MANAGEMENT ACTION PLAN

AUDITOR GENERAL’S REPORT, CHAPTER 3

PROTECTING CANADIAN CRITICAL INFRASTRUCTURE AGAINST CYBER THREATS

Recommendations

Management Implementation Actions

Lead

Timelines

(3.25). Public Safety Canada (PS) should develop an interdepartmental action plan with deliverables and timelines for Canada’s Cyber Security Strategy (2010) to guide the implementation of the strategy and measure progress.

·         Publicly release an action plan to guide the effective delivery of Canada’s Cyber Security Strategy.

·         Complete the development of a horizontal performance measurement strategy (HPMS) to measure and report on the progress made against commitments in Canada’s Cyber Security Strategy.

·         Implement the HPMS and request performance information annually from the departments and agencies involved in the implementation of the strategy.

Director General, National Cyber Security Directorate

·         Completed

·         Completed

·         Ongoing

(3.37).  Public Safety Canada should ensure that all sector networks are fully established and operating as outlined in the National strategy and action plan for critical infrastructure so that they can be an effective tool in helping to secure critical infrastructure in order to deliver the objectives of Canada’s Cyber Security Strategy.

·         Provide guidance to lead federal departments and agencies on appropriate coverage for sector networks, including:

o   Draft guidance based on the sector risk profiles by June 2013; and

o   Final guidance, based on feedback from the lead federal departments/agencies, by December 2013.

·         Work with lead federal departments to strengthen the sector networks by facilitating information sharing and providing tools to support risk management, including:

o   Planning guidance for critical infrastructure sectors;

o   Guidance for critical infrastructure sectors to conduct tabletop exercises; and

o   Development of a national profile of critical infrastructure.

Director General, Critical Infrastructure and Strategic Coordination

·         December 2013

·         December 2013

(3.52).  Public Safety Canada should increase the Canadian Cyber Incident Response Centre’s ability to maintain situational awareness of cyber threats to Canada’s critical infrastructure and to increase the Centre’s ability to communicate this information to critical infrastructure owners and operators.

·         Increase CCIRC’s operational hours, and operational capacity and capabilities to enhance support for critical infrastructure and other partners.

·         Update CCIRC’s mandate, and standard procedures and policies to provide greater clarity to internal and external partners.

·         Introduce CCIRC’s Community Portal, create formal information-sharing agreements, and launch an incident response pilot to improve information sharing with partners.

·         Continue to deepen CCIRC’s capabilities and expand its reach by working with lead sector departments to identify owners and operators of critical infrastructure.

Director General, National Cyber Security Directorate

·         Completed

·         Completed

·         Completed

·         Ongoing