important to share cybersecurity tools and technology that we might have previously used just to protect government systems, ” he says.
In the past the CSE was a quiet arm of the government, but with the rise of the importance of cybersecurity, it’s taken on a more prominent role. The Government’s proposed national security legislation, Bill C-59, includes the CSE Act, which is designed to more clearly outline the organization’s ability to defend important cyber networks across Canada and undertake cyber operations within strict limits.

“We’ve been code makers and code breakers for 70 years,” says Jones, although today there’s a real need to share their knowledge with the private sector and other Canadians.

Resiliency through collaboration

Jones says many Canadians would be surprised to know how willing the CSE is to speak out and collaborate with others to make a stronger cybersecurity ecosystem.

“Making Canada more resilient to cyberattacks is going to be done through collaboration,” he says. “And we have the willingness and desire to engage others.”

Jones says this includes collaborating with multiple sectors such as the government, academia, non-profits, and the private sector. CSE offers specialized cybersecurity training to government organizations, and freely shares cybersecurity tools with the private sector and best practices  with the Canadian public.

Top 10 cybersecurity tools

Small- and medium-sized enterprises don’t always have the capacity for a large internal cybersecurity force.  This is where using CSE’s special cybersecurity materials, based on their own best practices, really has an impact on the security of a business.

“We have gained a lot of experience defending the government from online threats,” Jones says. “It’s not theory for us, it’s reality.”

The CSE website features a large number of educational articles and videos to help share their cybersecurity knowledge and techniques.

Jones says one of the most critical things a company can do is follow the CSE’s Top 10 IT Security Actions list to improve cybersecurity. While this list currently focuses on actions for the government, CSE will be releasing updated advice for everyone in the coming days.

The top 10 actions are:

  1. Use Shared Services Canada (SSC) internet gateways
  2. Patch operating systems and applications
  3. Enforce the management of administrative privileges
  4. Harden operating systems
  5. Segment and separate information
  6. Provide tailored awareness and training
  7. Manage devices at the enterprise level
  8. Apply protection at the host level
  9. Isolate web-facing applications
  10. Implement application whitelisting