Canada NewsNews

Filipe Dinis: Collaboration is key to mature the resilience of Canada’s critical infrastructure

Organizations of all sizes must ensure Canada is better prepared to withstand cyberattacks, other operational risks

Article content

Recent events such as the pandemic and Russia’s invasion of Ukraine have been accompanied by a growing range of cyber threats. It should be a top priority for organizations of all sizes to ensure that Canada is better prepared to withstand cyberattacks and other operational risks. Cross-sector collaboration will be key.

Advertisement 2

Story continues below

Article content

Cyber threats pose an important risk to an advanced, interconnected open economy such as Canada’s. A successful cyberattack on a major financial institution, financial market infrastructure (FMI), or other critical infrastructure, such as a power grid or telecommunications system, could significantly disrupt the Canadian financial system and economy.

While federal and provincial regulators play a key role in ensuring resilience, an even greater benefit can be achieved through a collaborative multi-sector approach to resilience.

Our financial institutions, FMIs and critical infrastructures are so highly interconnected that the impact on both businesses and individuals could be severe if even one component is disrupted.

Advertisement 3

Story continues below

Article content

A striking example is the Rogers Communications Inc. outage on July 8 that disrupted wireless, cable, telephone and internet services across the country. This had an immediate and significant impact across many sectors, including the financial sector. Millions of individuals and businesses were unable to buy a morning coffee, access emergency assistance, or take payment for goods or services.

Although the outage was not due to a cyber incident, it is highly revealing. Many Canadian entities rely on the same third-party service providers, so all would be vulnerable if a provider were unable to respond to or recover from a cyber breach.

While the Rogers incident does raise some important new questions, it is important to know that both public- and private-sector entities have measures in place to protect their own operations from cyberattacks and improve their ability to swiftly recover if an incident does occur.

Advertisement 4

Story continues below

Article content

We are also seeing more collaborative efforts to promote system resilience. New relationships have been formed to link the financial sector with federal and provincial governments across critical sectors. One example is the Resiliency of Wholesale Payments Systems group, a collaboration between the Bank of Canada, Canada’s six largest banks and Payments Canada. Its purpose is to share information and enhance the cyber resilience of Canada’s wholesale payments systems.

The Canadian Financial Sector Resiliency Group (CFRG), a public-private partnership spearheaded by the Bank of Canada, has also been working to strengthen the financial sector in the face of risks to business operations, including cyber incidents.

Advertisement 5

Story continues below

Article content

CFRG members came together swiftly as the Rogers outage unfolded to share information and assess the impact on the financial system. The incident reinforced the need for CFRG to forge more partnerships. They will also proceed with plans to assess the interconnected operational risks, including cyber, between the financial system and telecommunications and energy sectors.

  1. The International Monetary Fund headquarters in Washington, U.S.

    Ukraine-Russia conflict to test resilience of global financial system: IMF

  2. Finance Minister Chrystia Freeland Freeland will be looking at recommendations from an advisory committee on the policy known as open banking, which allows consumer to control their financial data.

    Chrystia Freeland has the blueprint to revolutionize Canadian banking — so let’s use it

  3. TORONTO ONTARIO: JULY 11, 2022—COMMUNICATIONS—Customers continue to question recent day long blackout of Rogers internet, cell phone and cable services , Monday July 11, 2022. [Photo Peter J. Thompson/National Post] [National Post/TBA for National Post]

    Rogers has its work cut out for it in outage aftermath as Shaw merger deadline looms

  4. A person walks past the Rogers Communications' building in Toronto.

    Ottawa demands telecoms strike formal mutual assistance agreement within 60 days in wake of Rogers outage

Advertisement 6

Story continues below

Article content

Together, these efforts serve as a strong foundation. But a broader approach is needed. Understanding the connections and dependencies between critical sectors will help all leaders anticipate the related operational and cyber risks. If an incident does occur, they will be better prepared to make decisions quickly and communicate effectively to preserve Canadians’ confidence.

To offset silos, Canada’s cyber resilience will depend on proactive information sharing, overcoming barriers to co-operation, and developing joint solutions to address complex multi-sector risks.

Federal regulation will continue to guide these efforts. The Government of Canada is renewing its National Strategy for Critical Infrastructure to manage risks and threats to Canada’s critical infrastructures. The government also recently introduced Bill C-26. It will require designated organizations to disclose cybersecurity incidents and bolster cyber controls within the Telecommunications Act.

Overall, a well co-ordinated approach will help public- and private-sector entities protect Canada’s most critical infrastructures. This is good business and fundamental to the trust of Canadians.

Filipe Dinis is chief operating officer of the Bank of Canada.


Story continues below


Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.

View Article Origin Here

Related Articles

Back to top button