Filipe Dinis: Collaboration is key to mature the resilience of Canada’s critical infrastructure
Organizations of all sizes must ensure Canada is better prepared to withstand cyberattacks, other operational risks
Article content
Recent events such as the pandemic and Russia’s invasion of Ukraine have been accompanied by a growing range of cyber threats. It should be a top priority for organizations of all sizes to ensure that Canada is better prepared to withstand cyberattacks and other operational risks. Cross-sector collaboration will be key.
Advertisement 2
Story continues below
Article content
Cyber threats pose an important risk to an advanced, interconnected open economy such as Canada’s. A successful cyberattack on a major financial institution, financial market infrastructure (FMI), or other critical infrastructure, such as a power grid or telecommunications system, could significantly disrupt the Canadian financial system and economy.
While federal and provincial regulators play a key role in ensuring resilience, an even greater benefit can be achieved through a collaborative multi-sector approach to resilience.
Our financial institutions, FMIs and critical infrastructures are so highly interconnected that the impact on both businesses and individuals could be severe if even one component is disrupted.
Advertisement 3
Story continues below
Article content
A striking example is the Rogers Communications Inc. outage on July 8 that disrupted wireless, cable, telephone and internet services across the country. This had an immediate and significant impact across many sectors, including the financial sector. Millions of individuals and businesses were unable to buy a morning coffee, access emergency assistance, or take payment for goods or services.
Although the outage was not due to a cyber incident, it is highly revealing. Many Canadian entities rely on the same third-party service providers, so all would be vulnerable if a provider were unable to respond to or recover from a cyber breach.
While the Rogers incident does raise some important new questions, it is important to know that both public- and private-sector entities have measures in place to protect their own operations from cyberattacks and improve their ability to swiftly recover if an incident does occur.
Advertisement 4
Story continues below
Article content
We are also seeing more collaborative efforts to promote system resilience. New relationships have been formed to link the financial sector with federal and provincial governments across critical sectors. One example is the Resiliency of Wholesale Payments Systems group, a collaboration between the Bank of Canada, Canada’s six largest banks and Payments Canada. Its purpose is to share information and enhance the cyber resilience of Canada’s wholesale payments systems.
The Canadian Financial Sector Resiliency Group (CFRG), a public-private partnership spearheaded by the Bank of Canada, has also been working to strengthen the financial sector in the face of risks to business operations, including cyber incidents.
Advertisement 5
Story continues below
Article content
CFRG members came together swiftly as the Rogers outage unfolded to share information and assess the impact on the financial system. The incident reinforced the need for CFRG to forge more partnerships. They will also proceed with plans to assess the interconnected operational risks, including cyber, between the financial system and telecommunications and energy sectors.
-
Ukraine-Russia conflict to test resilience of global financial system: IMF
-
Chrystia Freeland has the blueprint to revolutionize Canadian banking — so let’s use it
-
Rogers has its work cut out for it in outage aftermath as Shaw merger deadline looms
-
Ottawa demands telecoms strike formal mutual assistance agreement within 60 days in wake of Rogers outage
Advertisement 6
Story continues below
Article content
Together, these efforts serve as a strong foundation. But a broader approach is needed. Understanding the connections and dependencies between critical sectors will help all leaders anticipate the related operational and cyber risks. If an incident does occur, they will be better prepared to make decisions quickly and communicate effectively to preserve Canadians’ confidence.
To offset silos, Canada’s cyber resilience will depend on proactive information sharing, overcoming barriers to co-operation, and developing joint solutions to address complex multi-sector risks.
Federal regulation will continue to guide these efforts. The Government of Canada is renewing its National Strategy for Critical Infrastructure to manage risks and threats to Canada’s critical infrastructures. The government also recently introduced Bill C-26. It will require designated organizations to disclose cybersecurity incidents and bolster cyber controls within the Telecommunications Act.
Overall, a well co-ordinated approach will help public- and private-sector entities protect Canada’s most critical infrastructures. This is good business and fundamental to the trust of Canadians.
Filipe Dinis is chief operating officer of the Bank of Canada.
Advertisement
Story continues below