OTTAWA — A newly released federal memo concedes Canada is "trailing key international partners" who have updated their approaches to securing vital utilities and services from a growing array of risks.
The Public Safety Canada memo says "new and rapidly evolving threats pose a greater risk of harm to Canadians and their cyber, economic and national security."
The Canadian Press used the Access to Information Act to obtain the internal briefing note, prepared in advance of a January meeting of deputy ministers.
The federal government is looking to update a 2009 national strategy intended to protect critical infrastructure in sectors ranging from energy and water to manufacturing and transportation.
An updated strategy would bring Canada into greater alignment with international partners as officials manage risks from extreme weather events, supply chain failures, cyberattacks or espionage, said Public Safety spokesman Tim Warmington.
"With a renewed understanding of the most vital assets and systems, and the interdependencies between them, Canada will be able to further combat the risks and vulnerabilities to critical infrastructure."
Just this week, a federal report warned that profit-seeking cybercriminals are expected to target high-value organizations in critical infrastructure sectors in Canada and around the world over the next two years.
In highlighting the importance of infrastructure protection, the government points to natural calamities including wildfires, flooding and landslides, the threat of malicious cyberactivity by foreign adversaries and the supply chain disruptions and goods shortages caused by the COVID-19 pandemic.
"There's a clear recognition that critical infrastructure is subject to significant threat," said Aaron Shull, managing director and general counsel at the Centre for International Governance Innovation in Waterloo, Ont.
Shull points to reviews and policy updates in the United Kingdom, the United States and Australia aimed at protecting their important systems in a changing world. "Our friends and allies are clearly moving on it."
He stresses the benefits of looking at the threats to Canada in a comprehensive, integrated way, rather than in piecemeal fashion divorced from a broader security strategy.
Shull also argues Canada's policy cannot be a "one and done type of thing, where it's like, 'Oh, we updated it, we've got a new strategy in place, we don't need to look at it for another 20 years, right?'"
"We need to have a mechanism in place to make sure that our policy frameworks are keeping up with the world around us."
Since the fall of 2021, Public Safety has been consulting interested parties on renewal of the national strategy on critical infrastructure. An October 2022 report cited the key themes that emerged over the previous year, including:
— possible addition of the space and defence sectors to the list of critical areas;
— expansion of partnerships to involve municipalities and Indigenous communities in forums;
— establishment of criteria to identify and prioritize the most vital infrastructure sectors, organizations and assets;
— and inclusion of the public and the broader infrastructure community in information sharing on risks.
"Some signalled a desire for the government to engage in more all-hazards risk assessments and analysis, and share the results of these analyses in a timely fashion," says the report on the consultations.
Respondents wanted to see more investigation of risks from cyberattacks, emerging threats such as pandemics, protests and extreme weather events and the dangers to communication networks and supply chains.
The consultations "identified gaps to fill and areas to further support," Warmington said.
Public Safety's ongoing work to renew the national strategy complements other ongoing federal security initiatives as well as efforts on emergency management and climate change adaptation, he added.
This report by The Canadian Press was first published Aug. 29, 2023.
Jim Bronskill, The Canadian Press